Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1095737imm; Sun, 2 Sep 2018 09:32:28 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb3ccEI7bFhUwpXb+O1cyClHnHELIfOhfmc+fMEzveXxVjQgc0UEqbc+ZTWlwX13j43S6Wj X-Received: by 2002:a62:4704:: with SMTP id u4-v6mr25837077pfa.76.1535905948834; Sun, 02 Sep 2018 09:32:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535905948; cv=none; d=google.com; s=arc-20160816; b=DlxuyGZEp1r23XwaEHbE/XWq+yUv1E+ptVyKpEzytmzD6tSZ3rfRzKf6C+cL3N0eq/ iJyAros58xox2EsC/BYtWay2y4hrIGgoGsvY6vwP6wrleNiSJ/nPK7a5SAcgQ0MwRpJ8 ouZaYHxoqtLblReQe0qrvF4mbr4/EefazIGvfTJKdLjlvDqd6pWtdt1C4UIiWbVduGep yfyNwu+quN9JptciqSeFK22OUERUQIpi/2/knpY59t605921jLOSYWxMqf2plM/g2Okr 6Lrzc4rAhf7CfUuLQSvfOl3p9vc162c9ioAa4XhPEtf5doU0nMqxr2HvqzDP3/F2YHP9 qRvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=SnPwUUAzsvH5KDgVgTKqROgvriZKcJ3g2ioL19O3iSk=; b=vPdCSc1qTCCEjNllSa+WYLb2dtCwbreJczPWdlqFrKSfEKOVZSaq0zHsubcis6J89c 3yrrVE9CrNgJVHaCMdi0UjgjRqgJRq/UaPuYQRBM53j5FYjTtTAdDD1EtwgOJbVcpXFh Ms6GolOejRF/Df9qi20JLW/1Rvps9XaAF3u7DBzVZQ6+mrzmDsEw46jjIIGCZuzIko6g D7IPB4zgi8GbkR1CNODCr5WDczOyhqfSZAtQrjE8EUWbGEl5VCI8iK8tTaij1CHjgsPQ UmMHLrfnr2+fVyHM02m43Ki8eMY0HV/RagDjxwk6Lscu9BO9XJqOWFtPAn622JlgwbIl A3RQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 184-v6si15252451pgb.587.2018.09.02.09.32.14; Sun, 02 Sep 2018 09:32:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727049AbeIBUrb (ORCPT + 99 others); Sun, 2 Sep 2018 16:47:31 -0400 Received: from mout.kundenserver.de ([212.227.17.24]:40311 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726065AbeIBUrb (ORCPT ); Sun, 2 Sep 2018 16:47:31 -0400 Received: from mailone.linux-pingi.de ([84.176.100.82]) by mrelayeu.kundenserver.de (mreue101 [212.227.15.183]) with ESMTPSA (Nemesis) id 0M7sUy-1fjUfk3TlI-00vRtE; Sun, 02 Sep 2018 18:31:08 +0200 Received: from [10.23.200.0] (pingi.linux-pingi.de [10.23.200.0]) by mailone.linux-pingi.de (Postfix) with ESMTPSA id D801772005; Sun, 2 Sep 2018 18:31:59 +0200 (CEST) Subject: Re: [PATCH] isdn: mISDN: tei: Fix a sleep-in-atomic-context bug in create_teimgr() To: Jia-Ju Bai Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <20180901120019.31664-1-baijiaju1990@gmail.com> From: isdn@linux-pingi.de Message-ID: <3ecd32b2-81e5-038e-edc9-fd06d6e21851@linux-pingi.de> Date: Sun, 2 Sep 2018 18:31:07 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180901120019.31664-1-baijiaju1990@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:/rL/6r+2jH/8bTewqfByN2RSZiad6zbfJPT/a1SbnxYeM/gygNn Y0n+/SzY+p4+yuGYiNzM/bn99H5zsVTGG8/hPW6LgmxtSITolyIJSkXTqW5r81sDOS5AGPi C0w0ccP0VCuEyItiNwCrdajbkhg3DlLXWWitMuQHcdml7CwdEGJjDVIMu7jv0TaJaWJP1kE COlUYSJJgPhMjqov5D1pw== X-UI-Out-Filterresults: notjunk:1;V01:K0:am8LP3aVpyw=:hQf+X4OrTvQnP2RyFH70YX Yz3VYTPfLgmBpChh6KaY8VbS3kB6ZitcB3MtcQ59kzmit6872XhOpcxJsSD6EjjHSH/af1VO+ yqwuM7kUUvl9hP241sxwT324gDM7Z6HFMhsGp18aL/YZTv4K9CUxBQ7bBPB7rW0VAUnHm7YBq 6pZHSinxKQI6QpwxVG0m91NYqETE5IfZGE5VVS92ancnVJ1Lj9j2Xflpu4pKcmEubMJA+ZbVT l60nptKy76l5wGGx4htpPn6U+9ILu6q+YhAR+vKAy42uGlQXWSbsLI6MibOZW2xJSU7bPqS7P xc9lflT+l/qTvdMGkpG+lj7iqE73nF9UiyyAM2LlVKNvWnlO6TrBvNNV4Q/89gosv308Wtrz8 dGroqh2Jw7WHGZqx1MrpQhtZQK4XznOAhUrBvZdiuDwt9U1jHbWlptH9DLHkyM1xATx/AFK76 6fAhOxj7YguNa0inPjzmBS6AzwPBF1CIa9ZTJzc8qM/JpMcij6SsKdgRAcSwshdTKYY02qxVJ yQ2gK9ul8yfY6heNUZO5c9JTtw76a5dHym+soVfmjJ5YymKEOUtARm7EyRdSRbGqrcD20qcND eKBaF4wLKQC8+RAdBKa7lpjOR7aKEdxUA0QxJjmzJSBP5xEnYgGEW5OlusEfgkxwR6XYwYPVJ yMb8IJ1CtgROT/LfZaOJKGwsMO/dzBYbd+kpduSb7s5nxD2CTdbMEV0lt2hMpfqlrOzfMhKoE R1QIWRkqhR8Ur1d5 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I do not understand the analysis and do not see that the spinlock is a problem here. I think your DSAC analyzer assumes that the FUNC_PTR mgr_ctrl call calls the mgr_ctrl in tei.c, but in real it calls l2->ch.ctrl() which is the function in layer2.c, not tei.c. And the function in layer2.c should not do any GFP_KERNEL allocation. Same for your 2. reported issue. Am 01.09.2018 um 14:00 schrieb Jia-Ju Bai: > The kernel module may sleep with holding a spinlock. > > The function call paths (from bottom to top) in Linux-4.16 are: > > [FUNC] kzalloc(GFP_KERNEL) > drivers/isdn/mISDN/tei.c, 1058: kzalloc in create_teimgr > drivers/isdn/mISDN/tei.c, 1278: create_teimgr in mgr_ctrl > drivers/isdn/mISDN/tei.c, 1048: [FUNC_PTR]mgr_ctrl in create_teimgr > drivers/isdn/mISDN/tei.c, 1045: _raw_read_lock_irqsave in create_teimgr > > Note that [FUNC_PTR] means a function pointer call is used. > > To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC. > > This bug is found by my static analysis tool DSAC. > > Signed-off-by: Jia-Ju Bai > --- > drivers/isdn/mISDN/tei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/isdn/mISDN/tei.c b/drivers/isdn/mISDN/tei.c > index 12d9e5f4beb1..6d95ee639fdb 100644 > --- a/drivers/isdn/mISDN/tei.c > +++ b/drivers/isdn/mISDN/tei.c > @@ -1055,7 +1055,7 @@ create_teimgr(struct manager *mgr, struct channel_req *crq) > crq->adr.tei, crq->adr.sapi); > if (!l2) > return -ENOMEM; > - l2->tm = kzalloc(sizeof(struct teimgr), GFP_KERNEL); > + l2->tm = kzalloc(sizeof(struct teimgr), GFP_ATOMIC); > if (!l2->tm) { > kfree(l2); > printk(KERN_ERR "kmalloc teimgr failed\n"); >