The kernel may sleep with holding a spinlock.
The function call path (from bottom to top) in Linux-4.16.7 is:
[FUNC] remove_element(GFP_KERNEL)
mm/mempool.c, 250: remove_element in mempool_resize
mm/mempool.c, 247: _raw_spin_lock_irqsave in mempool_resize
To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool (DSAC-2) and checked by
my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
mm/mempool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/mempool.c b/mm/mempool.c
index 5c9dce34719b..d33bd5d622e7 100644
--- a/mm/mempool.c
+++ b/mm/mempool.c
@@ -247,7 +247,7 @@ int mempool_resize(mempool_t *pool, int new_min_nr)
spin_lock_irqsave(&pool->lock, flags);
if (new_min_nr <= pool->min_nr) {
while (new_min_nr < pool->curr_nr) {
- element = remove_element(pool, GFP_KERNEL);
+ element = remove_element(pool, GFP_ATOMIC);
spin_unlock_irqrestore(&pool->lock, flags);
pool->free(element, pool->pool_data);
spin_lock_irqsave(&pool->lock, flags);
--
2.17.0
