From: Jia-Ju Bai <baijiaju1990@gmail.com>
To: David Ahern <dsahern@gmail.com>,
davem@davemloft.net, kuznet@ms2.inr.ac.ru,
yoshfuji@linux-ipv6.org
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] net: ipv6: route: Fix a sleep-in-atomic-context bug in ip6_convert_metrics()
Date: Tue, 4 Sep 2018 11:38:12 +0800 [thread overview]
Message-ID: <6976ed37-d42e-e166-e298-053a35ddc479@gmail.com> (raw)
In-Reply-To: <94b1372d-43da-1a9a-9cde-40c855050552@gmail.com>
On 2018/9/4 10:40, David Ahern wrote:
> On 9/1/18 5:19 AM, Jia-Ju Bai wrote:
>> The kernel module may sleep with holding a spinlock.
>>
>> The function call paths (from bottom to top) in Linux-4.16 are:
>>
>> [FUNC] kzalloc(GFP_KERNEL)
>> net/ipv6/route.c, 2430:
>> kzalloc in ip6_convert_metrics
>> net/ipv6/route.c, 2890:
>> ip6_convert_metrics in ip6_route_add
>> net/ipv6/addrconf.c, 2322:
>> ip6_route_add in addrconf_prefix_route
>> net/ipv6/addrconf.c, 3331:
>> addrconf_prefix_route in fixup_permanent_addr
>> net/ipv6/addrconf.c, 3354:
>> fixup_permanent_addr in addrconf_permanent_addr
>> net/ipv6/addrconf.c, 3358:
>> _raw_write_lock_bh in addrconf_permanent_addr
>>
>> To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
>>
>> This bug is found by my static analysis tool DSAC.
> No kernel change is needed. Your static analysis tool and you in sending
> out patches need to take into context.
>
> ip6_convert_metrics only calls kzalloc when fc_mx is set. fc_mx is only
> set via the RTA_METRICS attribute and only from the userspace call path.
> Hence, kzalloc with GFP_KERNEL is the appropriate argument.
Oh, sorry for my false report.
Best wishes,
Jia-Ju Bai
prev parent reply other threads:[~2018-09-04 3:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-01 11:19 [PATCH] net: ipv6: route: Fix a sleep-in-atomic-context bug in ip6_convert_metrics() Jia-Ju Bai
2018-09-02 4:25 ` David Ahern
2018-09-04 2:40 ` David Ahern
2018-09-04 3:38 ` Jia-Ju Bai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6976ed37-d42e-e166-e298-053a35ddc479@gmail.com \
--to=baijiaju1990@gmail.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.