From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vincent Pelletier <plr.vincent@gmail.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>
Subject: [PATCH 4.14 35/52] usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
Date: Fri, 15 Dec 2017 10:52:12 +0100 [thread overview]
Message-ID: <20171215092310.473070715@linuxfoundation.org> (raw)
In-Reply-To: <20171215092308.500651185@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vincent Pelletier <plr.vincent@gmail.com>
commit 30bf90ccdec1da9c8198b161ecbff39ce4e5a9ba upstream.
Found using DEBUG_ATOMIC_SLEEP while submitting an AIO read operation:
[ 100.853642] BUG: sleeping function called from invalid context at mm/slab.h:421
[ 100.861148] in_atomic(): 1, irqs_disabled(): 1, pid: 1880, name: python
[ 100.867954] 2 locks held by python/1880:
[ 100.867961] #0: (&epfile->mutex){....}, at: [<f8188627>] ffs_mutex_lock+0x27/0x30 [usb_f_fs]
[ 100.868020] #1: (&(&ffs->eps_lock)->rlock){....}, at: [<f818ad4b>] ffs_epfile_io.isra.17+0x24b/0x590 [usb_f_fs]
[ 100.868076] CPU: 1 PID: 1880 Comm: python Not tainted 4.14.0-edison+ #118
[ 100.868085] Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
[ 100.868093] Call Trace:
[ 100.868122] dump_stack+0x47/0x62
[ 100.868156] ___might_sleep+0xfd/0x110
[ 100.868182] __might_sleep+0x68/0x70
[ 100.868217] kmem_cache_alloc_trace+0x4b/0x200
[ 100.868248] ? dwc3_gadget_ep_alloc_request+0x24/0xe0 [dwc3]
[ 100.868302] dwc3_gadget_ep_alloc_request+0x24/0xe0 [dwc3]
[ 100.868343] usb_ep_alloc_request+0x16/0xc0 [udc_core]
[ 100.868386] ffs_epfile_io.isra.17+0x444/0x590 [usb_f_fs]
[ 100.868424] ? _raw_spin_unlock_irqrestore+0x27/0x40
[ 100.868457] ? kiocb_set_cancel_fn+0x57/0x60
[ 100.868477] ? ffs_ep0_poll+0xc0/0xc0 [usb_f_fs]
[ 100.868512] ffs_epfile_read_iter+0xfe/0x157 [usb_f_fs]
[ 100.868551] ? security_file_permission+0x9c/0xd0
[ 100.868587] ? rw_verify_area+0xac/0x120
[ 100.868633] aio_read+0x9d/0x100
[ 100.868692] ? __fget+0xa2/0xd0
[ 100.868727] ? __might_sleep+0x68/0x70
[ 100.868763] SyS_io_submit+0x471/0x680
[ 100.868878] do_int80_syscall_32+0x4e/0xd0
[ 100.868921] entry_INT80_32+0x2a/0x2a
[ 100.868932] EIP: 0xb7fbb676
[ 100.868941] EFLAGS: 00000292 CPU: 1
[ 100.868951] EAX: ffffffda EBX: b7aa2000 ECX: 00000002 EDX: b7af8368
[ 100.868961] ESI: b7fbb660 EDI: b7aab000 EBP: bfb6c658 ESP: bfb6c638
[ 100.868973] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1016,7 +1016,7 @@ static ssize_t ffs_epfile_io(struct file
else
ret = ep->status;
goto error_mutex;
- } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_KERNEL))) {
+ } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
ret = -ENOMEM;
} else {
req->buf = data;
next prev parent reply other threads:[~2017-12-15 9:55 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-15 9:51 [PATCH 4.14 00/52] 4.14.7-stable review Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 02/52] net: thunderx: Fix TCP/UDP checksum offload for IPv6 pkts Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 03/52] net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 05/52] s390/qeth: fix early exit from error path Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 06/52] tipc: fix memory leak in tipc_accept_from_sock() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 07/52] vhost: fix skb leak in handle_rx() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 09/52] sit: update frag_off info Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 10/52] tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 11/52] packet: fix crash in fanout_demux_rollover() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 12/52] net/packet: fix a race in packet_bind() and packet_notifier() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 13/52] tcp: remove buggy call to tcp_v6_restore_cb() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 16/52] stmmac: reset last TSO segment size after device open Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 18/52] s390/qeth: build max size GSO skbs on L2 devices Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 19/52] s390/qeth: fix thinko in IPv4 multicast address tracking Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 20/52] s390/qeth: fix GSO throughput regression Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 21/52] tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 22/52] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 23/52] tcp: use current time in tcp_rcv_space_adjust() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 24/52] net: sched: cbq: create block for q->link.block Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 25/52] tap: free skb if flags error Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 26/52] tcp: when scheduling TLP, time of RTO should account for current ACK Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 27/52] tun: free skb in early errors Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 28/52] net: ipv6: Fixup device for anycast routes during copy Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 29/52] tun: fix rcu_read_lock imbalance in tun_build_skb Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 30/52] net: accept UFO datagrams from tuntap and packet Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 31/52] net: openvswitch: datapath: fix data type in queue_gso_packets Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 32/52] cls_bpf: dont decrement nets refcount when offload fails Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 33/52] sctp: use right member as the param of list_for_each_entry Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 34/52] ipmi: Stop timers before cleaning up the module Greg Kroah-Hartman
2017-12-15 9:52 ` Greg Kroah-Hartman [this message]
2017-12-15 9:52 ` [PATCH 4.14 36/52] fcntl: dont cap l_start and l_end values for F_GETLK64 in compat syscall Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 37/52] fix kcm_clone() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 38/52] KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 39/52] kbuild: do not call cc-option before KBUILD_CFLAGS initialization Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 40/52] powerpc/powernv/idle: Round up latency and residency values Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 41/52] ipvlan: fix ipv6 outbound device Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 42/52] ide: ide-atapi: fix compile error with defining macro DEBUG Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 43/52] blk-mq: Avoid that request queue removal can trigger list corruption Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 44/52] nvmet-rdma: update queue list during ib_device removal Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 45/52] audit: Allow auditd to set pid to 0 to end auditing Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 46/52] audit: ensure that audit=1 actually enables audit for PID 1 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 47/52] dm raid: fix panic when attempting to force a raid to sync Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 48/52] md: free unused memory after bitmap resize Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 49/52] RDMA/cxgb4: Annotate r2 and stag as __be32 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 50/52] x86/intel_rdt: Fix potential deadlock during resctrl unmount Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 51/52] media: dvb-core: always call invoke_release() in fe_free() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 52/52] dvb_frontend: dont use-after-free the frontend struct Greg Kroah-Hartman
2017-12-15 10:09 ` [PATCH 4.14 00/52] 4.14.7-stable review Nikola Ciprich
2017-12-15 13:07 ` Greg Kroah-Hartman
2017-12-15 17:41 ` Guenter Roeck
2017-12-15 18:27 ` Greg Kroah-Hartman
2017-12-15 21:12 ` Shuah Khan
2017-12-15 21:32 ` Greg Kroah-Hartman
2017-12-16 5:28 ` Naresh Kamboju
2017-12-16 8:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171215092310.473070715@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=felipe.balbi@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=plr.vincent@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).