lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20070421155055.242d22dc.akpm@linux-foundation.org>
Date:	Sat, 21 Apr 2007 15:50:55 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	"David Kyle" <dsk6@...t.edu>
Cc:	linux-kernel@...r.kernel.org, Kylene Jo Hall <kjhall@...ibm.com>,
	tpm@...horst.net, tpmdd-devel@...ts.sourceforge.net
Subject: Re: Sleep during spinlock in TPM driver

On Fri, 20 Apr 2007 18:11:10 -0400 "David Kyle" <dsk6@...t.edu> wrote:

> I've been working with the TPM driver, and I found that if I opened,
> used, then closed the TPM char device very frequently, I would get a
> kernel BUG message saying that the kernel tried to sleep while holding
> a spinlock.  I think I've isolated the problem to this function, in
> drivers/char/tpm/tpm.c:
> 
> int tpm_release(struct inode *inode, struct file *file)
> {
>         struct tpm_chip *chip = file->private_data;
>         spin_lock(&driver_lock);
>         file->private_data = NULL;
>         chip->num_opens--;
>         del_singleshot_timer_sync(&chip->user_read_timer);
>         flush_scheduled_work();
>         atomic_set(&chip->data_pending, 0);
>         put_device(chip->dev);
>         kfree(chip->data_buffer);
>         spin_unlock(&driver_lock);
>         return 0;
> }
> EXPORT_SYMBOL_GPL(tpm_release);
> 
> I believe that flush_scheduled_work can sleep, correct?  Does anyone
> know why this function is called while the spinlock is held?
> 

yup, that's a bug.  It's not immediately clear to e what driver_lock is
protecting.  Some global things, some per-device things, it appears.

A suitable fix might be to make driver_lock a mutex.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ