[PATCH] kernel: audit_tree: Fix a sleep-in-atomic-context bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The kernel may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16.7 are:

[FUNC] kmem_cache_alloc(GFP_KERNEL)
fs/notify/mark.c, 439: 
		kmem_cache_alloc in fsnotify_attach_connector_to_object
fs/notify/mark.c, 520: 
		fsnotify_attach_connector_to_object in fsnotify_add_mark_list
fs/notify/mark.c, 590: 
		fsnotify_add_mark_list in fsnotify_add_mark_locked
kernel/audit_tree.c, 437: 
		fsnotify_add_mark_locked in tag_chunk
kernel/audit_tree.c, 423: 
		spin_lock in tag_chunk

[FUNC] kmem_cache_alloc(GFP_KERNEL)
fs/notify/mark.c, 439: 
		kmem_cache_alloc in fsnotify_attach_connector_to_object
fs/notify/mark.c, 520: 
		fsnotify_attach_connector_to_object in fsnotify_add_mark_list
fs/notify/mark.c, 590: 
		fsnotify_add_mark_list in fsnotify_add_mark_locked
kernel/audit_tree.c, 291: 
		fsnotify_add_mark_locked in untag_chunk
kernel/audit_tree.c, 258: 
		spin_lock in untag_chunk

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool (DSAC-2) and checked by my
code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
 fs/notify/mark.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index e9191b416434..c664853b8585 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -436,7 +436,7 @@ static int fsnotify_attach_connector_to_object(
 {
 	struct fsnotify_mark_connector *conn;
 
-	conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_KERNEL);
+	conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_ATOMIC);
 	if (!conn)
 		return -ENOMEM;
 	spin_lock_init(&conn->lock);
-- 
2.17.0




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux