Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2979533imu;
        Sun, 9 Dec 2018 14:10:45 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UlcwMuTuA36e1mvfbLp1lXUvNv9hS6U3u76VmDtr6JgCsGw1mVHPzoAbL29du3qXb/+RXz
X-Received: by 2002:a63:e950:: with SMTP id q16mr8827427pgj.138.1544393445829;
        Sun, 09 Dec 2018 14:10:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544393445; cv=none;
        d=google.com; s=arc-20160816;
        b=MW8X8uiDAeZEadLfnaZZVrlQU7e0wJfQN1ofSn1cICk6vHhBl/GF7t5R4hzF6IhfE1
         Qtm+CXpAcKnGbDjo4TFTEF4WgWtJqlDSm5fsJYeXJIaG+/Q3+bAaHcThdfm3UKd1W5/c
         WMftdn6lHpznvprTI6arDlm/Vm0NsWdnMHhoslm2+wsLKUQleHNCTS5kkkRwfHZNGUDl
         5Mcq9VFrGo84z5OL0ThPDbzmjW3oBS40hG76mL4fSTgXHtuPc/d6hfdwRc2Gnee1gxI8
         shVov300kpxb9DTwSZ6pC1Gl9qhPVyqR78YX6EFKkQV05rtAMWXYNMWTwwH2bi+0q6P1
         WasA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to
         :from:mime-version:content-transfer-encoding:content-disposition;
        bh=pOoHXEh8qHknGjS3lGh5PQ6IZrauxix6SwwKFDH7eZA=;
        b=iRnIVAe7lyjsBdwOFI/NG1aogy1n3/LCb4uPjtfIrpW8Na2e3ff8oj2r7WNeY3LPn5
         uibpI3X8a35WaEz5BinyamQdmXnJUcWyXHqk3yUPnC1UtB2R4KV9ldqLudPwhweySINQ
         ireostXdtBXOtUEIrF2Fo1JEKMFsSFp/348Sv0sSTmbGeGlxPylPR0IMn0VJ4pXyTUXX
         fFcRf3jZQH6UHFUlqpKnsGuTGeNk3nVVUU6TYitQn4yo3aWUInNfNDD7+k9y3KSObwWV
         ZPCbSgwImUi1IvoCwqGat8U/mxqNvdzgQvaDSbEXV8bJyAYWjHunR4HwiuG/UangeW3V
         s2qA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g5si8355747plt.273.2018.12.09.14.10.31;
        Sun, 09 Dec 2018 14:10:45 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727774AbeLIWJH (ORCPT <rfc822;atom.tux.beastie@gmail.com>
        + 99 others); Sun, 9 Dec 2018 17:09:07 -0500
Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:37384 "EHLO
        shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726641AbeLIWJF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 9 Dec 2018 17:09:05 -0500
Received: from pub.yeoldevic.com ([81.174.156.145] helo=deadeye)
        by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.89)
        (envelope-from <ben@decadent.org.uk>)
        id 1gW735-0002ij-1a; Sun, 09 Dec 2018 21:55:39 +0000
Received: from ben by deadeye with local (Exim 4.91)
        (envelope-from <ben@decadent.org.uk>)
        id 1gW72g-0003Vp-Is; Sun, 09 Dec 2018 21:55:14 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
From:   Ben Hutchings <ben@decadent.org.uk>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
CC:     akpm@linux-foundation.org, "Jia-Ju Bai" <baijiaju1990@gmail.com>,
        "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
Date:   Sun, 09 Dec 2018 21:50:33 +0000
Message-ID: <lsq.1544392233.143845085@decadent.org.uk>
X-Mailer: LinuxStableQueue (scripts by bwh)
X-Patchwork-Hint: ignore
Subject: [PATCH 3.16 209/328] usb: misc: uss720: Fix two sleep-in-atomic-context
 bugs
In-Reply-To: <lsq.1544392232.713909046@decadent.org.uk>
X-SA-Exim-Connect-IP: 81.174.156.145
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.16.62-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Jia-Ju Bai <baijiaju1990@gmail.com>

commit bc8acc214d3f1cafebcbcd101a695bbac716595d upstream.

async_complete() in uss720.c is a completion handler function for the
USB driver. So it should not sleep, but it is can sleep according to the
function call paths (from bottom to top) in Linux-4.16.

[FUNC] set_1284_register(GFP_KERNEL)
drivers/usb/misc/uss720.c, 372:
  set_1284_register in parport_uss720_frob_control
drivers/parport/ieee1284.c, 560:
  [FUNC_PTR]parport_uss720_frob_control in parport_ieee1284_ack_data_avail
drivers/parport/ieee1284.c, 577:
  parport_ieee1284_ack_data_avail in parport_ieee1284_interrupt
./include/linux/parport.h, 474:
  parport_ieee1284_interrupt in parport_generic_irq
drivers/usb/misc/uss720.c, 116:
  parport_generic_irq in async_complete

[FUNC] get_1284_register(GFP_KERNEL)
drivers/usb/misc/uss720.c, 382:
  get_1284_register in parport_uss720_read_status
drivers/parport/ieee1284.c, 555:
  [FUNC_PTR]parport_uss720_read_status in parport_ieee1284_ack_data_avail
drivers/parport/ieee1284.c, 577:
  parport_ieee1284_ack_data_avail in parport_ieee1284_interrupt
./include/linux/parport.h, 474:
  parport_ieee1284_interrupt in parport_generic_irq
drivers/usb/misc/uss720.c, 116:
  parport_generic_irq in async_complete

Note that [FUNC_PTR] means a function pointer call is used.

To fix these bugs, GFP_KERNEL is replaced with GFP_ATOMIC.

These bugs are found by my static analysis tool DSAC.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/usb/misc/uss720.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/usb/misc/uss720.c
+++ b/drivers/usb/misc/uss720.c
@@ -392,7 +392,7 @@ static unsigned char parport_uss720_frob
 	mask &= 0x0f;
 	val &= 0x0f;
 	d = (priv->reg[1] & (~mask)) ^ val;
-	if (set_1284_register(pp, 2, d, GFP_KERNEL))
+	if (set_1284_register(pp, 2, d, GFP_ATOMIC))
 		return 0;
 	priv->reg[1] = d;
 	return d & 0xf;
@@ -402,7 +402,7 @@ static unsigned char parport_uss720_read
 {
 	unsigned char ret;
 
-	if (get_1284_register(pp, 1, &ret, GFP_KERNEL))
+	if (get_1284_register(pp, 1, &ret, GFP_ATOMIC))
 		return 0;
 	return ret & 0xf8;
 }