| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2017 10:50:37 +0800
From: Jia-Ju Bai <baijiaju1990@....com>
To: schmitzmic@...il.com, fthain@...egraphics.com.au,
jejb@...ux.vnet.ibm.com, martin.petersen@...cle.com
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] NCR5380: Fix a possible sleep-in-atomic bug in NCR5380_poll_politely2
From: Jia-Ju Bai <baijiaju1990@...il.com>
The kernel module may sleep under a spinlock.
The function call paths are:
NCR5380_select (acquire the spinlock)
NCR5380_reselect
NCR5380_poll_politely
NCR5380_poll_politely2
schedule_timeout_uninterruptible --> may sleep
NCR5380_abort (acquire the spinlock)
do_abort
NCR5380_poll_politely
NCR5380_poll_politely2
schedule_timeout_uninterruptible --> may sleep
To fix it, schedule_timeout_uninterruptible is replaced with mdelay.
This bug is found by my static analysis tool(DSAC) and checked by my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/scsi/NCR5380.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c
index 90ea0f5..4176aca 100644
--- a/drivers/scsi/NCR5380.c
+++ b/drivers/scsi/NCR5380.c
@@ -202,7 +202,7 @@ static int NCR5380_poll_politely2(struct NCR5380_hostdata *hostdata,
/* Repeatedly sleep for 1 ms until deadline */
while (time_is_after_jiffies(deadline)) {
- schedule_timeout_uninterruptible(1);
+ mdelay(1);
if ((NCR5380_read(reg1) & bit1) == val1)
return 0;
if ((NCR5380_read(reg2) & bit2) == val2)
--
1.7.9.5
Powered by blists - more mailing lists