[PATCH 2/2] hp100: Fix a possible sleep-in-atomic bug in hp100_down_vg_link

From: Jia-Ju Bai
Date: Wed Dec 13 2017 - 04:45:53 EST


The driver may sleep under a spinlock.
The function call path is:
hp100_set_multicast_list (acquire the spinlock)
hp100_login_to_vg_hub
hp100_down_vg_link
schedule_timeout_interruptible --> may sleep

To fix it, schedule_timeout_interruptible is replaced with udelay.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
drivers/net/ethernet/hp/hp100.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c
index c8c7ad2..e0e6376 100644
--- a/drivers/net/ethernet/hp/hp100.c
+++ b/drivers/net/ethernet/hp/hp100.c
@@ -2504,8 +2504,7 @@ static int hp100_down_vg_link(struct net_device *dev)
do {
if (hp100_inb(VG_LAN_CFG_1) & HP100_LINK_CABLE_ST)
break;
- if (!in_interrupt())
- schedule_timeout_interruptible(1);
+ udelay(10);
} while (time_after(time, jiffies));

if (time_after_eq(jiffies, time)) /* no signal->no logout */
@@ -2521,8 +2520,7 @@ static int hp100_down_vg_link(struct net_device *dev)
do {
if (!(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST))
break;
- if (!in_interrupt())
- schedule_timeout_interruptible(1);
+ udelay(10);
} while (time_after(time, jiffies));

#ifdef HP100_DEBUG
@@ -2560,8 +2558,7 @@ static int hp100_down_vg_link(struct net_device *dev)
do {
if (!(hp100_inb(MAC_CFG_4) & HP100_MAC_SEL_ST))
break;
- if (!in_interrupt())
- schedule_timeout_interruptible(1);
+ udelay(10);
} while (time_after(time, jiffies));

hp100_orb(HP100_AUTO_MODE, MAC_CFG_3); /* Autosel back on */
@@ -2572,8 +2569,7 @@ static int hp100_down_vg_link(struct net_device *dev)
do {
if ((hp100_inb(VG_LAN_CFG_1) & HP100_LINK_CABLE_ST) == 0)
break;
- if (!in_interrupt())
- schedule_timeout_interruptible(1);
+ udelay(10);
} while (time_after(time, jiffies));

if (time_before_eq(time, jiffies)) {
@@ -2585,8 +2581,7 @@ static int hp100_down_vg_link(struct net_device *dev)

time = jiffies + (2 * HZ); /* This seems to take a while.... */
do {
- if (!in_interrupt())
- schedule_timeout_interruptible(1);
+ udelay(10);
} while (time_after(time, jiffies));

return 0;
--
1.7.9.5