* [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in orinoco_ioctl_set_genie
@ 2009-01-17 15:22 Andrey Borzenkov
2009-01-19 3:16 ` [Orinoco-devel] " Pavel Roskin
0 siblings, 1 reply; 4+ messages in thread
From: Andrey Borzenkov @ 2009-01-17 15:22 UTC (permalink / raw)
To: orinoco-devel, linux-wireless
[-- Attachment #1: Type: text/plain, Size: 3337 bytes --]
Subject: [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in
orinoco_ioctl_set_genie
From: Andrey Borzenkov <arvidjaar@mail.ru>
kmalloc is called with interrupt disabled and may not sleep. This
fixes this BUG:
[ 56.923623] BUG: sleeping function called from invalid context at
/home/bor/src/linux-git/mm/slub.c:1599
[ 56.923644] in_atomic(): 0, irqs_disabled(): 1, pid: 3031, name:
wpa_supplicant
[ 56.923656] 2 locks held by wpa_supplicant/3031:
[ 56.923662] #0: (rtnl_mutex){--..}, at: [<c02abd1f>] rtnl_lock+0xf/0x20
[ 56.923703] #1: (&priv->lock){++..}, at: [<dfc840c2>]
orinoco_ioctl_set_genie+0x52/0x130 [orinoco]
[ 56.923782] irq event stamp: 910
[ 56.923788] hardirqs last enabled at (909): [<c01957db>]
__kmalloc+0x7b/0x140
[ 56.923820] hardirqs last disabled at (910): [<c0309419>]
_spin_lock_irqsave+0x19/0x80
[ 56.923847] softirqs last enabled at (880): [<c0124f54>]
__do_softirq+0xc4/0x110
[ 56.923865] softirqs last disabled at (871): [<c01049ae>]
do_softirq+0x8e/0xe0
[ 56.923895] Pid: 3031, comm: wpa_supplicant Not tainted 2.6.29-rc2-1avb
#1
[ 56.923905] Call Trace:
[ 56.923919] [<c01049ae>] ? do_softirq+0x8e/0xe0
[ 56.923941] [<c011ad12>] __might_sleep+0xd2/0x100
[ 56.923952] [<c0195837>] __kmalloc+0xd7/0x140
[ 56.923963] [<c030946a>] ? _spin_lock_irqsave+0x6a/0x80
[ 56.923981] [<dfc840e9>] ? orinoco_ioctl_set_genie+0x79/0x130 [orinoco]
[ 56.923999] [<dfc840c2>] ? orinoco_ioctl_set_genie+0x52/0x130 [orinoco]
[ 56.924017] [<dfc840e9>] orinoco_ioctl_set_genie+0x79/0x130 [orinoco]
[ 56.924036] [<c0209325>] ? copy_from_user+0x35/0x130
[ 56.924061] [<c02ffd96>] ioctl_standard_call+0x196/0x380
[ 56.924085] [<c029f945>] ? __dev_get_by_name+0x85/0xb0
[ 56.924096] [<c02ff88f>] wext_handle_ioctl+0x14f/0x230
[ 56.924113] [<dfc84070>] ? orinoco_ioctl_set_genie+0x0/0x130 [orinoco]
[ 56.924132] [<c02a3da5>] dev_ioctl+0x495/0x570
[ 56.924155] [<c0293e05>] ? sys_sendto+0xa5/0xd0
[ 56.924171] [<c0142fe8>] ? mark_held_locks+0x48/0x90
[ 56.924183] [<c0292880>] ? sock_ioctl+0x0/0x280
[ 56.924193] [<c029297d>] sock_ioctl+0xfd/0x280
[ 56.924203] [<c0292880>] ? sock_ioctl+0x0/0x280
[ 56.924235] [<c01a51d0>] vfs_ioctl+0x20/0x80
[ 56.924246] [<c01a53e2>] do_vfs_ioctl+0x72/0x570
[ 56.924257] [<c0293e62>] ? sys_send+0x32/0x40
[ 56.924268] [<c02947c0>] ? sys_socketcall+0x1d0/0x2a0
[ 56.924280] [<c010339f>] ? sysenter_exit+0xf/0x16
[ 56.924292] [<c01a5919>] sys_ioctl+0x39/0x70
[ 56.924302] [<c0103371>] sysenter_do_call+0x12/0x31
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
---
Why did not we see it before?
drivers/net/wireless/orinoco/orinoco.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/net/wireless/orinoco/orinoco.c
b/drivers/net/wireless/orinoco/orinoco.c
index c3bb85e..779ab10 100644
--- a/drivers/net/wireless/orinoco/orinoco.c
+++ b/drivers/net/wireless/orinoco/orinoco.c
@@ -5079,7 +5079,7 @@ static int orinoco_ioctl_set_genie(struct net_device
*dev,
return -EBUSY;
if (wrqu->data.length) {
- buf = kmalloc(wrqu->data.length, GFP_KERNEL);
+ buf = kmalloc(wrqu->data.length, GFP_ATOMIC);
if (buf == NULL) {
err = -ENOMEM;
goto out;
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Orinoco-devel] [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in orinoco_ioctl_set_genie
2009-01-17 15:22 [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in orinoco_ioctl_set_genie Andrey Borzenkov
@ 2009-01-19 3:16 ` Pavel Roskin
2009-01-20 17:26 ` Andrey Borzenkov
0 siblings, 1 reply; 4+ messages in thread
From: Pavel Roskin @ 2009-01-19 3:16 UTC (permalink / raw)
To: Andrey Borzenkov; +Cc: orinoco-devel, linux-wireless
On Sat, 2009-01-17 at 18:22 +0300, Andrey Borzenkov wrote:
> Subject: [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in
> orinoco_ioctl_set_genie
> From: Andrey Borzenkov <arvidjaar@mail.ru>
>
> kmalloc is called with interrupt disabled and may not sleep. This
> fixes this BUG:
Please move kmalloc before the lock. I don't see any reason to allocate
memory with irqs disabled. The contention happens later, when
priv->wpa_ie is freed and assigned a new value.
--
Regards,
Pavel Roskin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Orinoco-devel] [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in orinoco_ioctl_set_genie
2009-01-19 3:16 ` [Orinoco-devel] " Pavel Roskin
@ 2009-01-20 17:26 ` Andrey Borzenkov
2009-01-21 16:24 ` John W. Linville
0 siblings, 1 reply; 4+ messages in thread
From: Andrey Borzenkov @ 2009-01-20 17:26 UTC (permalink / raw)
To: Pavel Roskin; +Cc: orinoco-devel, linux-wireless
[-- Attachment #1: Type: text/plain, Size: 5095 bytes --]
On 19 января 2009 06:16:04 Pavel Roskin wrote:
> On Sat, 2009-01-17 at 18:22 +0300, Andrey Borzenkov wrote:
> > Subject: [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in
> > orinoco_ioctl_set_genie
> > From: Andrey Borzenkov <arvidjaar@mail.ru>
> >
> > kmalloc is called with interrupt disabled and may not sleep. This
> > fixes this BUG:
>
> Please move kmalloc before the lock. I don't see any reason to
> allocate memory with irqs disabled. The contention happens later,
> when priv->wpa_ie is freed and assigned a new value.
OK.
This looks like -stable candidate.
---
Subject: [PATCH] orinoco: move kmalloc(..., GFP_KERNEL) outside spinlock in
orinoco_ioctl_set_genie
From: Andrey Borzenkov <arvidjaar@mail.ru>
As pointed out by Pavel Roskin, it need not be in critical section. Move
it outside of spinlock. This fixes this BUG:
[ 56.923623] BUG: sleeping function called from invalid context at
/home/bor/src/linux-git/mm/slub.c:1599
[ 56.923644] in_atomic(): 0, irqs_disabled(): 1, pid: 3031, name:
wpa_supplicant
[ 56.923656] 2 locks held by wpa_supplicant/3031:
[ 56.923662] #0: (rtnl_mutex){--..}, at: [<c02abd1f>] rtnl_lock+0xf/0x20
[ 56.923703] #1: (&priv->lock){++..}, at: [<dfc840c2>]
orinoco_ioctl_set_genie+0x52/0x130 [orinoco]
[ 56.923782] irq event stamp: 910
[ 56.923788] hardirqs last enabled at (909): [<c01957db>]
__kmalloc+0x7b/0x140
[ 56.923820] hardirqs last disabled at (910): [<c0309419>]
_spin_lock_irqsave+0x19/0x80
[ 56.923847] softirqs last enabled at (880): [<c0124f54>]
__do_softirq+0xc4/0x110
[ 56.923865] softirqs last disabled at (871): [<c01049ae>]
do_softirq+0x8e/0xe0
[ 56.923895] Pid: 3031, comm: wpa_supplicant Not tainted 2.6.29-rc2-1avb
#1
[ 56.923905] Call Trace:
[ 56.923919] [<c01049ae>] ? do_softirq+0x8e/0xe0
[ 56.923941] [<c011ad12>] __might_sleep+0xd2/0x100
[ 56.923952] [<c0195837>] __kmalloc+0xd7/0x140
[ 56.923963] [<c030946a>] ? _spin_lock_irqsave+0x6a/0x80
[ 56.923981] [<dfc840e9>] ? orinoco_ioctl_set_genie+0x79/0x130 [orinoco]
[ 56.923999] [<dfc840c2>] ? orinoco_ioctl_set_genie+0x52/0x130 [orinoco]
[ 56.924017] [<dfc840e9>] orinoco_ioctl_set_genie+0x79/0x130 [orinoco]
[ 56.924036] [<c0209325>] ? copy_from_user+0x35/0x130
[ 56.924061] [<c02ffd96>] ioctl_standard_call+0x196/0x380
[ 56.924085] [<c029f945>] ? __dev_get_by_name+0x85/0xb0
[ 56.924096] [<c02ff88f>] wext_handle_ioctl+0x14f/0x230
[ 56.924113] [<dfc84070>] ? orinoco_ioctl_set_genie+0x0/0x130 [orinoco]
[ 56.924132] [<c02a3da5>] dev_ioctl+0x495/0x570
[ 56.924155] [<c0293e05>] ? sys_sendto+0xa5/0xd0
[ 56.924171] [<c0142fe8>] ? mark_held_locks+0x48/0x90
[ 56.924183] [<c0292880>] ? sock_ioctl+0x0/0x280
[ 56.924193] [<c029297d>] sock_ioctl+0xfd/0x280
[ 56.924203] [<c0292880>] ? sock_ioctl+0x0/0x280
[ 56.924235] [<c01a51d0>] vfs_ioctl+0x20/0x80
[ 56.924246] [<c01a53e2>] do_vfs_ioctl+0x72/0x570
[ 56.924257] [<c0293e62>] ? sys_send+0x32/0x40
[ 56.924268] [<c02947c0>] ? sys_socketcall+0x1d0/0x2a0
[ 56.924280] [<c010339f>] ? sysenter_exit+0xf/0x16
[ 56.924292] [<c01a5919>] sys_ioctl+0x39/0x70
[ 56.924302] [<c0103371>] sysenter_do_call+0x12/0x31
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
---
drivers/net/wireless/orinoco/orinoco.c | 30
+++++++++++++-----------------
1 files changed, 13 insertions(+), 17 deletions(-)
diff --git a/drivers/net/wireless/orinoco/orinoco.c
b/drivers/net/wireless/orinoco/orinoco.c
index c3bb85e..39eab39 100644
--- a/drivers/net/wireless/orinoco/orinoco.c
+++ b/drivers/net/wireless/orinoco/orinoco.c
@@ -5068,33 +5068,30 @@ static int orinoco_ioctl_set_genie(struct net_device
*dev,
struct orinoco_private *priv = netdev_priv(dev);
u8 *buf;
unsigned long flags;
- int err = 0;
/* cut off at IEEE80211_MAX_DATA_LEN */
if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
(wrqu->data.length && (extra == NULL)))
return -EINVAL;
- if (orinoco_lock(priv, &flags) != 0)
- return -EBUSY;
-
if (wrqu->data.length) {
buf = kmalloc(wrqu->data.length, GFP_KERNEL);
- if (buf == NULL) {
- err = -ENOMEM;
- goto out;
- }
+ if (buf == NULL)
+ return -ENOMEM;
memcpy(buf, extra, wrqu->data.length);
- kfree(priv->wpa_ie);
- priv->wpa_ie = buf;
- priv->wpa_ie_len = wrqu->data.length;
- } else {
- kfree(priv->wpa_ie);
- priv->wpa_ie = NULL;
- priv->wpa_ie_len = 0;
+ } else
+ buf = NULL;
+
+ if (orinoco_lock(priv, &flags) != 0) {
+ kfree(buf);
+ return -EBUSY;
}
+ kfree(priv->wpa_ie);
+ priv->wpa_ie = buf;
+ priv->wpa_ie_len = wrqu->data.length;
+
if (priv->wpa_ie) {
/* Looks like wl_lkm wants to check the auth alg, and
* somehow pass it to the firmware.
@@ -5103,9 +5100,8 @@ static int orinoco_ioctl_set_genie(struct net_device
*dev,
*/
}
-out:
orinoco_unlock(priv, &flags);
- return err;
+ return 0;
}
static int orinoco_ioctl_get_genie(struct net_device *dev,
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Orinoco-devel] [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in orinoco_ioctl_set_genie
2009-01-20 17:26 ` Andrey Borzenkov
@ 2009-01-21 16:24 ` John W. Linville
0 siblings, 0 replies; 4+ messages in thread
From: John W. Linville @ 2009-01-21 16:24 UTC (permalink / raw)
To: Andrey Borzenkov; +Cc: Pavel Roskin, orinoco-devel, linux-wireless
On Tue, Jan 20, 2009 at 08:26:46PM +0300, Andrey Borzenkov wrote:
> On 19 =D1=8F=D0=BD=D0=B2=D0=B0=D1=80=D1=8F 2009 06:16:04 Pavel Roskin=
wrote:
> > On Sat, 2009-01-17 at 18:22 +0300, Andrey Borzenkov wrote:
> > > Subject: [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc =
in
> > > orinoco_ioctl_set_genie
> > > From: Andrey Borzenkov <arvidjaar@mail.ru>
> > >
> > > kmalloc is called with interrupt disabled and may not sleep. This
> > > fixes this BUG:
> >
> > Please move kmalloc before the lock. I don't see any reason to
> > allocate memory with irqs disabled. The contention happens later,
> > when priv->wpa_ie is freed and assigned a new value.
>=20
> OK.
>=20
> This looks like -stable candidate.
Just FYI, the best way to indicate is to add a line like this after
your Signed-off-by:
Cc: stable@kernel.org
I'll take care of this one.
Thanks,
John
--=20
John W. Linville Someday the world will need a hero, and you
linville@tuxdriver.com might be all we have. Be ready.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-01-21 16:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-17 15:22 [PATCH] [2.6.29-rc2] orinoco: use GFP_ATOMIC in kmalloc in orinoco_ioctl_set_genie Andrey Borzenkov
2009-01-19 3:16 ` [Orinoco-devel] " Pavel Roskin
2009-01-20 17:26 ` Andrey Borzenkov
2009-01-21 16:24 ` John W. Linville
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).