The kernel may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16.7 are:
[FUNC] kmem_cache_alloc(GFP_KERNEL)
fs/notify/mark.c, 439:
kmem_cache_alloc in fsnotify_attach_connector_to_object
fs/notify/mark.c, 520:
fsnotify_attach_connector_to_object in fsnotify_add_mark_list
fs/notify/mark.c, 590:
fsnotify_add_mark_list in fsnotify_add_mark_locked
kernel/audit_tree.c, 437:
fsnotify_add_mark_locked in tag_chunk
kernel/audit_tree.c, 423:
spin_lock in tag_chunk
[FUNC] kmem_cache_alloc(GFP_KERNEL)
fs/notify/mark.c, 439:
kmem_cache_alloc in fsnotify_attach_connector_to_object
fs/notify/mark.c, 520:
fsnotify_attach_connector_to_object in fsnotify_add_mark_list
fs/notify/mark.c, 590:
fsnotify_add_mark_list in fsnotify_add_mark_locked
kernel/audit_tree.c, 291:
fsnotify_add_mark_locked in untag_chunk
kernel/audit_tree.c, 258:
spin_lock in untag_chunk
To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool (DSAC-2) and checked by my
code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
fs/notify/mark.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index e9191b416434..c664853b8585 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -436,7 +436,7 @@ static int fsnotify_attach_connector_to_object(
{
struct fsnotify_mark_connector *conn;
- conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_KERNEL);
+ conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_ATOMIC);
if (!conn)
return -ENOMEM;
spin_lock_init(&conn->lock);
--
2.17.0
