|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] xen: Fix two possible sleep-in-atomic-context bugs in create_active()
The driver may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16.7 are:
[FUNC] __get_free_pages(GFP_KERNEL)
drivers/xen/pvcalls-front.c, 351: __get_free_pages in create_active
drivers/xen/pvcalls-front.c, 800: create_active in pvcalls_front_accept
drivers/xen/pvcalls-front.c, 783: spin_lock in pvcalls_front_accept
[FUNC] __get_free_pages(GFP_KERNEL)
drivers/xen/pvcalls-front.c, 347: __get_free_pages in create_active
drivers/xen/pvcalls-front.c, 800: create_active in pvcalls_front_accept
drivers/xen/pvcalls-front.c, 783: spin_lock in pvcalls_front_accept
To fix these bugs, GFP_KERNEL is replaced with GFP_ATOMIC.
These bugs are found by my static analysis tool (DSAC-2) and checked by my
code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
drivers/xen/pvcalls-front.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/xen/pvcalls-front.c b/drivers/xen/pvcalls-front.c
index 2f11ca72a281..f2bbc06a0f7f 100644
--- a/drivers/xen/pvcalls-front.c
+++ b/drivers/xen/pvcalls-front.c
@@ -344,11 +344,11 @@ static int create_active(struct sock_mapping *map, int
*evtchn)
init_waitqueue_head(&map->active.inflight_conn_req);
map->active.ring = (struct pvcalls_data_intf *)
- __get_free_page(GFP_KERNEL | __GFP_ZERO);
+ __get_free_page(GFP_ATOMIC | __GFP_ZERO);
if (map->active.ring == NULL)
goto out_error;
map->active.ring->ring_order = PVCALLS_RING_ORDER;
- bytes = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+ bytes = (void *)__get_free_pages(GFP_ATOMIC | __GFP_ZERO,
PVCALLS_RING_ORDER);
if (bytes == NULL)
goto out_error;
--
2.17.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |