diff options
author | Chengfeng Ye <dg573847474@gmail.com> | 2023-06-27 17:24:49 +0200 |
---|---|---|
committer | Corey Minyard <minyard@acm.org> | 2023-07-04 16:22:45 +0200 |
commit | b02bb79eee074f07acdfde540f2d4fe2a04471d8 (patch) | |
tree | baef4e1d99be53c712bb1e95bff08bfb83337656 /drivers/char/ipmi | |
parent | ipmi_si: fix a memleak in try_smi_init() (diff) | |
download | linux-b02bb79eee074f07acdfde540f2d4fe2a04471d8.tar.xz linux-b02bb79eee074f07acdfde540f2d4fe2a04471d8.zip |
ipmi: fix potential deadlock on &kcs_bmc->lock
As kcs_bmc_handle_event() is executed inside both a timer and a hardirq,
it should disable irq before lock acquisition otherwise deadlock could
happen if the timmer is preemtped by the irq.
Possible deadlock scenario:
aspeed_kcs_check_obe() (timer)
-> kcs_bmc_handle_event()
-> spin_lock(&kcs_bmc->lock)
<irq interruption>
-> aspeed_kcs_irq()
-> kcs_bmc_handle_event()
-> spin_lock(&kcs_bmc->lock) (deadlock here)
This flaw was found using an experimental static analysis tool we are
developing for irq-related deadlock.
The tentative patch fix the potential deadlock by spin_lock_irqsave()
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Message-Id: <20230627152449.36093-1-dg573847474@gmail.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Diffstat (limited to 'drivers/char/ipmi')
-rw-r--r-- | drivers/char/ipmi/kcs_bmc.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/char/ipmi/kcs_bmc.c b/drivers/char/ipmi/kcs_bmc.c index 03d02a848f3a..8b1161d5194a 100644 --- a/drivers/char/ipmi/kcs_bmc.c +++ b/drivers/char/ipmi/kcs_bmc.c @@ -56,12 +56,13 @@ irqreturn_t kcs_bmc_handle_event(struct kcs_bmc_device *kcs_bmc) { struct kcs_bmc_client *client; irqreturn_t rc = IRQ_NONE; + unsigned long flags; - spin_lock(&kcs_bmc->lock); + spin_lock_irqsave(&kcs_bmc->lock, flags); client = kcs_bmc->client; if (client) rc = client->ops->event(client); - spin_unlock(&kcs_bmc->lock); + spin_unlock_irqrestore(&kcs_bmc->lock, flags); return rc; } |