[PATCH] tty/isicom: Fix a possible sleep-in-atomic bug in WaitTillCardIsFree

From: Jia-Ju Bai
Date: Tue Dec 12 2017 - 08:23:01 EST

Next message: Gomonovych, Vasyl: "Re: [PATCH v2] misc: mic: Use memdup_user() as a cleanup"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 059/148] thp: reduce indentation level in change_huge_pmd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The driver may sleep under a spinlock.
The function call paths are:
isicom_activate (acquire the spinlock)
isicom_setup_board
drop_dtr_rts
WaitTillCardIsFree
msleep --> may sleep

isicom_set_termios
isicom_config_port
drop_dtr
WaitTillCardIsFree
msleep --> may sleep

isicom_tiocmset
drop_dtr
WaitTillCardIsFree
msleep --> may sleep

Though "in_atomic" is used to check atomic context,
but it is not recommended to use in driver code (see include/linux/preempt.h).

To fix it, only using mdelay instead.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
drivers/tty/isicom.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/drivers/tty/isicom.c b/drivers/tty/isicom.c
index 015686f..bdd3027 100644
--- a/drivers/tty/isicom.c
+++ b/drivers/tty/isicom.c
@@ -219,13 +219,9 @@ struct isi_port {
static int WaitTillCardIsFree(unsigned long base)
{
unsigned int count = 0;
- unsigned int a = in_atomic(); /* do we run under spinlock? */

while (!(inw(base + 0xe) & 0x1) && count++ < 100)
- if (a)
- mdelay(1);
- else
- msleep(1);
+ mdelay(1);

return !(inw(base + 0xe) & 0x1);
}
--
1.7.9.5

Next message: Gomonovych, Vasyl: "Re: [PATCH v2] misc: mic: Use memdup_user() as a cleanup"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 059/148] thp: reduce indentation level in change_huge_pmd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]