| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d677e46d-383b-4f8f-c89e-0755ba5056c8@163.com>
Date: Sun, 8 Oct 2017 20:16:06 +0800
From: Jia-Ju Bai <baijiaju1990@....com>
To: gregkh@...uxfoundation.org, insafonov@...il.com,
juliana.orod@...il.com, gs051095@...il.com, jananis37@...il.com
Cc: devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: [BUG] rtl8188eu: Some possible sleep-in-atomic bugs in ips_leave
CC to mailing list.
On 2017/10/8 20:13, Jia-Ju Bai wrote:
> The driver may sleep under a spinlock when calling the function
> "ips_leave", which causes some possible sleep-in-atomic bugs.
> Here are several examples:
> rtw_set_802_11_disassociate (acquire the spinlock)
> _rtw_pwr_wakeup
> ips_leave
> mutex_lock --> may sleep
>
> rtw_set_802_11_disassociate (acquire the spinlock)
> _rtw_pwr_wakeup
> ips_leave
> rtw_ips_pwr_up
> ips_netdrv_open
> rtw_hal_init
> rtl8188eu_hal_init
> rtl88eu_download_fw
> request_firmware --> may sleep
> kmalloc --> may sleep
>
> rtw_set_802_11_disassociate (acquire the spinlock)
> _rtw_pwr_wakeup
> ips_leave
> rtw_set_key
> kzalloc(GFP_KERNEL) --> may sleep
>
> All these bugs are caused by that "ips_leave" calls some sleep-able
> functions.
> A possible fix is to release the spinlock before calling "ips_leave",
> and acquire the spinlock again after it.
>
> These bugs are found by my static analysis tool and my code review.
>
>
> Thanks,
> Jia-Ju Bai
Powered by blists - more mailing lists