From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751843AbeAZMF1 (ORCPT ); Fri, 26 Jan 2018 07:05:27 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:36722 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751765AbeAZMF0 (ORCPT ); Fri, 26 Jan 2018 07:05:26 -0500 Date: Fri, 26 Jan 2018 12:05:22 +0000 From: Al Viro To: Jia-Ju Bai Cc: 3chas3@gmail.com, linux-atm-general@lists.sourceforge.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] atm: firestream: Replace GFP_ATOMIC with GFP_KERNEL in fs_send Message-ID: <20180126120522.GX13338@ZenIV.linux.org.uk> References: <1516953627-30983-1-git-send-email-baijiaju1990@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1516953627-30983-1-git-send-email-baijiaju1990@gmail.com> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 26, 2018 at 04:00:27PM +0800, Jia-Ju Bai wrote: > After checking all possible call chains to fs_send() here, > my tool finds that fs_send() is never called in atomic context. > And this function is assigned to a function pointer "dev->ops->send", > which is only called by vcc_sendmsg() (net/atm/common.c) > through vcc->dev->ops->send(), and vcc_sendmsg() calls schedule(), > it indicates that fs_send() can call functions which may sleep. > Thus GFP_ATOMIC is not necessary, and it can be replaced with GFP_KERNEL. > > This is found by a static analysis tool named DCNS written by myself. The trouble is, places like net/atm/raw.c:65: vcc->send = atm_send_aal0; net/atm/raw.c:74: vcc->send = vcc->dev->ops->send; net/atm/raw.c:83: vcc->send = vcc->dev->ops->send; mean extra call chains. It's *not* just vcc_sendmsg(), and e.g. ret = ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb) ? DROP_PACKET : 1; bh_unlock_sock(sk_atm(vcc)); in pppoatm_send() definitely is called under a spinlock. Looking through the driver (in advanced bitrot, as usual for drivers/atm), I'd say that submit_queue() is fucked in head in the "queue full" case. And judging by the history, had been thus since the original merge...