From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jia-Ju Bai <baijiaju1990@gmail.com>,
Hans Verkuil <hans.verkuil@cisco.com>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Sasha Levin <sashal@kernel.org>,
linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 24/40] media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
Date: Sat, 9 Nov 2019 21:50:16 -0500 [thread overview]
Message-ID: <20191110025032.827-24-sashal@kernel.org> (raw)
In-Reply-To: <20191110025032.827-1-sashal@kernel.org>
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 8d11eb847de7d89c2754988c944d51a4f63e219b ]
The driver may sleep in a interrupt handler.
The function call paths (from bottom to top) in Linux-4.16 are:
[FUNC] kzalloc(GFP_KERNEL)
drivers/media/pci/ivtv/ivtv-yuv.c, 938:
kzalloc in ivtv_yuv_init
drivers/media/pci/ivtv/ivtv-yuv.c, 960:
ivtv_yuv_init in ivtv_yuv_next_free
drivers/media/pci/ivtv/ivtv-yuv.c, 1126:
ivtv_yuv_next_free in ivtv_yuv_setup_stream_frame
drivers/media/pci/ivtv/ivtv-irq.c, 827:
ivtv_yuv_setup_stream_frame in ivtv_irq_dec_data_req
drivers/media/pci/ivtv/ivtv-irq.c, 1013:
ivtv_irq_dec_data_req in ivtv_irq_handler
To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool DSAC.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/ivtv/ivtv-yuv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/ivtv/ivtv-yuv.c b/drivers/media/pci/ivtv/ivtv-yuv.c
index 9cd995f418e0f..1d67407ffbf62 100644
--- a/drivers/media/pci/ivtv/ivtv-yuv.c
+++ b/drivers/media/pci/ivtv/ivtv-yuv.c
@@ -936,7 +936,7 @@ static void ivtv_yuv_init(struct ivtv *itv)
}
/* We need a buffer for blanking when Y plane is offset - non-fatal if we can't get one */
- yi->blanking_ptr = kzalloc(720 * 16, GFP_KERNEL|__GFP_NOWARN);
+ yi->blanking_ptr = kzalloc(720 * 16, GFP_ATOMIC|__GFP_NOWARN);
if (yi->blanking_ptr) {
yi->blanking_dmaptr = pci_map_single(itv->pdev, yi->blanking_ptr, 720*16, PCI_DMA_TODEVICE);
} else {
--
2.20.1
next prev parent reply other threads:[~2019-11-10 2:52 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-10 2:49 [PATCH AUTOSEL 4.4 01/40] s390/qeth: invoke softirqs after napi_schedule() Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 02/40] PCI/ACPI: Correct error message for ASPM disabling Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 03/40] serial: mxs-auart: Fix potential infinite loop Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 04/40] powerpc/iommu: Avoid derefence before pointer check Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 05/40] powerpc/64s/hash: Fix stab_rr off by one initialization Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 06/40] powerpc/pseries: Disable CPU hotplug across migrations Sasha Levin
2019-11-10 2:49 ` [PATCH AUTOSEL 4.4 07/40] libfdt: Ensure INT_MAX is defined in libfdt_env.h Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 08/40] power: supply: twl4030_charger: fix charging current out-of-bounds Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 09/40] power: supply: twl4030_charger: disable eoc interrupt on linear charge Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 10/40] net: toshiba: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 11/40] net: xilinx: " Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 12/40] net: broadcom: " Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 13/40] net: amd: " Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 14/40] usb: chipidea: Fix otg event handler Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 15/40] ARM: dts: am335x-evm: fix number of cpsw Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 16/40] ARM: dts: ux500: Correct SCU unit address Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 17/40] ARM: dts: ux500: Fix LCDA clock line muxing Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 18/40] ARM: dts: ste: Fix SPI controller node names Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 19/40] cpufeature: avoid warning when compiling with clang Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 20/40] bnx2x: Ignore bandwidth attention in single function mode Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 21/40] net: micrel: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 22/40] x86/CPU: Use correct macros for Cyrix calls Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 23/40] MIPS: kexec: Relax memory restriction Sasha Levin
2019-11-10 2:50 ` Sasha Levin [this message]
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 25/40] media: davinci: Fix implicit enum conversion warning Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 26/40] usb: gadget: uvc: configfs: Drop leaked references to config items Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 27/40] usb: gadget: uvc: configfs: Prevent format changes after linking header Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 28/40] usb: gadget: uvc: Factor out video USB request queueing Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 29/40] usb: gadget: uvc: Only halt video streaming endpoint in bulk mode Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 30/40] misc: kgdbts: Fix restrict error Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 31/40] misc: genwqe: should return proper error value Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 32/40] vfio/pci: Fix potential memory leak in vfio_msi_cap_len Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 33/40] scsi: libsas: always unregister the old device if going to discover new Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 34/40] ARM: dts: tegra30: fix xcvr-setup-use-fuses Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 35/40] ARM: tegra: apalis_t30: fix mmc1 cmd pull-up Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 36/40] net: smsc: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 37/40] EDAC: Raise the maximum number of memory controllers Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 38/40] Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 39/40] arm64: dts: amd: Fix SPI bus warnings Sasha Levin
2019-11-10 2:50 ` [PATCH AUTOSEL 4.4 40/40] fuse: use READ_ONCE on congestion_threshold and max_background Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191110025032.827-24-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=baijiaju1990@gmail.com \
--cc=hans.verkuil@cisco.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab+samsung@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox