Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1510094imm;
        Wed, 20 Jun 2018 20:34:22 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLePsqZINIfGaWWTUfFnvkW15MaVXXpjv4zcGCPuyRCoq/x5Q9x64Sy1nvvKCLjKhdYKaSN
X-Received: by 2002:a62:469d:: with SMTP id o29-v6mr25388656pfi.80.1529552062668;
        Wed, 20 Jun 2018 20:34:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1529552062; cv=none;
        d=google.com; s=arc-20160816;
        b=Cr+v1lmT6eVuhtp8q6Oz4ZemdlC2m74Im3u3U5Qn1RpUMMoCieIsKzD/9i8Yw66jOz
         j8ZM+00Eh1MSs6beyD2EOmHI9Jg/3eeVNwA74CRCsXTF1lHDDxkPlH5Srh47+RGQLH9s
         VNo0mrBotYZOvxcHtSz7sk7CUGAv136wCRGiRUG0sNY9VxHelfyMpjxobJufrdVMQPXR
         60FrOY8PPBU0r0ulSOIQlP4xKIPEZBZaeW1slMzfxv8fz5r7T5BwEoKMw1RYXEWdp6s6
         7sKuUkPyok1/TkVc3Q96nh0UZU4z9MXOSqdmpfEFP7PJex5HMr/ImLzfNaW7DQ2NKjS2
         FNKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=VTMjmXWbd8FJYzPPYIiiGX92oEn31IRxL3XHJIyvM28=;
        b=vDYti1eCe/QpSF5wS1rQO5b5Lxxi8QMqmvGv4b2G3oX+i1qpPoj4k1vbcXZHs0z0w0
         M4FekMMgz1jnZsZmcMsiP4I6EwFBmcXxVTfD6XIcEoFFtsvmWZGqrWcAFNx23PsmwKuG
         J62KjgFr/XtTEXP0Znltg4zMfL32sgWoTqyjPGrO2VDhB1a37H6pXh540HB8ENuupD79
         ra7eqBgd7b+aQySz90RemAJca0VY0vr9UOxCNzLVOZHOorlUn+jz1JRv59Se2/cwSAEr
         PJT5+//W3LibHt7caTq7dY5a/gqPnSNeBQFFgh9mjoEpMx32z+N63FukVp5ff8dXXo6C
         OkpQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=IJUMC71V;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a24-v6si2958525pgw.213.2018.06.20.20.33.56;
        Wed, 20 Jun 2018 20:34:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=IJUMC71V;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754269AbeFUDc4 (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Wed, 20 Jun 2018 23:32:56 -0400
Received: from mail-pg0-f66.google.com ([74.125.83.66]:40536 "EHLO
        mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754071AbeFUDcy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 20 Jun 2018 23:32:54 -0400
Received: by mail-pg0-f66.google.com with SMTP id w8-v6so740983pgp.7;
        Wed, 20 Jun 2018 20:32:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=VTMjmXWbd8FJYzPPYIiiGX92oEn31IRxL3XHJIyvM28=;
        b=IJUMC71V47oeq67T7EuHJmGJagX8h6koDAhL3cQFO8FTZ5CfDUgXqN0RXFP8gvhLlG
         e9fHAyJWUiC1rt/Jwsq5yOvjlSrK6+4SGiHGo+cJQpVrW4rb7uYIj5SmdppoYItIrOu/
         vONolksA12tx6I56IgL21raJbimzcUcqVEr1e29tRMwkZzg/p8CoUtnjllTkyc2/r/uk
         G0Ed7ofWsAv9M+KcFJri/ovOxTifLzCyMfrKWSS5PTnKDhWSKXK0yQcHgyJ9nCafJkqw
         JdD2Bjca3d1HHRU2/Ur6st8uDyMmKCE+R99nv9DvB6lXX7myRg7RdRm1FiyVs6LZOYc6
         DKug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=VTMjmXWbd8FJYzPPYIiiGX92oEn31IRxL3XHJIyvM28=;
        b=Li+No2iI2YFPc0WFiNVobw0DOfiyX7E1YAxDD4MKKn1+0faLjaquCd4VVI4JB2QaPp
         cuAbVBsI5jP7zW9SOFCmPqI7SZpNLVzzXhO97168XzGLN523ZgoWh0Dzgr+JIC02y+ir
         amr/+WIqbRBTuYjjsNsOUUqlvxmgEAtGnfNHp1/XUK5mJhEHLI1ufU2Rlx+W/g1+FC41
         g/ul32IjjrHYB78+7QxpC3m9NH9c+0mS+FFXzrx+ubFpO3PRfEbF6BecSl7ve3+uwXN9
         vFC7t2S/4EArXlloJi1BVKxdDf3xnXpUD0fW0I0+8/J7tK9rZW7fZIW6V9AJ53oXhDps
         sE+A==
X-Gm-Message-State: APt69E2mDr2qhkjSMVnStd67ALq2qYdhr3g5/cUAnIYJ+rhCDGeP6ATh
        kvkpl8cR9gisuN9Q4hZv1DU=
X-Received: by 2002:a62:3f4f:: with SMTP id m76-v6mr25593201pfa.109.1529551974002;
        Wed, 20 Jun 2018 20:32:54 -0700 (PDT)
Received: from oslab.tsinghua.edu.cn ([2402:f000:1:4413:35c0:9e91:c7fc:672])
        by smtp.gmail.com with ESMTPSA id s68-v6sm8642335pfi.85.2018.06.20.20.32.51
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 20 Jun 2018 20:32:53 -0700 (PDT)
From:   Jia-Ju Bai <baijiaju1990@gmail.com>
To:     paul@paul-moore.com, eparis@redhat.com, jack@suse.cz,
        amir73il@gmail.com
Cc:     linux-audit@redhat.com, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: [PATCH] kernel: audit_tree: Fix a sleep-in-atomic-context bug
Date:   Thu, 21 Jun 2018 11:32:45 +0800
Message-Id: <20180621033245.10754-1-baijiaju1990@gmail.com>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The kernel may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16.7 are:

[FUNC] kmem_cache_alloc(GFP_KERNEL)
fs/notify/mark.c, 439: 
		kmem_cache_alloc in fsnotify_attach_connector_to_object
fs/notify/mark.c, 520: 
		fsnotify_attach_connector_to_object in fsnotify_add_mark_list
fs/notify/mark.c, 590: 
		fsnotify_add_mark_list in fsnotify_add_mark_locked
kernel/audit_tree.c, 437: 
		fsnotify_add_mark_locked in tag_chunk
kernel/audit_tree.c, 423: 
		spin_lock in tag_chunk

[FUNC] kmem_cache_alloc(GFP_KERNEL)
fs/notify/mark.c, 439: 
		kmem_cache_alloc in fsnotify_attach_connector_to_object
fs/notify/mark.c, 520: 
		fsnotify_attach_connector_to_object in fsnotify_add_mark_list
fs/notify/mark.c, 590: 
		fsnotify_add_mark_list in fsnotify_add_mark_locked
kernel/audit_tree.c, 291: 
		fsnotify_add_mark_locked in untag_chunk
kernel/audit_tree.c, 258: 
		spin_lock in untag_chunk

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool (DSAC-2) and checked by my
code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 fs/notify/mark.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index e9191b416434..c664853b8585 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -436,7 +436,7 @@ static int fsnotify_attach_connector_to_object(
 {
 	struct fsnotify_mark_connector *conn;
 
-	conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_KERNEL);
+	conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_ATOMIC);
 	if (!conn)
 		return -ENOMEM;
 	spin_lock_init(&conn->lock);
-- 
2.17.0