Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1018277iob; Fri, 13 May 2022 19:49:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOk7gkKrGtg3MqxBXBO/oqfuCylPVBIjfquBhrgwSFXMDYlu9Id8QWhymSuaDsKetV3Qqw X-Received: by 2002:a05:6000:2cc:b0:20c:5c31:1120 with SMTP id o12-20020a05600002cc00b0020c5c311120mr6251216wry.105.1652496580500; Fri, 13 May 2022 19:49:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652496580; cv=none; d=google.com; s=arc-20160816; b=yiw6yTqP63IinUIxQCVMSymM2Qz5n36jblK5OgFP5VgDnfcpF/35nTlIY9QzlJrfmm GOpfdsVvbylRgsx+7JBywiZd2SGjIZY9TWxoxwj1+MupNI79BIn9QG33q2mVtXfXa+tM ADo7bdt4PC84SBPqgE5X6IiVgF+muI9itXMkWP59bjg2YRRGfOpjfGj9m3bhk0Z7TpD9 u4aDDaHOyPFNE+stgAUYUqZTfUeDKh8O573n/+qdK/8CYhrzdRP9G7NTqjt3iCMWFiR2 zLr+sz8zlPbb3jg24rl5vqVt+ZtCdoOJdS/ac1WWR80CJJMllKEKuvxvIHDjn5tJEoa/ EeBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=40VRyfl1eS1PKgh+cixfm0xBgEt/cFecpr+hqEFtVOw=; b=HpuQwN7jifK9/kTH0dITyr878BeQiwkmdRodyezpxUN4KjD3VmMjk8YS1OE7nE0cub Fe1a+Em6D7GHIjTtwWXCE64HkLNjERnjpwGlDQZdfKj8gMBiAHXMou4Cd0EzbZoB+Vfe oxjI44byZHhG0XXumnPzarlHTqOZiuknmo9T8Af/Ec6fH+zaXBspVxXP2kASLJjcwN33 hscr+awj4MzevM9U2femCY0kHPEh+bn4/HWS0LPEgdqg2GqAIw+s2ARegtcdhLOB0NOc 29tjzVox93s6IShJr7tiJgp+x1u17xceW61DyuCXfTmhLZa6NTf4ZBVKwkaBTBKQr71y M92g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id r15-20020a5d694f000000b0020ac14ef4eesi3316314wrw.294.2022.05.13.19.49.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 19:49:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 780D136EF51; Fri, 13 May 2022 16:36:15 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381527AbiEMNht (ORCPT + 99 others); Fri, 13 May 2022 09:37:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381309AbiEMNe6 (ORCPT ); Fri, 13 May 2022 09:34:58 -0400 Received: from zg8tmty1ljiyny4xntqumjca.icoremail.net (zg8tmty1ljiyny4xntqumjca.icoremail.net [165.227.154.27]) by lindbergh.monkeyblade.net (Postfix) with SMTP id 0A0DC10F0; Fri, 13 May 2022 06:34:54 -0700 (PDT) Received: from ubuntu.localdomain (unknown [218.12.19.27]) by mail-app2 (Coremail) with SMTP id by_KCgD3nEFEXn5ixqcfAA--.44066S2; Fri, 13 May 2022 21:34:15 +0800 (CST) From: Duoming Zhou To: netdev@vger.kernel.org, krzysztof.kozlowski@linaro.org Cc: linux-kernel@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, gregkh@linuxfoundation.org, alexander.deucher@amd.com, broonie@kernel.org, Duoming Zhou Subject: [PATCH net] NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Date: Fri, 13 May 2022 21:33:55 +0800 Message-Id: <20220513133355.113222-1-duoming@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: by_KCgD3nEFEXn5ixqcfAA--.44066S2 X-Coremail-Antispam: 1UD129KBjvJXoW7tr1xWrW5XF1xKr45tw1UZFb_yoW8tr43pF WSgFWDZF48Jr1UXFWvvw4vqw4YywnYg3yDKa9ruws5J3sYqrn5ta10yFyYvFZ3ZrWkAF4a qr4Y9r17uFnrt3JanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvj14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4U JVWxJr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Gc CE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E 2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJV W8JwACjcxG0xvY0x0EwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1lFIxGxcIEc7CjxVA2 Y2ka0xkIwI1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4 xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r43 MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I 0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWU JVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjfUoO J5UUUUU X-CM-SenderInfo: qssqjiasttq6lmxovvfxof0/1tbiAgkIAVZdtZqDiwAgsO X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There are sleep in atomic context bugs when the request to secure element of st-nci is timeout. The root cause is that nci_skb_alloc with GFP_KERNEL parameter is called in st_nci_se_wt_timeout which is a timer handler. The call paths that could trigger bugs are shown below: (interrupt context 1) st_nci_se_wt_timeout nci_hci_send_event nci_hci_send_data nci_skb_alloc(..., GFP_KERNEL) //may sleep (interrupt context 2) st_nci_se_wt_timeout nci_hci_send_event nci_hci_send_data nci_send_data nci_queue_tx_data_frags nci_skb_alloc(..., GFP_KERNEL) //may sleep This patch changes allocation mode of nci_skb_alloc from GFP_KERNEL to GFP_ATOMIC in order to prevent atomic context sleeping. The GFP_ATOMIC flag makes memory allocation operation could be used in atomic context. Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation ") Fixes: 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support") Signed-off-by: Duoming Zhou --- net/nfc/nci/data.c | 2 +- net/nfc/nci/hci.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c index 6055dc9a82a..aa5e712adf0 100644 --- a/net/nfc/nci/data.c +++ b/net/nfc/nci/data.c @@ -118,7 +118,7 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev, skb_frag = nci_skb_alloc(ndev, (NCI_DATA_HDR_SIZE + frag_len), - GFP_KERNEL); + GFP_ATOMIC); if (skb_frag == NULL) { rc = -ENOMEM; goto free_exit; diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c index 19703a649b5..78c4b6addf1 100644 --- a/net/nfc/nci/hci.c +++ b/net/nfc/nci/hci.c @@ -153,7 +153,7 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe, i = 0; skb = nci_skb_alloc(ndev, conn_info->max_pkt_payload_len + - NCI_DATA_HDR_SIZE, GFP_KERNEL); + NCI_DATA_HDR_SIZE, GFP_ATOMIC); if (!skb) return -ENOMEM; @@ -184,7 +184,7 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe, if (i < data_len) { skb = nci_skb_alloc(ndev, conn_info->max_pkt_payload_len + - NCI_DATA_HDR_SIZE, GFP_KERNEL); + NCI_DATA_HDR_SIZE, GFP_ATOMIC); if (!skb) return -ENOMEM; -- 2.17.1