| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2017 21:24:56 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: gregkh@...uxfoundation.org, jslaby@...e.com, acme@...ectiva.com.br
Cc: linux-kernel@...r.kernel.org, Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] tty/isicom: Fix a possible sleep-in-atomic bug in WaitTillCardIsFree
The driver may sleep under a spinlock.
The function call paths are:
isicom_activate (acquire the spinlock)
isicom_setup_board
drop_dtr_rts
WaitTillCardIsFree
msleep --> may sleep
isicom_set_termios
isicom_config_port
drop_dtr
WaitTillCardIsFree
msleep --> may sleep
isicom_tiocmset
drop_dtr
WaitTillCardIsFree
msleep --> may sleep
Though "in_atomic" is used to check atomic context,
but it is not recommended to use in driver code (see include/linux/preempt.h).
To fix it, only using mdelay instead.
This bug is found by my static analysis tool(DSAC) and checked by my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/tty/isicom.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/tty/isicom.c b/drivers/tty/isicom.c
index 015686f..bdd3027 100644
--- a/drivers/tty/isicom.c
+++ b/drivers/tty/isicom.c
@@ -219,13 +219,9 @@ struct isi_port {
static int WaitTillCardIsFree(unsigned long base)
{
unsigned int count = 0;
- unsigned int a = in_atomic(); /* do we run under spinlock? */
while (!(inw(base + 0xe) & 0x1) && count++ < 100)
- if (a)
- mdelay(1);
- else
- msleep(1);
+ mdelay(1);
return !(inw(base + 0xe) & 0x1);
}
--
1.7.9.5
Powered by blists - more mailing lists