2017-12-12 13:22:43

by Jia-Ju Bai

[permalink] [raw]
Subject: [PATCH] tty/isicom: Fix a possible sleep-in-atomic bug in WaitTillCardIsFree

The driver may sleep under a spinlock.
The function call paths are:
isicom_activate (acquire the spinlock)
isicom_setup_board
drop_dtr_rts
WaitTillCardIsFree
msleep --> may sleep

isicom_set_termios
isicom_config_port
drop_dtr
WaitTillCardIsFree
msleep --> may sleep

isicom_tiocmset
drop_dtr
WaitTillCardIsFree
msleep --> may sleep

Though "in_atomic" is used to check atomic context,
but it is not recommended to use in driver code (see include/linux/preempt.h).

To fix it, only using mdelay instead.

This bug is found by my static analysis tool(DSAC) and checked by my code review.


Signed-off-by: Jia-Ju Bai <[email protected]>
---
drivers/tty/isicom.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/drivers/tty/isicom.c b/drivers/tty/isicom.c
index 015686f..bdd3027 100644
--- a/drivers/tty/isicom.c
+++ b/drivers/tty/isicom.c
@@ -219,13 +219,9 @@ struct isi_port {
static int WaitTillCardIsFree(unsigned long base)
{
unsigned int count = 0;
- unsigned int a = in_atomic(); /* do we run under spinlock? */

while (!(inw(base + 0xe) & 0x1) && count++ < 100)
- if (a)
- mdelay(1);
- else
- msleep(1);
+ mdelay(1);

return !(inw(base + 0xe) & 0x1);
}
--
1.7.9.5