From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jia-Ju Bai <baijiaju1990@gmail.com>,
Hans Verkuil <hans.verkuil@cisco.com>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Sasha Levin <sashal@kernel.org>,
linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 24/40] media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
Date: Sat, 9 Nov 2019 21:50:16 -0500 [thread overview]
Message-ID: <20191110025032.827-24-sashal@kernel.org> (raw)
In-Reply-To: <20191110025032.827-1-sashal@kernel.org>
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 8d11eb847de7d89c2754988c944d51a4f63e219b ]
The driver may sleep in a interrupt handler.
The function call paths (from bottom to top) in Linux-4.16 are:
[FUNC] kzalloc(GFP_KERNEL)
drivers/media/pci/ivtv/ivtv-yuv.c, 938:
kzalloc in ivtv_yuv_init
drivers/media/pci/ivtv/ivtv-yuv.c, 960:
ivtv_yuv_init in ivtv_yuv_next_free
drivers/media/pci/ivtv/ivtv-yuv.c, 1126:
ivtv_yuv_next_free in ivtv_yuv_setup_stream_frame
drivers/media/pci/ivtv/ivtv-irq.c, 827:
ivtv_yuv_setup_stream_frame in ivtv_irq_dec_data_req
drivers/media/pci/ivtv/ivtv-irq.c, 1013:
ivtv_irq_dec_data_req in ivtv_irq_handler
To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool DSAC.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/ivtv/ivtv-yuv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/ivtv/ivtv-yuv.c b/drivers/media/pci/ivtv/ivtv-yuv.c
index 9cd995f418e0f..1d67407ffbf62 100644
--- a/drivers/media/pci/ivtv/ivtv-yuv.c
+++ b/drivers/media/pci/ivtv/ivtv-yuv.c
@@ -936,7 +936,7 @@ static void ivtv_yuv_init(struct ivtv *itv)
}
/* We need a buffer for blanking when Y plane is offset - non-fatal if we can't get one */
- yi->blanking_ptr = kzalloc(720 * 16, GFP_KERNEL|__GFP_NOWARN);
+ yi->blanking_ptr = kzalloc(720 * 16, GFP_ATOMIC|__GFP_NOWARN);
if (yi->blanking_ptr) {
yi->blanking_dmaptr = pci_map_single(itv->pdev, yi->blanking_ptr, 720*16, PCI_DMA_TODEVICE);
} else {
--
2.20.1
next prev parent reply other threads:[~2019-11-10 2:53 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-10 2:49 [PATCH AUTOSEL 4.4 01/40] s390/qeth: invoke softirqs after napi_schedule() Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 02/40] PCI/ACPI: Correct error message for ASPM disabling Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 03/40] serial: mxs-auart: Fix potential infinite loop Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 04/40] powerpc/iommu: Avoid derefence before pointer check Sasha Levin
2019-11-10 2:49 ` Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 05/40] powerpc/64s/hash: Fix stab_rr off by one initialization Sasha Levin
2019-11-10 2:49 ` Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 06/40] powerpc/pseries: Disable CPU hotplug across migrations Sasha Levin
2019-11-10 2:49 ` Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 07/40] libfdt: Ensure INT_MAX is defined in libfdt_env.h Sasha Levin
2019-11-10 2:49 ` Sasha Levin
2019-11-10 2:49 ` Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 08/40] power: supply: twl4030_charger: fix charging current out-of-bounds Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 09/40] power: supply: twl4030_charger: disable eoc interrupt on linear charge Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 10/40] net: toshiba: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:50 ` Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 11/40] net: xilinx: " Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 12/40] net: broadcom: " Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 13/40] net: amd: " Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 14/40] usb: chipidea: Fix otg event handler Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 15/40] ARM: dts: am335x-evm: fix number of cpsw Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 16/40] ARM: dts: ux500: Correct SCU unit address Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 17/40] ARM: dts: ux500: Fix LCDA clock line muxing Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 18/40] ARM: dts: ste: Fix SPI controller node names Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 19/40] cpufeature: avoid warning when compiling with clang Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 20/40] bnx2x: Ignore bandwidth attention in single function mode Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 21/40] net: micrel: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 22/40] x86/CPU: Use correct macros for Cyrix calls Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 23/40] MIPS: kexec: Relax memory restriction Sasha Levin
2019-11-10 2:50 ` Sasha Levin [this message]
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 25/40] media: davinci: Fix implicit enum conversion warning Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 26/40] usb: gadget: uvc: configfs: Drop leaked references to config items Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 27/40] usb: gadget: uvc: configfs: Prevent format changes after linking header Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 28/40] usb: gadget: uvc: Factor out video USB request queueing Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 29/40] usb: gadget: uvc: Only halt video streaming endpoint in bulk mode Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 30/40] misc: kgdbts: Fix restrict error Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 31/40] misc: genwqe: should return proper error value Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 32/40] vfio/pci: Fix potential memory leak in vfio_msi_cap_len Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 33/40] scsi: libsas: always unregister the old device if going to discover new Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 34/40] ARM: dts: tegra30: fix xcvr-setup-use-fuses Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 35/40] ARM: tegra: apalis_t30: fix mmc1 cmd pull-up Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 36/40] net: smsc: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 37/40] EDAC: Raise the maximum number of memory controllers Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 38/40] Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 39/40] arm64: dts: amd: Fix SPI bus warnings Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 40/40] fuse: use READ_ONCE on congestion_threshold and max_background Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191110025032.827-24-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=baijiaju1990@gmail.com \
--cc=hans.verkuil@cisco.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab+samsung@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.