Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753713AbdLMQuM (ORCPT <rfc822;w@1wt.eu>);
        Wed, 13 Dec 2017 11:50:12 -0500
Received: from mail-pl0-f67.google.com ([209.85.160.67]:40503 "EHLO
        mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753530AbdLMQuJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Dec 2017 11:50:09 -0500
X-Google-Smtp-Source: ACJfBouj0CSOf8y+yTb+oncdvBzvLpzDbTuHB0oWmz2rYUyqGnYz7VaB3dnKCVxMGOcwbTHvYmLttQ==
Date: Wed, 13 Dec 2017 08:50:06 -0800
From: Stephen Hemminger <stephen@networkplumber.org>
To: Jia-Ju Bai <baijiaju1990@gmail.com>
Cc: David Miller <davem@davemloft.net>, mlindner@marvell.com,
        shemminger@osdl.org, shemminger@linux-foundation.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [BUG] skge: a possible sleep-in-atomic bug in skge_remove
Message-ID: <20171213085006.7093c27e@xeon-e3>
In-Reply-To: <f2dee82a-af75-a3af-9899-5dec7950b9e8@gmail.com>
References: <1e8a8196-f0d1-2a82-3632-b882787c4391@gmail.com>
        <20171212.083445.2256119006373036925.davem@davemloft.net>
        <20171212102240.4a09cf9a@xeon-e3>
        <20171212.205701.569779668163323943.davem@davemloft.net>
        <20171212211849.3e8b43b9@xeon-e3>
        <f2dee82a-af75-a3af-9899-5dec7950b9e8@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1941
Lines: 51

On Wed, 13 Dec 2017 15:42:56 +0800
Jia-Ju Bai <baijiaju1990@gmail.com> wrote:

> On 2017/12/13 13:18, Stephen Hemminger wrote:
> > On Tue, 12 Dec 2017 20:57:01 -0500 (EST)
> > David Miller <davem@davemloft.net> wrote:
> >  
> >> From: Stephen Hemminger <stephen@networkplumber.org>
> >> Date: Tue, 12 Dec 2017 10:22:40 -0800
> >>  
> >>> On Tue, 12 Dec 2017 08:34:45 -0500 (EST)
> >>> David Miller <davem@davemloft.net> wrote:
> >>>      
> >>>> From: Jia-Ju Bai <baijiaju1990@gmail.com>
> >>>> Date: Tue, 12 Dec 2017 16:38:12 +0800
> >>>>      
> >>>>> According to drivers/net/ethernet/marvell/skge.c, the driver may sleep
> >>>>> under a spinlock.
> >>>>> The function call path is:
> >>>>> skge_remove (acquire the spinlock)
> >>>>>    free_irq --> may sleep
> >>>>>
> >>>>> I do not find a good way to fix it, so I only report.
> >>>>> This possible bug is found by my static analysis tool (DSAC) and
> >>>>> checked by my code review.  
> >>>> This was added by:
> >>>>
> >>>> commit a9e9fd7182332d0cf5f3e601df3e71dd431b70d7
> >>>> Author: Stephen Hemminger <shemminger@vyatta.com>
> >>>> Date:   Tue Sep 27 13:41:37 2011 -0400
> >>>>
> >>>>      skge: handle irq better on single port card
> >>>>
> >>>> I think the free_irq() can be moved below the unlock.
> >>>>
> >>>> Stephen, please take a look.  
> >>> The IRQ was being free twice.
> >>> How did you see it, I really doubt any multi-port SKGE cards
> >>> still exist.  
> >> He sees it by reading the code, please take a look at this
> >> and move the free_irq() out of the spin locked section since
> >> it can sleep.  
> > Thanks, I was hoping for some automated static analysis tool.  
> 
> This bug was found by an automated static analysis tool named DSAC, 
> which is written by myself.
> Then I manually checked driver source code, and finally sent the bug report.

Thanks.
Would it be possible to put tool in tools directory and then have
it automated by kbuild robot?