From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vincent Pelletier <plr.vincent@gmail.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>
Subject: [PATCH 4.14 35/52] usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
Date: Fri, 15 Dec 2017 10:52:12 +0100 [thread overview]
Message-ID: <20171215092310.473070715@linuxfoundation.org> (raw)
In-Reply-To: <20171215092308.500651185@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vincent Pelletier <plr.vincent@gmail.com>
commit 30bf90ccdec1da9c8198b161ecbff39ce4e5a9ba upstream.
Found using DEBUG_ATOMIC_SLEEP while submitting an AIO read operation:
[ 100.853642] BUG: sleeping function called from invalid context at mm/slab.h:421
[ 100.861148] in_atomic(): 1, irqs_disabled(): 1, pid: 1880, name: python
[ 100.867954] 2 locks held by python/1880:
[ 100.867961] #0: (&epfile->mutex){....}, at: [<f8188627>] ffs_mutex_lock+0x27/0x30 [usb_f_fs]
[ 100.868020] #1: (&(&ffs->eps_lock)->rlock){....}, at: [<f818ad4b>] ffs_epfile_io.isra.17+0x24b/0x590 [usb_f_fs]
[ 100.868076] CPU: 1 PID: 1880 Comm: python Not tainted 4.14.0-edison+ #118
[ 100.868085] Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
[ 100.868093] Call Trace:
[ 100.868122] dump_stack+0x47/0x62
[ 100.868156] ___might_sleep+0xfd/0x110
[ 100.868182] __might_sleep+0x68/0x70
[ 100.868217] kmem_cache_alloc_trace+0x4b/0x200
[ 100.868248] ? dwc3_gadget_ep_alloc_request+0x24/0xe0 [dwc3]
[ 100.868302] dwc3_gadget_ep_alloc_request+0x24/0xe0 [dwc3]
[ 100.868343] usb_ep_alloc_request+0x16/0xc0 [udc_core]
[ 100.868386] ffs_epfile_io.isra.17+0x444/0x590 [usb_f_fs]
[ 100.868424] ? _raw_spin_unlock_irqrestore+0x27/0x40
[ 100.868457] ? kiocb_set_cancel_fn+0x57/0x60
[ 100.868477] ? ffs_ep0_poll+0xc0/0xc0 [usb_f_fs]
[ 100.868512] ffs_epfile_read_iter+0xfe/0x157 [usb_f_fs]
[ 100.868551] ? security_file_permission+0x9c/0xd0
[ 100.868587] ? rw_verify_area+0xac/0x120
[ 100.868633] aio_read+0x9d/0x100
[ 100.868692] ? __fget+0xa2/0xd0
[ 100.868727] ? __might_sleep+0x68/0x70
[ 100.868763] SyS_io_submit+0x471/0x680
[ 100.868878] do_int80_syscall_32+0x4e/0xd0
[ 100.868921] entry_INT80_32+0x2a/0x2a
[ 100.868932] EIP: 0xb7fbb676
[ 100.868941] EFLAGS: 00000292 CPU: 1
[ 100.868951] EAX: ffffffda EBX: b7aa2000 ECX: 00000002 EDX: b7af8368
[ 100.868961] ESI: b7fbb660 EDI: b7aab000 EBP: bfb6c658 ESP: bfb6c638
[ 100.868973] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1016,7 +1016,7 @@ static ssize_t ffs_epfile_io(struct file
else
ret = ep->status;
goto error_mutex;
- } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_KERNEL))) {
+ } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
ret = -ENOMEM;
} else {
req->buf = data;
next prev parent reply other threads:[~2017-12-15 9:55 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-15 9:51 [PATCH 4.14 00/52] 4.14.7-stable review Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 02/52] net: thunderx: Fix TCP/UDP checksum offload for IPv6 pkts Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 03/52] net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 05/52] s390/qeth: fix early exit from error path Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 06/52] tipc: fix memory leak in tipc_accept_from_sock() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 07/52] vhost: fix skb leak in handle_rx() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 09/52] sit: update frag_off info Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 10/52] tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 11/52] packet: fix crash in fanout_demux_rollover() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 12/52] net/packet: fix a race in packet_bind() and packet_notifier() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 13/52] tcp: remove buggy call to tcp_v6_restore_cb() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 16/52] stmmac: reset last TSO segment size after device open Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 18/52] s390/qeth: build max size GSO skbs on L2 devices Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 19/52] s390/qeth: fix thinko in IPv4 multicast address tracking Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 20/52] s390/qeth: fix GSO throughput regression Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 21/52] tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 22/52] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 23/52] tcp: use current time in tcp_rcv_space_adjust() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 24/52] net: sched: cbq: create block for q->link.block Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 25/52] tap: free skb if flags error Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 26/52] tcp: when scheduling TLP, time of RTO should account for current ACK Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 27/52] tun: free skb in early errors Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 28/52] net: ipv6: Fixup device for anycast routes during copy Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 29/52] tun: fix rcu_read_lock imbalance in tun_build_skb Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 30/52] net: accept UFO datagrams from tuntap and packet Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 31/52] net: openvswitch: datapath: fix data type in queue_gso_packets Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 32/52] cls_bpf: dont decrement nets refcount when offload fails Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 33/52] sctp: use right member as the param of list_for_each_entry Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 34/52] ipmi: Stop timers before cleaning up the module Greg Kroah-Hartman
2017-12-15 9:52 ` Greg Kroah-Hartman [this message]
2017-12-15 9:52 ` [PATCH 4.14 36/52] fcntl: dont cap l_start and l_end values for F_GETLK64 in compat syscall Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 37/52] fix kcm_clone() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 38/52] KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 39/52] kbuild: do not call cc-option before KBUILD_CFLAGS initialization Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 40/52] powerpc/powernv/idle: Round up latency and residency values Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 41/52] ipvlan: fix ipv6 outbound device Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 42/52] ide: ide-atapi: fix compile error with defining macro DEBUG Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 43/52] blk-mq: Avoid that request queue removal can trigger list corruption Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 44/52] nvmet-rdma: update queue list during ib_device removal Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 45/52] audit: Allow auditd to set pid to 0 to end auditing Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 46/52] audit: ensure that audit=1 actually enables audit for PID 1 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 47/52] dm raid: fix panic when attempting to force a raid to sync Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 48/52] md: free unused memory after bitmap resize Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 49/52] RDMA/cxgb4: Annotate r2 and stag as __be32 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 50/52] x86/intel_rdt: Fix potential deadlock during resctrl unmount Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 51/52] media: dvb-core: always call invoke_release() in fe_free() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 52/52] dvb_frontend: dont use-after-free the frontend struct Greg Kroah-Hartman
2017-12-15 10:09 ` [PATCH 4.14 00/52] 4.14.7-stable review Nikola Ciprich
2017-12-15 10:09 ` Nikola Ciprich
2017-12-15 13:07 ` Greg Kroah-Hartman
2017-12-15 17:41 ` Guenter Roeck
2017-12-15 18:27 ` Greg Kroah-Hartman
2017-12-15 21:12 ` Shuah Khan
2017-12-15 21:32 ` Greg Kroah-Hartman
2017-12-16 5:28 ` Naresh Kamboju
2017-12-16 8:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171215092310.473070715@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=felipe.balbi@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=plr.vincent@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.