* [BUG] net: huawei: hinic: a possible sleep-in-atomic-context bug in msg_to_mgmt_async
@ 2019-01-11 2:32 Jia-Ju Bai
0 siblings, 0 replies; only message in thread
From: Jia-Ju Bai @ 2019-01-11 2:32 UTC (permalink / raw)
To: aviad.krawczyk, davem; +Cc: netdev, Linux Kernel Mailing List
The driver may sleep in an interrupt handler.
The function call path (from bottom to top) in the directory
"drivers/net/ethernet/huawei/hinic/" in Linux-4.17 is:
[FUNC] down
hinic_hw_mgmt.c, 324: down in msg_to_mgmt_async
hinic_hw_mgmt.c, 408: msg_to_mgmt_async in mgmt_recv_msg_handler
hinic_hw_mgmt.c, 464:mgmt_recv_msg_handler in recv_mgmt_msg_handler
hinic_hw_mgmt.c, 484: recv_mgmt_msg_handler in mgmt_msg_aeqe_handler
hinic_hw_eqs.c, 264: [FUNC_PTR]mgmt_msg_aeqe_handler in aeq_irq_handler
hinic_hw_eqs.c, 355: aeq_irq_handler in eq_irq_handler
hinic_hw_eqs.c, 383: eq_irq_handler in ceq_tasklet
Note that [FUNC_PTR] means a function pointer call.
This bug is found by my static analysis tool (DSAC-2) and checked by my
manual code review.
I do not know how to correctly fix this bug, so I just report it.
A possible way may be to replace up() and down() with spin_lock() and
spin_unlock().
Best wishes,
Jia-Ju Bai
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-01-11 2:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-11 2:32 [BUG] net: huawei: hinic: a possible sleep-in-atomic-context bug in msg_to_mgmt_async Jia-Ju Bai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).