lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 8 Oct 2017 20:16:06 +0800
From:   Jia-Ju Bai <baijiaju1990@....com>
To:     gregkh@...uxfoundation.org, insafonov@...il.com,
        juliana.orod@...il.com, gs051095@...il.com, jananis37@...il.com
Cc:     devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: [BUG] rtl8188eu: Some possible sleep-in-atomic bugs in ips_leave

CC to mailing list.

On 2017/10/8 20:13, Jia-Ju Bai wrote:
> The driver may sleep under a spinlock when calling the function 
> "ips_leave", which causes some possible sleep-in-atomic bugs.
> Here are several examples:
> rtw_set_802_11_disassociate (acquire the spinlock)
>   _rtw_pwr_wakeup
>     ips_leave
>       mutex_lock --> may sleep
>
> rtw_set_802_11_disassociate (acquire the spinlock)
>   _rtw_pwr_wakeup
>     ips_leave
>       rtw_ips_pwr_up
>         ips_netdrv_open
>           rtw_hal_init
>             rtl8188eu_hal_init
>               rtl88eu_download_fw
>                 request_firmware --> may sleep
>                 kmalloc --> may sleep
>
> rtw_set_802_11_disassociate (acquire the spinlock)
>   _rtw_pwr_wakeup
>     ips_leave
>       rtw_set_key
>         kzalloc(GFP_KERNEL) --> may sleep
>
> All these bugs are caused by that "ips_leave" calls some sleep-able 
> functions.
> A possible fix is to release the spinlock before calling "ips_leave", 
> and acquire the spinlock again after it.
>
> These bugs are found by my static analysis tool and my code review.
>
>
> Thanks,
> Jia-Ju Bai


Powered by blists - more mailing lists