Re: [PATCH] b43legacy: Fix a sleep-in-atomic bug in b43legacy_attr_interfmode_store

From: Michael BÃsch
Date: Wed May 31 2017 - 11:18:26 EST


On Wed, 31 May 2017 18:29:07 +0800
Jia-Ju Bai <baijiaju1990@xxxxxxx> wrote:

> The driver may sleep under a spin lock, and the function call path is:
> b43legacy_attr_interfmode_store (acquire the lock by spin_lock_irqsave)
> b43legacy_radio_set_interference_mitigation
> b43legacy_radio_interference_mitigation_disable
> b43legacy_calc_nrssi_slope
> b43legacy_synth_pu_workaround
> might_sleep and msleep --> may sleep
>
> Fixing it may be complex, and a possible way is to remove
> spin_lock_irqsave and spin_lock_irqrestore in
> b43legacy_attr_interfmode_store, and the code has been protected by
> mutex_lock and mutex_unlock.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxx>
> ---
> drivers/net/wireless/broadcom/b43legacy/sysfs.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/drivers/net/wireless/broadcom/b43legacy/sysfs.c b/drivers/net/wireless/broadcom/b43legacy/sysfs.c
> index 2a1da15..9ede143 100644
> --- a/drivers/net/wireless/broadcom/b43legacy/sysfs.c
> +++ b/drivers/net/wireless/broadcom/b43legacy/sysfs.c
> @@ -137,14 +137,12 @@ static ssize_t b43legacy_attr_interfmode_store(struct device *dev,
> }
>
> mutex_lock(&wldev->wl->mutex);
> - spin_lock_irqsave(&wldev->wl->irq_lock, flags);
>
> err = b43legacy_radio_set_interference_mitigation(wldev, mode);
> if (err)
> b43legacyerr(wldev->wl, "Interference Mitigation not "
> "supported by device\n");
> mmiowb();
> - spin_unlock_irqrestore(&wldev->wl->irq_lock, flags);
> mutex_unlock(&wldev->wl->mutex);
>
> return err ? err : count;


Interference mitigation has never been properly implemented and tested.
As such nobody should use it and I would be surprised if anybody uses
this attribute.
So I would suggest to remove this sysfs attribute entirely instead of
having this incorrect fix.

--
Michael

Attachment: pgpcJUe1lBsQ7.pgp
Description: OpenPGP digital signature