Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752141AbdLNDGr (ORCPT ); Wed, 13 Dec 2017 22:06:47 -0500 Received: from mail-pf0-f193.google.com ([209.85.192.193]:39706 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751599AbdLNDGp (ORCPT ); Wed, 13 Dec 2017 22:06:45 -0500 X-Google-Smtp-Source: ACJfBotxoBVUVI6cta7kfPzw+fJ1B3IUfK9OdoRTLvKJUMg+2FWOOq2cYCGGoMhb3mB1qnS9e8ECtA== Subject: Re: [BUG] skge: a possible sleep-in-atomic bug in skge_remove To: Stephen Hemminger Cc: David Miller , mlindner@marvell.com, shemminger@osdl.org, shemminger@linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <1e8a8196-f0d1-2a82-3632-b882787c4391@gmail.com> <20171212.083445.2256119006373036925.davem@davemloft.net> <20171212102240.4a09cf9a@xeon-e3> <20171212.205701.569779668163323943.davem@davemloft.net> <20171212211849.3e8b43b9@xeon-e3> <20171213085006.7093c27e@xeon-e3> From: Jia-Ju Bai Message-ID: <772ac173-c52a-bd24-9b67-4bdfd932fdd1@gmail.com> Date: Thu, 14 Dec 2017 11:06:33 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <20171213085006.7093c27e@xeon-e3> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2922 Lines: 77 On 2017/12/14 0:50, Stephen Hemminger wrote: > On Wed, 13 Dec 2017 15:42:56 +0800 > Jia-Ju Bai wrote: > >> On 2017/12/13 13:18, Stephen Hemminger wrote: >>> On Tue, 12 Dec 2017 20:57:01 -0500 (EST) >>> David Miller wrote: >>> >>>> From: Stephen Hemminger >>>> Date: Tue, 12 Dec 2017 10:22:40 -0800 >>>> >>>>> On Tue, 12 Dec 2017 08:34:45 -0500 (EST) >>>>> David Miller wrote: >>>>> >>>>>> From: Jia-Ju Bai >>>>>> Date: Tue, 12 Dec 2017 16:38:12 +0800 >>>>>> >>>>>>> According to drivers/net/ethernet/marvell/skge.c, the driver may sleep >>>>>>> under a spinlock. >>>>>>> The function call path is: >>>>>>> skge_remove (acquire the spinlock) >>>>>>> free_irq --> may sleep >>>>>>> >>>>>>> I do not find a good way to fix it, so I only report. >>>>>>> This possible bug is found by my static analysis tool (DSAC) and >>>>>>> checked by my code review. >>>>>> This was added by: >>>>>> >>>>>> commit a9e9fd7182332d0cf5f3e601df3e71dd431b70d7 >>>>>> Author: Stephen Hemminger >>>>>> Date: Tue Sep 27 13:41:37 2011 -0400 >>>>>> >>>>>> skge: handle irq better on single port card >>>>>> >>>>>> I think the free_irq() can be moved below the unlock. >>>>>> >>>>>> Stephen, please take a look. >>>>> The IRQ was being free twice. >>>>> How did you see it, I really doubt any multi-port SKGE cards >>>>> still exist. >>>> He sees it by reading the code, please take a look at this >>>> and move the free_irq() out of the spin locked section since >>>> it can sleep. >>> Thanks, I was hoping for some automated static analysis tool. >> This bug was found by an automated static analysis tool named DSAC, >> which is written by myself. >> Then I manually checked driver source code, and finally sent the bug report. > Thanks. > Would it be possible to put tool in tools directory and then have > it automated by kbuild robot? Hi, Thanks for your appreciation of my tool :) I think it is possible. But before releasing, I need to improve it to solve some problems: 1. It produces some false positives and negatives. Thus I need developer's response and confirmation of my bug reports, to help me to improve my tool's accuracy. 2. It is based on Clang-3.2 (a LLVM-based compiler, not GCC), and some driver code cannot compile normally. Maybe I should re-implement my tool based on a recent Clang version. 3. Some software is needed when running my tool, thus as MySQL (maybe I directly can write to files, instead of database in the future) and Clang (Clang is necessary). I think it may be difficult to directly put my tool in "tools" directory. But with some configuration, it is possible to run it automatically in a testing environment. I also plan to open this tool in the future, after finishing the improvements :) Thanks, Jia-Ju Bai