Received: by 2002:a17:90a:88:0:0:0:0 with SMTP id a8csp13985pja; Fri, 22 Nov 2019 02:49:10 -0800 (PST) X-Google-Smtp-Source: APXvYqykVzd4G8ArVNo0hdabnRgZqJJ1zBpG151+UhcndtXV0AhyJyBu/M0yY5IkguRjHTJhOx0X X-Received: by 2002:a50:fd95:: with SMTP id o21mr249189edt.283.1574419749878; Fri, 22 Nov 2019 02:49:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574419749; cv=none; d=google.com; s=arc-20160816; b=zvZgGf+MzuX4Muehf3zXrMUN+eTO9xHqa6o5emEeaqraxCkNUPPZsc2v2Y0S95QNE7 o7hpXAmvEqlrkm/KNokK9/1YkpRsOuvw7WgBse+HxHpSXpYfcxX+aNjNNbkqFKFvnVk2 CcbphJRYEtelZJp6faEKNmdem2Xosqcp6FQ+VDcBeTCgGToxIMQ05i6rzjb8b7eEVtsx VLoZGiBZtvolXjYuJhSkLknBybpFQyrRQ4KDKlxND109vEWhp006xsssqvUAugqdaWiV kMSRpzz88gfahNO+GnFPz4+nYW1q/RnLgcSyxHQUjhuNCutRB8Jy8PEuPtcXHWATEUny h3CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=YsFzk8IvNK0Epo8Tn7fanc4u32FpyHU9eWnqI8Nza40=; b=zfH1f/TNa/ZleNExpa9/Ld1yAkBDcOre8akjpqAsQHe6VH2qPpfloh7YV+Gw5CTmJc ODazb0hL4z21g+CLHGvQpu0i6o/MWLPiFz93deShTkQDcsDc60y0AxKdZF70gXBUgLQV hmyR38Vq5I6t2lrWwBz+N9XWDGWcGwWQiydE1lVXYm8NlVmrk0owzGPhc6gDZftbL+y6 bVX6K+I5QAm+y55lOU5oo0N7y0kSVTfgt0eK8g2lZVucRJ1JQT+E7hH6G0oAm0Cn1bt7 qmTIzpJN/JeluwpGBZsK6zSnuMr6rYsG9/QaebuAhAG5cCcwKCT1QRNS23+ClvR85Oxj jePw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=H4jDpmLl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9si3893209edp.442.2019.11.22.02.48.45; Fri, 22 Nov 2019 02:49:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=H4jDpmLl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729760AbfKVKrX (ORCPT + 99 others); Fri, 22 Nov 2019 05:47:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:55214 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727755AbfKVKrW (ORCPT ); Fri, 22 Nov 2019 05:47:22 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4D74120718; Fri, 22 Nov 2019 10:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574419641; bh=Ezy/2toqxH4vDYuGNzQ7l2KT4KeAUcuyJ9W611bMqB8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H4jDpmLl5B5hpKbnHBXQ5VwI3IFUTKAxvw5xyirCzpmSlwqCTNh2w8B1fUKng6W4i 41UMSXGL7hslaluxgN0qO7e0XTV4oXuzFbT/xDAzX6e00/e/Ka0QGtA1g0QYUEbTeI icY7zE4XkgbB7/6nE1w3J/hPmq7q+r9OEuOoOOQg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jia-Ju Bai , Felipe Balbi , Sasha Levin Subject: [PATCH 4.9 165/222] usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() Date: Fri, 22 Nov 2019 11:28:25 +0100 Message-Id: <20191122100914.505807337@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191122100830.874290814@linuxfoundation.org> References: <20191122100830.874290814@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jia-Ju Bai [ Upstream commit 2337a77c1cc86bc4e504ecf3799f947659c86026 ] The driver may sleep in an interrupt handler. The function call path (from bottom to top) in Linux-4.17 is: [FUNC] fotg210_ep_queue(GFP_KERNEL) drivers/usb/gadget/udc/fotg210-udc.c, 744: fotg210_ep_queue in fotg210_get_status drivers/usb/gadget/udc/fotg210-udc.c, 768: fotg210_get_status in fotg210_setup_packet drivers/usb/gadget/udc/fotg210-udc.c, 949: fotg210_setup_packet in fotg210_irq (interrupt handler) To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC. If possible, spin_unlock() and spin_lock() around fotg210_ep_queue() can be also removed. This bug is found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai Signed-off-by: Felipe Balbi Signed-off-by: Sasha Levin --- drivers/usb/gadget/udc/fotg210-udc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c index 95df2b3bb6a1a..76e991557116a 100644 --- a/drivers/usb/gadget/udc/fotg210-udc.c +++ b/drivers/usb/gadget/udc/fotg210-udc.c @@ -744,7 +744,7 @@ static void fotg210_get_status(struct fotg210_udc *fotg210, fotg210->ep0_req->length = 2; spin_unlock(&fotg210->lock); - fotg210_ep_queue(fotg210->gadget.ep0, fotg210->ep0_req, GFP_KERNEL); + fotg210_ep_queue(fotg210->gadget.ep0, fotg210->ep0_req, GFP_ATOMIC); spin_lock(&fotg210->lock); } -- 2.20.1