[PATCH 3.18 56/58] hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close

2018-02-23 Thread Greg Kroah-Hartman 
3.18-stable review patch.  If anyone has any objections, please let me know.

--

From: Jia-Ju Bai 


[ Upstream commit 6e266610eb6553cfb7e7eb5d11914bd01509c406 ]

The driver may sleep under a spinlock.
The function call path is:
rr_close (acquire the spinlock)
  free_irq --> may sleep

To fix it, free_irq is moved to the place without holding the spinlock.

This bug is found by my static analysis tool(DSAC) and checked by my code 
review.

Signed-off-by: Jia-Ju Bai 
Signed-off-by: David S. Miller 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/net/hippi/rrunner.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/hippi/rrunner.c
+++ b/drivers/net/hippi/rrunner.c
@@ -1381,8 +1381,8 @@ static int rr_close(struct net_device *d
rrpriv->info_dma);
rrpriv->info = NULL;
 
-   free_irq(pdev->irq, dev);
spin_unlock_irqrestore(>lock, flags);
+   free_irq(pdev->irq, dev);
 
return 0;
 }

[PATCH 3.18 56/58] hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close

2018-02-23 Thread Greg Kroah-Hartman 
3.18-stable review patch.  If anyone has any objections, please let me know.

--

From: Jia-Ju Bai 


[ Upstream commit 6e266610eb6553cfb7e7eb5d11914bd01509c406 ]

The driver may sleep under a spinlock.
The function call path is:
rr_close (acquire the spinlock)
  free_irq --> may sleep

To fix it, free_irq is moved to the place without holding the spinlock.

This bug is found by my static analysis tool(DSAC) and checked by my code 
review.

Signed-off-by: Jia-Ju Bai 
Signed-off-by: David S. Miller 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/net/hippi/rrunner.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/hippi/rrunner.c
+++ b/drivers/net/hippi/rrunner.c
@@ -1381,8 +1381,8 @@ static int rr_close(struct net_device *d
rrpriv->info_dma);
rrpriv->info = NULL;
 
-   free_irq(pdev->irq, dev);
spin_unlock_irqrestore(>lock, flags);
+   free_irq(pdev->irq, dev);
 
return 0;
 }