From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vincent Pelletier <plr.vincent@gmail.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>
Subject: [PATCH 4.9 19/27] usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
Date: Fri, 15 Dec 2017 10:52:02 +0100 [thread overview]
Message-ID: <20171215092258.904220389@linuxfoundation.org> (raw)
In-Reply-To: <20171215092257.674368056@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vincent Pelletier <plr.vincent@gmail.com>
commit 30bf90ccdec1da9c8198b161ecbff39ce4e5a9ba upstream.
Found using DEBUG_ATOMIC_SLEEP while submitting an AIO read operation:
[ 100.853642] BUG: sleeping function called from invalid context at mm/slab.h:421
[ 100.861148] in_atomic(): 1, irqs_disabled(): 1, pid: 1880, name: python
[ 100.867954] 2 locks held by python/1880:
[ 100.867961] #0: (&epfile->mutex){....}, at: [<f8188627>] ffs_mutex_lock+0x27/0x30 [usb_f_fs]
[ 100.868020] #1: (&(&ffs->eps_lock)->rlock){....}, at: [<f818ad4b>] ffs_epfile_io.isra.17+0x24b/0x590 [usb_f_fs]
[ 100.868076] CPU: 1 PID: 1880 Comm: python Not tainted 4.14.0-edison+ #118
[ 100.868085] Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
[ 100.868093] Call Trace:
[ 100.868122] dump_stack+0x47/0x62
[ 100.868156] ___might_sleep+0xfd/0x110
[ 100.868182] __might_sleep+0x68/0x70
[ 100.868217] kmem_cache_alloc_trace+0x4b/0x200
[ 100.868248] ? dwc3_gadget_ep_alloc_request+0x24/0xe0 [dwc3]
[ 100.868302] dwc3_gadget_ep_alloc_request+0x24/0xe0 [dwc3]
[ 100.868343] usb_ep_alloc_request+0x16/0xc0 [udc_core]
[ 100.868386] ffs_epfile_io.isra.17+0x444/0x590 [usb_f_fs]
[ 100.868424] ? _raw_spin_unlock_irqrestore+0x27/0x40
[ 100.868457] ? kiocb_set_cancel_fn+0x57/0x60
[ 100.868477] ? ffs_ep0_poll+0xc0/0xc0 [usb_f_fs]
[ 100.868512] ffs_epfile_read_iter+0xfe/0x157 [usb_f_fs]
[ 100.868551] ? security_file_permission+0x9c/0xd0
[ 100.868587] ? rw_verify_area+0xac/0x120
[ 100.868633] aio_read+0x9d/0x100
[ 100.868692] ? __fget+0xa2/0xd0
[ 100.868727] ? __might_sleep+0x68/0x70
[ 100.868763] SyS_io_submit+0x471/0x680
[ 100.868878] do_int80_syscall_32+0x4e/0xd0
[ 100.868921] entry_INT80_32+0x2a/0x2a
[ 100.868932] EIP: 0xb7fbb676
[ 100.868941] EFLAGS: 00000292 CPU: 1
[ 100.868951] EAX: ffffffda EBX: b7aa2000 ECX: 00000002 EDX: b7af8368
[ 100.868961] ESI: b7fbb660 EDI: b7aab000 EBP: bfb6c658 ESP: bfb6c638
[ 100.868973] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1015,7 +1015,7 @@ static ssize_t ffs_epfile_io(struct file
else
ret = ep->status;
goto error_mutex;
- } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_KERNEL))) {
+ } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
ret = -ENOMEM;
} else {
req->buf = data;
next prev parent reply other threads:[~2017-12-15 9:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-15 9:51 [PATCH 4.9 00/27] 4.9.70-stable review Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 02/27] s390/qeth: fix early exit from error path Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 03/27] tipc: fix memory leak in tipc_accept_from_sock() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 05/27] sit: update frag_off info Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 06/27] packet: fix crash in fanout_demux_rollover() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 07/27] net/packet: fix a race in packet_bind() and packet_notifier() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 10/27] stmmac: reset last TSO segment size after device open Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 12/27] s390/qeth: build max size GSO skbs on L2 devices Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 13/27] s390/qeth: fix GSO throughput regression Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 14/27] s390/qeth: fix thinko in IPv4 multicast address tracking Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 15/27] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.9 16/27] Fix handling of verdicts after NF_QUEUE Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 17/27] ipmi: Stop timers before cleaning up the module Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 18/27] s390: always save and restore all registers on context switch Greg Kroah-Hartman
2017-12-15 9:52 ` Greg Kroah-Hartman [this message]
2017-12-15 9:52 ` [PATCH 4.9 20/27] fix kcm_clone() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 21/27] KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 22/27] powerpc/64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 23/27] kbuild: do not call cc-option before KBUILD_CFLAGS initialization Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 24/27] ipvlan: fix ipv6 outbound device Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 25/27] audit: ensure that audit=1 actually enables audit for PID 1 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 26/27] md: free unused memory after bitmap resize Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.9 27/27] RDMA/cxgb4: Annotate r2 and stag as __be32 Greg Kroah-Hartman
2017-12-15 17:40 ` [PATCH 4.9 00/27] 4.9.70-stable review Guenter Roeck
2017-12-15 21:12 ` Shuah Khan
2017-12-16 5:55 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171215092258.904220389@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=felipe.balbi@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=plr.vincent@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).