Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752066AbdLLI0x (ORCPT <rfc822;w@1wt.eu>);
        Tue, 12 Dec 2017 03:26:53 -0500
Received: from m12-13.163.com ([220.181.12.13]:41486 "EHLO m12-13.163.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750955AbdLLI0u (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Dec 2017 03:26:50 -0500
From: Jia-Ju Bai <baijiaju1990@163.com>
To: linuxdrivers@attotech.com, jejb@linux.vnet.ibm.com,
        martin.petersen@oracle.com
Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
        Jia-Ju Bai <baijiaju1990@163.com>
Subject: [PATCH] esas2r: Fix a possible sleep-in-atomic bug in esas2r_wait_request
Date: Tue, 12 Dec 2017 16:27:57 +0800
Message-Id: <1513067277-23126-1-git-send-email-baijiaju1990@163.com>
X-Mailer: git-send-email 1.7.9.5
X-CM-TRANSID: DcCowABnfYJ+ki9aqUIlAg--.2212S2
X-Coremail-Antispam: 1Uf129KBjvdXoW7Jry7KrWfGryrGw15WFy7GFg_yoWkurc_WF
        WSyr17Ar4akF4Dtr1xCrWayFZF9a1UZFn0kw4Fga4fA3yDGw43Gr1DXrnrZrn3Xr43AFyk
        A390qryFvr1jkjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUbPl1PUUUUU==
X-Originating-IP: [166.111.70.15]
X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiGAOselXlcxmVDQAAsP
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1150
Lines: 35

The driver may sleep in the interrupt handler.
The function call path is:
esas2r_adapter_tasklet (interrupt handler)
  esas2r_do_tasklet_tasks
    esas2r_handle_chip_rst_during_tasklet
      esas2r_init_adapter_hw
        esas2r_init_msgs
          esas2r_wait_request
            schedule_timeout_interruptible --> may sleep

To fix it, schedule_timeout_uninterruptible is replaced with mdelay.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
---
 drivers/scsi/esas2r/esas2r_main.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/esas2r/esas2r_main.c b/drivers/scsi/esas2r/esas2r_main.c
index 4eb1430..4cd8f79 100644
--- a/drivers/scsi/esas2r/esas2r_main.c
+++ b/drivers/scsi/esas2r/esas2r_main.c
@@ -1307,7 +1307,7 @@ void esas2r_wait_request(struct esas2r_adapter *a, struct esas2r_request *rq)
 		if (rq->req_stat != RS_STARTED)
 			break;
 
-		schedule_timeout_interruptible(msecs_to_jiffies(100));
+		mdelay(100);
 
 		if ((jiffies_to_msecs(jiffies) - starttime) > timeout) {
 			esas2r_hdebug("request TMO");
-- 
1.7.9.5