lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 May 2017 12:33:35 -0500 From: Larry Finger <Larry.Finger@...inger.net> To: Jia-Ju Bai <baijiaju1990@....com>, kvalo@...eaurora.org Cc: linux-wireless@...r.kernel.org, b43-dev@...ts.infradead.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] b43legacy: Fix a sleep-in-atomic bug in b43legacy_attr_interfmode_store On 05/31/2017 05:29 AM, Jia-Ju Bai wrote: > The driver may sleep under a spin lock, and the function call path is: > b43legacy_attr_interfmode_store (acquire the lock by spin_lock_irqsave) > b43legacy_radio_set_interference_mitigation > b43legacy_radio_interference_mitigation_disable > b43legacy_calc_nrssi_slope > b43legacy_synth_pu_workaround > might_sleep and msleep --> may sleep > > Fixing it may be complex, and a possible way is to remove > spin_lock_irqsave and spin_lock_irqrestore in > b43legacy_attr_interfmode_store, and the code has been protected by > mutex_lock and mutex_unlock. > > Signed-off-by: Jia-Ju Bai <baijiaju1990@....com> > --- > drivers/net/wireless/broadcom/b43legacy/sysfs.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/drivers/net/wireless/broadcom/b43legacy/sysfs.c b/drivers/net/wireless/broadcom/b43legacy/sysfs.c > index 2a1da15..9ede143 100644 > --- a/drivers/net/wireless/broadcom/b43legacy/sysfs.c > +++ b/drivers/net/wireless/broadcom/b43legacy/sysfs.c > @@ -137,14 +137,12 @@ static ssize_t b43legacy_attr_interfmode_store(struct device *dev, > } > > mutex_lock(&wldev->wl->mutex); > - spin_lock_irqsave(&wldev->wl->irq_lock, flags); > > err = b43legacy_radio_set_interference_mitigation(wldev, mode); > if (err) > b43legacyerr(wldev->wl, "Interference Mitigation not " > "supported by device\n"); > mmiowb(); > - spin_unlock_irqrestore(&wldev->wl->irq_lock, flags); > mutex_unlock(&wldev->wl->mutex); > > return err ? err : count; > Jia-Ju, Did you actually observe the attempt to sleep under the spin lock, or did you discover this using some tool? In other words, have either of your patches been tested? Larry
Powered by blists - more mailing lists