| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2017 20:42:01 -0800
From: James Bottomley <jejb@...ux.vnet.ibm.com>
To: Jia-Ju Bai <baijiaju1990@...il.com>, qla2xxx-upstream@...gic.com,
martin.petersen@...cle.com
Cc: linux-scsi@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] scsi/qla2xxx: a possible sleep-in-atomic bug in
qlt_get_tag
On Wed, 2017-12-13 at 11:18 +0800, Jia-Ju Bai wrote:
> The driver may sleep under a spinlock.
> The function call paths are:
> qlt_handle_abts_recv_work (acquire the spinlock)
> qlt_response_pkt_all_vps
> qlt_response_pkt
> qlt_handle_cmd_for_atio
> qlt_get_tag
> percpu_ida_alloc --> may sleep
>
> qla82xx_msix_rsp_q (acquire the spinlock)
> qla24xx_process_response_queue
> qlt_handle_abts_recv
> qlt_response_pkt_all_vps
> qlt_response_pkt
> qlt_handle_cmd_for_atio
> qlt_get_tag
> percpu_ida_alloc --> may sleep-in-atomic
>
> qla24xx_intr_handler (acquire the spinlock)
> qla24xx_process_response_queue
> qlt_handle_abts_recv
> qlt_response_pkt
> qlt_handle_cmd_for_atio
> qlt_get_tag
> percpu_ida_alloc --> may sleep
>
> I do not find a good way to fix it, so I only report.
> This possible bug is found by my static analysis tool (DSAC) and
> checked by my code review.
The report is incorrect: percpu_ida_alloc with state==TASK_RUNNING is
atomic (and interrupt) safe which appears to be the case here.
James
Powered by blists - more mailing lists