Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1317852rwb; Sat, 1 Oct 2022 21:31:32 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6DuDkyCFUh6NsrzzptX/v5YSB4uapd9J/0FY+NgtA0MU1HsiAyqwWEvz8fJA65+IWfMby/ X-Received: by 2002:a17:907:3e01:b0:730:a690:a211 with SMTP id hp1-20020a1709073e0100b00730a690a211mr11181216ejc.596.1664685091879; Sat, 01 Oct 2022 21:31:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664685091; cv=none; d=google.com; s=arc-20160816; b=l/AtvYY+YjZpnbWjJSUKOz86Q6M3d1y6cGtqN5k1sXaN9/CA3LhKFkGyDgVMAsb+us t21868Hetoevyet9J+iymfwmZtpoFxuARdWhoL3gHbTPt0asNAwMiUQ+nIQtnNfMg7dm 036PqiivJRHe9iLqKCHTy0B6sdua29Eb29vGpgNimlvpvwLKBMCAK46XgWNwkwqNHLyF gd9wJywWNyHDWSS9jHoAXdIxy+2hgRT0SvmWwvyIzj1tNdIh2N5+TY76xdljOe+30u5N Ko3SioqmnzFQEuOXuhNKmO/kpqcMzDdPp/cSQ6tz+Pa3zdYETajdA29W9kbCWVIPFRKj Ngkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=rcut7/1Hnu5EvZzA0p9Pa2Ufz4Lb6nGkU7IRqd2j8Q8=; b=xv+hrdNj3dEVrvqkp7gV2hm7RbRknGmGdHyBFZYsjuCvJcj8Bbwi+nRWaZdsCMULXu VkdnNpBAhRmUEKRYWb+u5M8ZvMosdLiiovWhjLDLCXNqykwN+qhM8C1aPAu0jRD0jlYh aJXniaaztDCijeAKiBeI/GV0kjVXVooJFB+C+Neop1Zf0+mw9ZpWLczUbTf3QXgNjuC7 y5XJ44EV4cKeGnPYnjDoFnTO8osYILqI+P2LHUCPmxTTqQ2diDGtpVp4XEzEbxSeoEYU N3Fl8AHWmuoGg+9e53RW1Vh5pIHmFvF7hEVer5DFDaB9YMebH2pfYC2/Vv8K3EtD6iWl QEqg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hg5-20020a1709072cc500b007882926848bsi3718417ejc.818.2022.10.01.21.31.06; Sat, 01 Oct 2022 21:31:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229542AbiJBEH1 (ORCPT + 99 others); Sun, 2 Oct 2022 00:07:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229524AbiJBEHZ (ORCPT ); Sun, 2 Oct 2022 00:07:25 -0400 Received: from zju.edu.cn (spam.zju.edu.cn [61.164.42.155]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id AE354220E9 for ; Sat, 1 Oct 2022 21:07:22 -0700 (PDT) Received: from ubuntu.localdomain (unknown [10.190.65.158]) by mail-app2 (Coremail) with SMTP id by_KCgB3fvZuDjljRyqBBg--.23164S2; Sun, 02 Oct 2022 12:07:17 +0800 (CST) From: Duoming Zhou To: linux-kernel@vger.kernel.org Cc: gregkh@linuxfoundation.org, jirislaby@kernel.org, Duoming Zhou Subject: [PATCH] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Date: Sun, 2 Oct 2022 12:07:09 +0800 Message-Id: <20221002040709.27849-1-duoming@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: by_KCgB3fvZuDjljRyqBBg--.23164S2 X-Coremail-Antispam: 1UD129KBjvdXoW7GF17WFWktr1xCrW3Xr1fWFg_yoWkArg_Ca 1xJ3ZxCrn29ry7uwn8trs09rWYyF4UZ3WvkFsagrWaq398Jr18X3s7Zrnruw1fWrWfCr13 CrW3Aw1rA3W7GjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUb2kFc2x0x2IEx4CE42xK8VAvwI8IcIk0rVWrJVCq3wAFIxvE14AK wVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK021l84ACjcxK6xIIjxv20x vE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4UJVWxJr1l84ACjcxK6I8E 87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_GcCE3s1le2I262IYc4CY6c 8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_ Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwI xGrwACjI8F5VA0II8E6IAqYI8I648v4I1l42xK82IYc2Ij64vIr41l42xK82IY6x8ErcxF aVAv8VW8uw4UJr1UMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr 4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUAVWUtwCIc40Y0x0EwIxG rwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVWUJVW8Jw CI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2 z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7VUbXdbUUUUUU== X-CM-SenderInfo: qssqjiasttq6lmxovvfxof0/1tbiAgIKAVZdtbvX2gBLsI X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The function gsm_dlci_t1() is a timer handler that runs in an atomic context, but it calls "kzalloc(..., GFP_KERNEL)" that may sleep. As a result, the sleep-in-atomic-context bug will happen. The process is shown below: gsm_dlci_t1() gsm_dlci_open() gsm_modem_update() gsm_modem_upd_via_msc() gsm_control_send() kzalloc(sizeof(.., GFP_KERNEL) //may sleep This patch changes the gfp_t parameter of kzalloc() from GFP_KERNEL to GFP_ATOMIC in order to mitigate the bug. Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Signed-off-by: Duoming Zhou --- drivers/tty/n_gsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 01c112e2e21..2a0de70e0be 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1670,7 +1670,7 @@ static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, unsigned int command, u8 *data, int clen) { struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control), - GFP_KERNEL); + GFP_ATOMIC); unsigned long flags; if (ctrl == NULL) return NULL; -- 2.17.1