* [BUG] rtl8188eu: Some possible sleep-in-atomic bugs in ips_leave
[not found] <ed7a9fb7-2c0b-091e-9cc8-9eb63ddf33b7@163.com>
@ 2017-10-08 12:16 ` Jia-Ju Bai
0 siblings, 0 replies; only message in thread
From: Jia-Ju Bai @ 2017-10-08 12:16 UTC (permalink / raw)
To: gregkh, insafonov, juliana.orod, gs051095, jananis37; +Cc: devel, linux-kernel
CC to mailing list.
On 2017/10/8 20:13, Jia-Ju Bai wrote:
> The driver may sleep under a spinlock when calling the function
> "ips_leave", which causes some possible sleep-in-atomic bugs.
> Here are several examples:
> rtw_set_802_11_disassociate (acquire the spinlock)
> _rtw_pwr_wakeup
> ips_leave
> mutex_lock --> may sleep
>
> rtw_set_802_11_disassociate (acquire the spinlock)
> _rtw_pwr_wakeup
> ips_leave
> rtw_ips_pwr_up
> ips_netdrv_open
> rtw_hal_init
> rtl8188eu_hal_init
> rtl88eu_download_fw
> request_firmware --> may sleep
> kmalloc --> may sleep
>
> rtw_set_802_11_disassociate (acquire the spinlock)
> _rtw_pwr_wakeup
> ips_leave
> rtw_set_key
> kzalloc(GFP_KERNEL) --> may sleep
>
> All these bugs are caused by that "ips_leave" calls some sleep-able
> functions.
> A possible fix is to release the spinlock before calling "ips_leave",
> and acquire the spinlock again after it.
>
> These bugs are found by my static analysis tool and my code review.
>
>
> Thanks,
> Jia-Ju Bai
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-10-08 12:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <ed7a9fb7-2c0b-091e-9cc8-9eb63ddf33b7@163.com>
2017-10-08 12:16 ` [BUG] rtl8188eu: Some possible sleep-in-atomic bugs in ips_leave Jia-Ju Bai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).