[BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete()

From: Jia-Ju Bai
Date: Sat Sep 01 2018 - 05:09:11 EST

Next message: Luc Van Oostenryck: "Re: [PATCH 4/7] Compiler Attributes: homogenize __must_be_array"
Previous message: Jia-Ju Bai: "[PATCH] staging: rtl8188eu: Fix two sleep-in-atomic-context bugs in rtw_chk_hi_queue_cmd()"
Next in thread: Ganapathi Bhat: "RE: [EXT] [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mwifiex_usb_tx_complete() is a completion handler function for the
USB driver. So it should not sleep, but it is can sleep according to the
function call paths (from bottom to top) in Linux-4.16:

[FUNC] schedule_timeout
drivers/net/wireless/marvell/mwifiex/sta_ioctl.c, 63:
schedule_timeout in mwifiex_wait_queue_complete
drivers/net/wireless/marvell/mwifiex/cmdevt.c, 673:
mwifiex_wait_queue_complete in mwifiex_send_cmd
drivers/net/wireless/marvell/mwifiex/main.c, 1046:
mwifiex_send_cmd in mwifiex_multi_chan_resync
drivers/net/wireless/marvell/mwifiex/usb.c, 288:
mwifiex_multi_chan_resync in mwifiex_usb_tx_complete

I do not find a good way to fix this bug, so I only report it.

This bug is found by my static analysis tool DSAC.

Best wishes,
Jia-Ju Bai

Next message: Luc Van Oostenryck: "Re: [PATCH 4/7] Compiler Attributes: homogenize __must_be_array"
Previous message: Jia-Ju Bai: "[PATCH] staging: rtl8188eu: Fix two sleep-in-atomic-context bugs in rtw_chk_hi_queue_cmd()"
Next in thread: Ganapathi Bhat: "RE: [EXT] [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]