From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jia-Ju Bai Subject: [PATCH] kernel: audit_tree: Fix a sleep-in-atomic-context bug Date: Thu, 21 Jun 2018 11:32:45 +0800 Message-ID: <20180621033245.10754-1-baijiaju1990@gmail.com> Return-path: Sender: linux-kernel-owner@vger.kernel.org To: paul@paul-moore.com, eparis@redhat.com, jack@suse.cz, amir73il@gmail.com Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jia-Ju Bai List-Id: linux-audit@redhat.com The kernel may sleep with holding a spinlock. The function call paths (from bottom to top) in Linux-4.16.7 are: [FUNC] kmem_cache_alloc(GFP_KERNEL) fs/notify/mark.c, 439: kmem_cache_alloc in fsnotify_attach_connector_to_object fs/notify/mark.c, 520: fsnotify_attach_connector_to_object in fsnotify_add_mark_list fs/notify/mark.c, 590: fsnotify_add_mark_list in fsnotify_add_mark_locked kernel/audit_tree.c, 437: fsnotify_add_mark_locked in tag_chunk kernel/audit_tree.c, 423: spin_lock in tag_chunk [FUNC] kmem_cache_alloc(GFP_KERNEL) fs/notify/mark.c, 439: kmem_cache_alloc in fsnotify_attach_connector_to_object fs/notify/mark.c, 520: fsnotify_attach_connector_to_object in fsnotify_add_mark_list fs/notify/mark.c, 590: fsnotify_add_mark_list in fsnotify_add_mark_locked kernel/audit_tree.c, 291: fsnotify_add_mark_locked in untag_chunk kernel/audit_tree.c, 258: spin_lock in untag_chunk To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC. This bug is found by my static analysis tool (DSAC-2) and checked by my code review. Signed-off-by: Jia-Ju Bai --- fs/notify/mark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/notify/mark.c b/fs/notify/mark.c index e9191b416434..c664853b8585 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c @@ -436,7 +436,7 @@ static int fsnotify_attach_connector_to_object( { struct fsnotify_mark_connector *conn; - conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_KERNEL); + conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_ATOMIC); if (!conn) return -ENOMEM; spin_lock_init(&conn->lock); -- 2.17.0