lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1513047037-18102-1-git-send-email-baijiaju1990@163.com> Date: Tue, 12 Dec 2017 10:50:37 +0800 From: Jia-Ju Bai <baijiaju1990@....com> To: schmitzmic@...il.com, fthain@...egraphics.com.au, jejb@...ux.vnet.ibm.com, martin.petersen@...cle.com Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, Jia-Ju Bai <baijiaju1990@...il.com> Subject: [PATCH] NCR5380: Fix a possible sleep-in-atomic bug in NCR5380_poll_politely2 From: Jia-Ju Bai <baijiaju1990@...il.com> The kernel module may sleep under a spinlock. The function call paths are: NCR5380_select (acquire the spinlock) NCR5380_reselect NCR5380_poll_politely NCR5380_poll_politely2 schedule_timeout_uninterruptible --> may sleep NCR5380_abort (acquire the spinlock) do_abort NCR5380_poll_politely NCR5380_poll_politely2 schedule_timeout_uninterruptible --> may sleep To fix it, schedule_timeout_uninterruptible is replaced with mdelay. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com> --- drivers/scsi/NCR5380.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c index 90ea0f5..4176aca 100644 --- a/drivers/scsi/NCR5380.c +++ b/drivers/scsi/NCR5380.c @@ -202,7 +202,7 @@ static int NCR5380_poll_politely2(struct NCR5380_hostdata *hostdata, /* Repeatedly sleep for 1 ms until deadline */ while (time_is_after_jiffies(deadline)) { - schedule_timeout_uninterruptible(1); + mdelay(1); if ((NCR5380_read(reg1) & bit1) == val1) return 0; if ((NCR5380_read(reg2) & bit2) == val2) -- 1.7.9.5
Powered by blists - more mailing lists