2009-10-07 13:13:17

by Alexander Strakh

[permalink] [raw]
Subject: [BUG] isicom.c sleeping function called from invalid context

KERNEL_VERSION: 2.6.31
DESCRIBE:
Driver drivers/char/isicom.c might sleep in atomic context, because it calls
tty_port_xmit_buf under spin_lock.

./drivers/char/isicom.c:
1307 static void isicom_hangup(struct tty_struct *tty)
1308 {
...
1315 spin_lock_irqsave(&port->card->card_lock, flags);
1316 isicom_shutdown_port(port);
...

Path to might_sleep macro from isicom_hangup:
1. isicom_hangup calls spin_lock_irqsave (drivers/char/isicom.c:1315) and then
calls isicom_shutdown_port.
2. isiscom_shutdown_port calls tty_port_free_xmit_buf at
drivers/char/isicom.c:906
3. tty_port_free_xmit_buf calls mutex_lock at srivers/char/tty_port:48

Found by Linux Driver Verification Project.


2009-10-07 13:30:58

by Alan

[permalink] [raw]
Subject: Re: [BUG] isicom.c sleeping function called from invalid context

On Wed, 7 Oct 2009 17:15:14 +0000
Alexander Strakh <[email protected]> wrote:

> KERNEL_VERSION: 2.6.31
> DESCRIBE:
> Driver drivers/char/isicom.c might sleep in atomic context, because it calls
> tty_port_xmit_buf under spin_lock.
>
> ./drivers/char/isicom.c:
> 1307 static void isicom_hangup(struct tty_struct *tty)
> 1308 {
> ...
> 1315 spin_lock_irqsave(&port->card->card_lock, flags);
> 1316 isicom_shutdown_port(port);
> ...
>
> Path to might_sleep macro from isicom_hangup:
> 1. isicom_hangup calls spin_lock_irqsave (drivers/char/isicom.c:1315) and then
> calls isicom_shutdown_port.
> 2. isiscom_shutdown_port calls tty_port_free_xmit_buf at
> drivers/char/isicom.c:906
> 3. tty_port_free_xmit_buf calls mutex_lock at srivers/char/tty_port:48
>
> Found by Linux Driver Verification Project

Diagnosis is correct. I'll take a quick look at that one

2009-10-07 14:53:58

by Alan

[permalink] [raw]
Subject: Re: [BUG] isicom.c sleeping function called from invalid context

On Wed, 7 Oct 2009 17:15:14 +0000
Alexander Strakh <[email protected]> wrote:

> KERNEL_VERSION: 2.6.31
> DESCRIBE:
> Driver drivers/char/isicom.c might sleep in atomic context, because it calls
> tty_port_xmit_buf under spin_lock.
>
> ./drivers/char/isicom.c:
> 1307 static void isicom_hangup(struct tty_struct *tty)
> 1308 {
> ...
> 1315 spin_lock_irqsave(&port->card->card_lock, flags);
> 1316 isicom_shutdown_port(port);
> ...
>
> Path to might_sleep macro from isicom_hangup:
> 1. isicom_hangup calls spin_lock_irqsave (drivers/char/isicom.c:1315) and then
> calls isicom_shutdown_port.
> 2. isiscom_shutdown_port calls tty_port_free_xmit_buf at
> drivers/char/isicom.c:906
> 3. tty_port_free_xmit_buf calls mutex_lock at srivers/char/tty_port:48

Ok that's fairly easy to fix once the tty_port_open patch is applied