lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACRpkdY4JsvOsjQvB=hb=QPV=bLXkC3ekmPUXFiPMnj1NK-Jtg@mail.gmail.com>
Date:   Tue, 7 Jan 2020 10:37:02 +0100
From:   Linus Walleij <linus.walleij@...aro.org>
To:     Jia-Ju Bai <baijiaju1990@...il.com>,
        Andreas Larsson <andreas@...sler.com>
Cc:     Bartosz Golaszewski <bgolaszewski@...libre.com>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] gpio: gpio-grgpio: fix possible sleep-in-atomic-context
 bugs in grgpio_irq_map/unmap()

On Wed, Dec 18, 2019 at 2:26 PM Jia-Ju Bai <baijiaju1990@...il.com> wrote:

> The driver may sleep while holding a spinlock.
> The function call path (from bottom to top) in Linux 4.19 is:
>
> drivers/gpio/gpio-grgpio.c, 261:
>         request_irq in grgpio_irq_map
> drivers/gpio/gpio-grgpio.c, 255:
>         _raw_spin_lock_irqsave in grgpio_irq_map
>
> drivers/gpio/gpio-grgpio.c, 318:
>         free_irq in grgpio_irq_unmap
> drivers/gpio/gpio-grgpio.c, 299:
>         _raw_spin_lock_irqsave in grgpio_irq_unmap
>
> request_irq() and free_irq() can sleep at runtime.
>
> To fix these bugs, request_irq() and free_irq() are called without
> holding the spinlock.
>
> These bugs are found by a static analysis tool STCheck written by myself.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>

I suppose this is correct, so patch applied.

However there is a deeper problem, this code was added by Andreas
Larsson in 2013 and at the time this was a hacky way to deal with
an interrupt that is actually hierarchical.

Since 2013 we have gained:
- Hierarchical interrupt controllers
- Hierarchical interrupt chip helpers in gpiolib

So this code really needs to be modernized using a hierarchical
irqchip.

See for example commit:
aa7d618ac65f ("gpio: ixp4xx: Convert to hierarchical GPIOLIB_IRQCHIP")
for an example.

Who is using grgpio these days and could work on fixing this up?

Yours,
Linus Walleij

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ