From: Greg KH <gregkh@linuxfoundation.org>
To: Duoming Zhou <duoming@zju.edu.cn>
Cc: linux-wireless@vger.kernel.org, amitkarwar@gmail.com,
ganapathi017@gmail.com, sharvari.harisangam@nxp.com,
huxinming820@gmail.com, kvalo@kernel.org, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
rafael@kernel.org
Subject: Re: [PATCH v3] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
Date: Mon, 23 May 2022 08:31:46 +0200 [thread overview]
Message-ID: <YosqUjCYioGh3kBW@kroah.com> (raw)
In-Reply-To: <20220523052810.24767-1-duoming@zju.edu.cn>
On Mon, May 23, 2022 at 01:28:10PM +0800, Duoming Zhou wrote:
> There are sleep in atomic context bugs when uploading device dump
> data in mwifiex. The root cause is that dev_coredumpv could not
> be used in atomic contexts, because it calls dev_set_name which
> include operations that may sleep. The call tree shows execution
> paths that could lead to bugs:
>
> (Interrupt context)
> fw_dump_timer_fn
> mwifiex_upload_device_dump
> dev_coredumpv(..., GFP_KERNEL)
> dev_coredumpm()
> kzalloc(sizeof(*devcd), gfp); //may sleep
> dev_set_name
> kobject_set_name_vargs
> kvasprintf_const(GFP_KERNEL, ...); //may sleep
> kstrdup(s, GFP_KERNEL); //may sleep
>
> In order to let dev_coredumpv support atomic contexts, this patch
> changes the gfp_t parameter of kvasprintf_const and kstrdup in
> kobject_set_name_vargs from GFP_KERNEL to GFP_ATOMIC. What's more,
> In order to mitigate bug, this patch changes the gfp_t parameter
> of dev_coredumpv from GFP_KERNEL to GFP_ATOMIC.
>
> Fixes: 57670ee882d4 ("mwifiex: device dump support via devcoredump framework")
> Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
> ---
> Changes in v3:
> - Let dev_coredumpv support atomic contexts.
>
> drivers/net/wireless/marvell/mwifiex/main.c | 2 +-
> lib/kobject.c | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/main.c b/drivers/net/wireless/marvell/mwifiex/main.c
> index ace7371c477..258906920a2 100644
> --- a/drivers/net/wireless/marvell/mwifiex/main.c
> +++ b/drivers/net/wireless/marvell/mwifiex/main.c
> @@ -1116,7 +1116,7 @@ void mwifiex_upload_device_dump(struct mwifiex_adapter *adapter)
> mwifiex_dbg(adapter, MSG,
> "== mwifiex dump information to /sys/class/devcoredump start\n");
> dev_coredumpv(adapter->dev, adapter->devdump_data, adapter->devdump_len,
> - GFP_KERNEL);
> + GFP_ATOMIC);
> mwifiex_dbg(adapter, MSG,
> "== mwifiex dump information to /sys/class/devcoredump end\n");
>
> diff --git a/lib/kobject.c b/lib/kobject.c
> index 5f0e71ab292..7672c54944c 100644
> --- a/lib/kobject.c
> +++ b/lib/kobject.c
> @@ -254,7 +254,7 @@ int kobject_set_name_vargs(struct kobject *kobj, const char *fmt,
> if (kobj->name && !fmt)
> return 0;
>
> - s = kvasprintf_const(GFP_KERNEL, fmt, vargs);
> + s = kvasprintf_const(GFP_ATOMIC, fmt, vargs);
> if (!s)
> return -ENOMEM;
>
> @@ -267,7 +267,7 @@ int kobject_set_name_vargs(struct kobject *kobj, const char *fmt,
> if (strchr(s, '/')) {
> char *t;
>
> - t = kstrdup(s, GFP_KERNEL);
> + t = kstrdup(s, GFP_ATOMIC);
> kfree_const(s);
> if (!t)
> return -ENOMEM;
Please no, you are hurting the whole kernel because of one odd user.
Please do not make these calls under atomic context.
thanks,
greg k-h
next prev parent reply other threads:[~2022-05-23 6:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-23 5:28 [PATCH v3] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv Duoming Zhou
2022-05-23 6:31 ` Greg KH [this message]
[not found] ` <41a266af.2abb6.180efa8594d.Coremail.duoming@zju.edu.cn>
2022-05-23 11:31 ` Kalle Valo
2022-05-23 13:41 ` Greg KH
2022-05-23 16:27 ` Kalle Valo
2022-05-23 13:43 ` Johannes Berg
2022-05-23 14:20 ` Eric W. Biederman
2022-05-23 15:58 ` duoming
2022-05-23 16:31 ` Kalle Valo
2022-05-24 2:08 ` duoming
2022-05-23 19:42 ` Brian Norris
2022-05-24 1:54 ` duoming
2022-05-23 17:55 ` Brian Norris
-- strict thread matches above, loose matches on Subject: below --
2022-05-23 8:03 duoming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YosqUjCYioGh3kBW@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=amitkarwar@gmail.com \
--cc=davem@davemloft.net \
--cc=duoming@zju.edu.cn \
--cc=edumazet@google.com \
--cc=ganapathi017@gmail.com \
--cc=huxinming820@gmail.com \
--cc=kuba@kernel.org \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rafael@kernel.org \
--cc=sharvari.harisangam@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.