lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 29 Aug 2018 10:52:55 +0200
From:   Linus Walleij <linus.walleij@...aro.org>
To:     baijiaju1990@...il.com, Hans Verkuil <hans.verkuil@...co.com>
Cc:     "thierry.reding@...il.com" <thierry.reding@...il.com>,
        Jon Hunter <jonathanh@...dia.com>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        linux-tegra@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] gpio: gpiolib: possible sleep-in-atomic-context bugs in gpiochip_lock_as_irq()

Hi Jia-Ju,

Hans Verkuil is working on revamping the IRQ locking API for GPIO,
and I think these semantic problems will simply disappear when that
is done.

Yours,
Linus Walleij

On Sat, Aug 11, 2018 at 4:22 AM Jia-Ju Bai <baijiaju1990@...il.com> wrote:
>
> The driver may sleep with holding a spinlock.
>
> The function call paths (from bottom to top) in Linux-4.16 are:
>
> [FUNC] mutex_lock_nested
> drivers/gpio/gpio-exar.c, 69: mutex_lock_nested in exar_get
> drivers/gpio/gpio-exar.c, 83: exar_get in exar_get_direction
> drivers/gpio/gpiolib.c, 3103: [FUNC_PTR]exar_get_direction in gpiochip_lock_as_irq
> drivers/gpio/gpio-tegra.c, 326: gpiochip_lock_as_irq in tegra_gpio_irq_set_type
> kernel/irq/chip.c, 1335: [FUNC_PTR]tegra_gpio_irq_set_type in irq_chip_set_type_parent
> kernel/irq/manage.c, 686: [FUNC_PTR]irq_chip_set_type_parent in __irq_set_trigger
> kernel/irq/manage.c, 1350: __irq_set_trigger in __setup_irq
> kernel/irq/manage.c, 1238: _raw_spin_lock_irqsave in __setup_irq
>
> [FUNC] mutex_lock_nested
> drivers/gpio/gpio-pca953x.c, 372: mutex_lock_nested in pca953x_gpio_get_direction
> drivers/gpio/gpiolib.c, 3103: [FUNC_PTR]pca953x_gpio_get_direction in gpiochip_lock_as_irq
> drivers/gpio/gpio-tegra.c, 326: gpiochip_lock_as_irq in tegra_gpio_irq_set_type
> kernel/irq/chip.c, 1335: [FUNC_PTR]tegra_gpio_irq_set_type in irq_chip_set_type_parent
> kernel/irq/manage.c, 686: [FUNC_PTR]irq_chip_set_type_parent in __irq_set_trigger
> kernel/irq/manage.c, 1350: __irq_set_trigger in __setup_irq
> kernel/irq/manage.c, 1238: _raw_spin_lock_irqsave in __setup_irq
>
> [FUNC] mutex_lock_nested
> drivers/mfd/stmpe.c, 170: mutex_lock_nested in stmpe_reg_read
> drivers/gpio/gpio-stmpe.c, 83: stmpe_reg_read in stmpe_gpio_get_direction
> drivers/gpio/gpiolib.c, 3103: [FUNC_PTR]stmpe_gpio_get_direction in gpiochip_lock_as_irq
> drivers/gpio/gpio-tegra.c, 326: gpiochip_lock_as_irq in tegra_gpio_irq_set_type
> kernel/irq/chip.c, 1335: [FUNC_PTR]tegra_gpio_irq_set_type in irq_chip_set_type_parent
> kernel/irq/manage.c, 686: [FUNC_PTR]irq_chip_set_type_parent in __irq_set_trigger
> kernel/irq/manage.c, 1350: __irq_set_trigger in __setup_irq
> kernel/irq/manage.c, 1238: _raw_spin_lock_irqsave in __setup_irq
>
> Note that [FUNC_PTR] means a function pointer call is used.
>
> I do not find a good way to fix, so I only report.
> This is found by my static analysis tool (DSAC).
>
>
> Best wishes,
> Jia-Ju Bai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ