From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:36694 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752454AbdF2RAF (ORCPT ); Thu, 29 Jun 2017 13:00:05 -0400 Subject: Patch "net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx" has been added to the 4.9-stable tree To: baijiaju1990@163.com, davem@davemloft.net, gregkh@linuxfoundation.org Cc: , From: Date: Thu, 29 Jun 2017 18:59:08 +0200 Message-ID: <1498755548111212@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-caif-fix-a-sleep-in-atomic-bug-in-cfpkt_create_pfx.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From foo@baz Thu Jun 29 18:57:46 CEST 2017 From: Jia-Ju Bai Date: Sat, 10 Jun 2017 16:49:39 +0800 Subject: net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx From: Jia-Ju Bai [ Upstream commit f146e872eb12ebbe92d8e583b2637e0741440db3 ] The kernel may sleep under a rcu read lock in cfpkt_create_pfx, and the function call path is: cfcnfg_linkup_rsp (acquire the lock by rcu_read_lock) cfctrl_linkdown_req cfpkt_create cfpkt_create_pfx alloc_skb(GFP_KERNEL) --> may sleep cfserl_receive (acquire the lock by rcu_read_lock) cfpkt_split cfpkt_create_pfx alloc_skb(GFP_KERNEL) --> may sleep There is "in_interrupt" in cfpkt_create_pfx to decide use "GFP_KERNEL" or "GFP_ATOMIC". In this situation, "GFP_KERNEL" is used because the function is called under a rcu read lock, instead in interrupt. To fix it, only "GFP_ATOMIC" is used in cfpkt_create_pfx. Signed-off-by: Jia-Ju Bai Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/caif/cfpkt_skbuff.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) --- a/net/caif/cfpkt_skbuff.c +++ b/net/caif/cfpkt_skbuff.c @@ -81,11 +81,7 @@ static struct cfpkt *cfpkt_create_pfx(u1 { struct sk_buff *skb; - if (likely(in_interrupt())) - skb = alloc_skb(len + pfx, GFP_ATOMIC); - else - skb = alloc_skb(len + pfx, GFP_KERNEL); - + skb = alloc_skb(len + pfx, GFP_ATOMIC); if (unlikely(skb == NULL)) return NULL; Patches currently in stable-queue which might be from baijiaju1990@163.com are queue-4.9/net-tipc-fix-a-sleep-in-atomic-bug-in-tipc_msg_reverse.patch queue-4.9/net-caif-fix-a-sleep-in-atomic-bug-in-cfpkt_create_pfx.patch