[PATCH] cifs: fix KASAN warning in parse_server_interfaces() during mount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In parse_server_interfaces() we hold a spinlock across a parsing look that
calls kmalloc(). Use GFP_ATOMIC for this kmalloc since we can not sleep
while holding a spinlock.

KASAN warning for this bug looks as:
[ 2638.506227] BUG: sleeping function called from invalid context at include/li\
nux/sched/mm.h:256
[ 2638.506360] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3633, nam\
e: mount.cifs
[ 2638.506446] preempt_count: 1, expected: 0
[ 2638.506486] CPU: 0 PID: 3633 Comm: mount.cifs Tainted: G        W  OE     5.\
17.0-rc7-00006-g4eb628dd74df #135
[ 2638.506490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-\
1.fc33 04/01/2014
[ 2638.506493] Call Trace:
[ 2638.506495]  <TASK>
[ 2638.506497]  dump_stack_lvl+0x34/0x44
[ 2638.506505]  __might_resched.cold+0x13f/0x172
[ 2638.506509]  ? _raw_spin_lock+0x81/0xe0
[ 2638.506514]  ? parse_server_interfaces+0x3fe/0xc17 [cifs]
[ 2638.506610]  kmem_cache_alloc_trace+0x261/0x2f0
[ 2638.506616]  parse_server_interfaces+0x3fe/0xc17 [cifs]
[ 2638.506685]  ? kref_put.isra.0+0x42/0x42 [cifs]
[ 2638.506754]  smb3_qfs_tcon.cold+0x28/0x2d [cifs]
[ 2638.506821]  ? open_cached_dir+0x1080/0x1080 [cifs]
[ 2638.506884]  ? io_schedule_timeout+0x1a0/0x1a0
[ 2638.506888]  ? _raw_spin_lock+0x81/0xe0
[ 2638.506892]  ? _raw_write_lock_irq+0xd0/0xd0
[ 2638.506896]  ? __raw_callee_save___native_queued_spin_unlock+0x11/0x1e
[ 2638.506901]  ? _raw_spin_lock+0x81/0xe0
[ 2638.506904]  ? cifs_get_tcon+0xea3/0x1bc0 [cifs]
[ 2638.506959]  mount_get_conns+0x366/0xf60 [cifs]
[ 2638.507012]  cifs_mount+0xcc/0xe90 [cifs]
[ 2638.507068]  ? __irq_work_queue_local+0x67/0xa0
[ 2638.507073]  ? follow_dfs_link+0x810/0x810 [cifs]
[ 2638.507125]  ? _raw_spin_lock+0x81/0xe0
[ 2638.507130]  cifs_smb3_do_mount+0x259/0x5f0 [cifs]
[ 2638.507180]  ? cifs_sb_deactive+0x60/0x60 [cifs]
[ 2638.507231]  ? mutex_lock+0x9f/0xf0
[ 2638.507234]  ? __mutex_lock_slowpath+0x10/0x10
[ 2638.507238]  ? smb3_fs_context_parse_monolithic+0x10b/0x2e0 [cifs]
[ 2638.507309]  ? smb3_init_fs_context+0x1b6/0x8f0 [cifs]
[ 2638.507388]  smb3_get_tree+0x77/0xf0 [cifs]
[ 2638.507450]  vfs_get_tree+0x84/0x2b0
[ 2638.507455]  do_new_mount+0x21e/0x480
[ 2638.507460]  ? do_add_mount+0x370/0x370
[ 2638.507464]  ? security_capable+0x56/0x90
[ 2638.507469]  path_mount+0x2ad/0x1660

Signed-off-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
---
 fs/cifs/smb2ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index e04c3045c4d6..0ecd6e1832a1 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -569,7 +569,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
 
 		/* no match. insert the entry in the list */
 		info = kmalloc(sizeof(struct cifs_server_iface),
-			       GFP_KERNEL);
+			       GFP_ATOMIC);
 		if (!info) {
 			rc = -ENOMEM;
 			spin_unlock(&ses->iface_lock);
-- 
2.30.2




[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux