Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751755AbdFEIaR (ORCPT ); Mon, 5 Jun 2017 04:30:17 -0400 Received: from mail-qt0-f194.google.com ([209.85.216.194]:36679 "EHLO mail-qt0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751699AbdFEIaP (ORCPT ); Mon, 5 Jun 2017 04:30:15 -0400 MIME-Version: 1.0 In-Reply-To: <1496648342-906-1-git-send-email-baijiaju1990@163.com> References: <1496648342-906-1-git-send-email-baijiaju1990@163.com> From: Moni Shoua Date: Mon, 5 Jun 2017 11:30:14 +0300 X-Google-Sender-Auth: 7iFES01HOUvIuGKlF-CiqHDh7To Message-ID: Subject: Re: [PATCH V3] rxe: Fix a sleep-in-atomic bug in post_one_send To: Jia-Ju Bai Cc: yuval.shaia@oracle.com, Sean Hefty , Doug Ledford , Hal Rosenstock , Leon Romanovsky , linux-rdma , Linux Kernel Mailinglist Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 779 Lines: 13 > - if (qp->is_user && copy_from_user(p, (__user void *) > - (uintptr_t)sge->addr, sge->length)) > + spin_unlock_irqrestore(&qp->sq.sq_lock, *flags); > + err = copy_from_user(p, (__user void *) > + (uintptr_t)sge->addr, sge->length); > + spin_lock_irqsave(&qp->sq.sq_lock, *flags); > + if (qp->is_user && err) > return -EFAULT; qp-_is_user is always false in this function (flow starts from rxe_post_send_kernel) so this line is a dead code In fact, this patch seems to add a serious bug when it uses copy_from_user() from a non user pointer. Do you agree?