CC to mailing list.
On 2017/10/8 20:13, Jia-Ju Bai wrote:
The driver may sleep under a spinlock when calling the function
"ips_leave", which causes some possible sleep-in-atomic bugs.
Here are several examples:
rtw_set_802_11_disassociate (acquire the spinlock)
_rtw_pwr_wakeup
ips_leave
mutex_lock --> may sleep
rtw_set_802_11_disassociate (acquire the spinlock)
_rtw_pwr_wakeup
ips_leave
rtw_ips_pwr_up
ips_netdrv_open
rtw_hal_init
rtl8188eu_hal_init
rtl88eu_download_fw
request_firmware --> may sleep
kmalloc --> may sleep
rtw_set_802_11_disassociate (acquire the spinlock)
_rtw_pwr_wakeup
ips_leave
rtw_set_key
kzalloc(GFP_KERNEL) --> may sleep
All these bugs are caused by that "ips_leave" calls some sleep-able
functions.
A possible fix is to release the spinlock before calling "ips_leave",
and acquire the spinlock again after it.
These bugs are found by my static analysis tool and my code review.
Thanks,
Jia-Ju Bai
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
