From patchwork Sat Oct 7 01:20:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jia-Ju Bai X-Patchwork-Id: 822875 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-ext4-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.b="Rx5imVFy"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3y87vW5Gykz9t6j for ; Sat, 7 Oct 2017 12:19:19 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752604AbdJGBTE (ORCPT ); Fri, 6 Oct 2017 21:19:04 -0400 Received: from m12-16.163.com ([220.181.12.16]:54497 "EHLO m12-16.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751485AbdJGBTC (ORCPT ); Fri, 6 Oct 2017 21:19:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=ZpGbHQTlZ7TTN/2Rqv a+4KctWcWZhuGnaz2HkOqRbuo=; b=Rx5imVFyGRh4FKbvmFlF7Omtr/4DXM0XRQ jpEE5XHb9oXhZU6WOxw43ylHI/dwKDMKWOBkN08weVVXIQjws9OC6syAQFo2v2bn e29iPOhkapaLpquVRFo51ous38JtbVhd3pJdH4BuQSY03wqei+/Q8HkCpHDQWzev l8utfHzKA= Received: from bai-oslab.tsinghua.edu.cn (unknown [166.111.70.46]) by smtp12 (Coremail) with SMTP id EMCowAB39NVTK9hZBhZ6DA--.39965S2; Sat, 07 Oct 2017 09:18:15 +0800 (CST) From: Jia-Ju Bai To: viro@zeniv.linux.org.uk, jack@suse.com, sagi@grimberg.me, james.smart@broadcom.com Cc: linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Jia-Ju Bai Subject: [PATCH] ext2/super: Fix a possible sleep-in-atomic bug in parse_options Date: Sat, 7 Oct 2017 09:20:46 +0800 Message-Id: <1507339246-13067-1-git-send-email-baijiaju1990@163.com> X-Mailer: git-send-email 1.7.9.5 X-CM-TRANSID: EMCowAB39NVTK9hZBhZ6DA--.39965S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7XryfCw18tFy5ZFW5trWkZwb_yoW3ZrX_uF 48Ars5ZFWDCFsIgw1fuan0qr1ay34UWr1Skan3XFy3J3y5JFs5Xw4kurn3XFZIvFWxZrZx JrZ5GrnxZr1agjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUb6BT7UUUUU== X-Originating-IP: [166.111.70.46] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiZRdqelWBWwOxLwAAsw Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org The kernel may sleep under a spinlock, and the function call path is: ext2_remount parse_options match_int match_number (lib/parser.c) kmalloc(GFP_KERNEL) --> may sleep To fix it, GFP_KERNEL is replaced with GFP_ATOMIC. This bug is found by my static analysis tool and my code review. Signed-off-by: Jia-Ju Bai --- lib/parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/parser.c b/lib/parser.c index 3278958..bc6e2ce 100644 --- a/lib/parser.c +++ b/lib/parser.c @@ -133,7 +133,7 @@ static int match_number(substring_t *s, int *result, int base) long val; size_t len = s->to - s->from; - buf = kmalloc(len + 1, GFP_KERNEL); + buf = kmalloc(len + 1, GFP_ATOMIC); if (!buf) return -ENOMEM; memcpy(buf, s->from, len);