| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Oct 2017 18:06:17 +0800
From: Jia-Ju Bai <baijiaju1990@....com>
To: patrik.r.jakobsson@...il.com, airlied@...ux.ie,
gregkh@...uxfoundation.org
Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@....com>
Subject: [PATCH] gma500: Fix possible sleep-in-atomic bugs in gma_power_begin
The driver may sleep under a spinlock, and the function call paths are:
gma_power_begin (acquire the spinlock) (drivers/gpu/drm/gma500/power.c)
gma_resume_pci
pci_set_power_state
__pci_start_power_transition (drivers/pci/pci.c)
msleep --> may sleep
gma_power_begin (acquire the spinlock) (drivers/gpu/drm/gma500/power.c)
gma_resume_pci
pci_enable_device
pci_enable_device_flags (drivers/pci/pci.c)
do_pci_enable_device
pci_set_power_state
__pci_start_power_transition
msleep --> may sleep
To fix them, the spinlock is released before gma_resume_pci, and it is acquired again after gma_resume_pci.
This bug is found by my static analysis tool and my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@....com>
---
drivers/gpu/drm/gma500/power.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/gma500/power.c b/drivers/gpu/drm/gma500/power.c
index bea8578..c355d7e 100644
--- a/drivers/gpu/drm/gma500/power.c
+++ b/drivers/gpu/drm/gma500/power.c
@@ -264,7 +264,9 @@ bool gma_power_begin(struct drm_device *dev, bool force_on)
goto out_false;
/* Ok power up needed */
+ spin_unlock_irqrestore(&power_ctrl_lock, flags);
ret = gma_resume_pci(dev->pdev);
+ spin_lock_irqsave(&power_ctrl_lock, flags);
if (ret == 0) {
psb_irq_preinstall(dev);
psb_irq_postinstall(dev);
--
1.7.9.5
Powered by blists - more mailing lists