lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 31 May 2017 12:33:35 -0500
From:   Larry Finger <Larry.Finger@...inger.net>
To:     Jia-Ju Bai <baijiaju1990@....com>, kvalo@...eaurora.org
Cc:     linux-wireless@...r.kernel.org, b43-dev@...ts.infradead.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] b43legacy: Fix a sleep-in-atomic bug in
 b43legacy_attr_interfmode_store

On 05/31/2017 05:29 AM, Jia-Ju Bai wrote:
> The driver may sleep under a spin lock, and the function call path is:
> b43legacy_attr_interfmode_store (acquire the lock by spin_lock_irqsave)
>    b43legacy_radio_set_interference_mitigation
>      b43legacy_radio_interference_mitigation_disable
>        b43legacy_calc_nrssi_slope
>          b43legacy_synth_pu_workaround
>            might_sleep and msleep --> may sleep
> 
> Fixing it may be complex, and a possible way is to remove
> spin_lock_irqsave and spin_lock_irqrestore in
> b43legacy_attr_interfmode_store, and the code has been protected by
> mutex_lock and mutex_unlock.
> 
> Signed-off-by: Jia-Ju Bai <baijiaju1990@....com>
> ---
>   drivers/net/wireless/broadcom/b43legacy/sysfs.c |    2 --
>   1 file changed, 2 deletions(-)
> 
> diff --git a/drivers/net/wireless/broadcom/b43legacy/sysfs.c b/drivers/net/wireless/broadcom/b43legacy/sysfs.c
> index 2a1da15..9ede143 100644
> --- a/drivers/net/wireless/broadcom/b43legacy/sysfs.c
> +++ b/drivers/net/wireless/broadcom/b43legacy/sysfs.c
> @@ -137,14 +137,12 @@ static ssize_t b43legacy_attr_interfmode_store(struct device *dev,
>   	}
>   
>   	mutex_lock(&wldev->wl->mutex);
> -	spin_lock_irqsave(&wldev->wl->irq_lock, flags);
>   
>   	err = b43legacy_radio_set_interference_mitigation(wldev, mode);
>   	if (err)
>   		b43legacyerr(wldev->wl, "Interference Mitigation not "
>   		       "supported by device\n");
>   	mmiowb();
> -	spin_unlock_irqrestore(&wldev->wl->irq_lock, flags);
>   	mutex_unlock(&wldev->wl->mutex);
>   
>   	return err ? err : count;
> 

Jia-Ju,

Did you actually observe the attempt to sleep under the spin lock, or did you 
discover this using some tool? In other words, have either of your patches been 
tested?

Larry

Powered by blists - more mailing lists