summaryrefslogtreecommitdiffstats
path: root/drivers/char/ipmi
diff options
context:
space:
mode:
authorChengfeng Ye <dg573847474@gmail.com>2023-06-27 17:24:49 +0200
committerCorey Minyard <minyard@acm.org>2023-07-04 16:22:45 +0200
commitb02bb79eee074f07acdfde540f2d4fe2a04471d8 (patch)
treebaef4e1d99be53c712bb1e95bff08bfb83337656 /drivers/char/ipmi
parentipmi_si: fix a memleak in try_smi_init() (diff)
downloadlinux-b02bb79eee074f07acdfde540f2d4fe2a04471d8.tar.xz
linux-b02bb79eee074f07acdfde540f2d4fe2a04471d8.zip
ipmi: fix potential deadlock on &kcs_bmc->lock
As kcs_bmc_handle_event() is executed inside both a timer and a hardirq, it should disable irq before lock acquisition otherwise deadlock could happen if the timmer is preemtped by the irq. Possible deadlock scenario: aspeed_kcs_check_obe() (timer) -> kcs_bmc_handle_event() -> spin_lock(&kcs_bmc->lock) <irq interruption> -> aspeed_kcs_irq() -> kcs_bmc_handle_event() -> spin_lock(&kcs_bmc->lock) (deadlock here) This flaw was found using an experimental static analysis tool we are developing for irq-related deadlock. The tentative patch fix the potential deadlock by spin_lock_irqsave() Signed-off-by: Chengfeng Ye <dg573847474@gmail.com> Message-Id: <20230627152449.36093-1-dg573847474@gmail.com> Signed-off-by: Corey Minyard <minyard@acm.org>
Diffstat (limited to 'drivers/char/ipmi')
-rw-r--r--drivers/char/ipmi/kcs_bmc.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/char/ipmi/kcs_bmc.c b/drivers/char/ipmi/kcs_bmc.c
index 03d02a848f3a..8b1161d5194a 100644
--- a/drivers/char/ipmi/kcs_bmc.c
+++ b/drivers/char/ipmi/kcs_bmc.c
@@ -56,12 +56,13 @@ irqreturn_t kcs_bmc_handle_event(struct kcs_bmc_device *kcs_bmc)
{
struct kcs_bmc_client *client;
irqreturn_t rc = IRQ_NONE;
+ unsigned long flags;
- spin_lock(&kcs_bmc->lock);
+ spin_lock_irqsave(&kcs_bmc->lock, flags);
client = kcs_bmc->client;
if (client)
rc = client->ops->event(client);
- spin_unlock(&kcs_bmc->lock);
+ spin_unlock_irqrestore(&kcs_bmc->lock, flags);
return rc;
}