Re: [BUG] skge: a possible sleep-in-atomic bug in skge_remove

[Jia-Ju Bai]

On 2017/12/13 13:18, Stephen Hemminger wrote:
> On Tue, 12 Dec 2017 20:57:01 -0500 (EST)
> David Miller <davem@xxxxxxxxxxxxx> wrote:
>
> > From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
> > Date: Tue, 12 Dec 2017 10:22:40 -0800
> >
> > > On Tue, 12 Dec 2017 08:34:45 -0500 (EST)
> > > David Miller <davem@xxxxxxxxxxxxx> wrote:
> > >    
> > > > From: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
> > > > Date: Tue, 12 Dec 2017 16:38:12 +0800
> > > >    
> > > > > According to drivers/net/ethernet/marvell/skge.c, the driver may sleep
> > > > > under a spinlock.
> > > > > The function call path is:
> > > > > skge_remove (acquire the spinlock)
> > > > >    free_irq --> may sleep
> > > > >
> > > > > I do not find a good way to fix it, so I only report.
> > > > > This possible bug is found by my static analysis tool (DSAC) and
> > > > > checked by my code review.
> > > > This was added by:
> > > >
> > > > commit a9e9fd7182332d0cf5f3e601df3e71dd431b70d7
> > > > Author: Stephen Hemminger <shemminger@xxxxxxxxxx>
> > > > Date:   Tue Sep 27 13:41:37 2011 -0400
> > > >
> > > >      skge: handle irq better on single port card
> > > >
> > > > I think the free_irq() can be moved below the unlock.
> > > >
> > > > Stephen, please take a look.
> > > The IRQ was being free twice.
> > > How did you see it, I really doubt any multi-port SKGE cards
> > > still exist.
> > He sees it by reading the code, please take a look at this
> > and move the free_irq() out of the spin locked section since
> > it can sleep.
> Thanks, I was hoping for some automated static analysis tool.

This bug was found by an automated static analysis tool named DSAC, 
which is written by myself.
Then I manually checked driver source code, and finally sent the bug report.


Thanks,
Jia-Ju Bai