diff mbox series

isdn: mISDN: layer2: Fix a sleep-in-atomic-context bug in create_l2()

Message ID 20180901115705.31050-1-baijiaju1990@gmail.com
State Rejected, archived
Delegated to: David Miller
Headers show
Series isdn: mISDN: layer2: Fix a sleep-in-atomic-context bug in create_l2() | expand

Commit Message

Jia-Ju Bai Sept. 1, 2018, 11:57 a.m. UTC 
The kernel module may sleep with holding a spinlock.

The function call paths (from bottom to top) in Linux-4.16 are:

[FUNC] kzalloc(GFP_KERNEL)
drivers/isdn/mISDN/layer2.c, 2126: kzalloc in create_l2
drivers/isdn/mISDN/tei.c, 1054: create_l2 in create_teimgr
drivers/isdn/mISDN/tei.c, 1278: create_teimgr in mgr_ctrl
drivers/isdn/mISDN/tei.c, 1048: [FUNC_PTR]mgr_ctrl in create_teimgr
drivers/isdn/mISDN/tei.c, 1045: _raw_read_lock_irqsave in create_teimgr

Note that [FUNC_PTR] means a function pointer call is used.

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool DSAC

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 drivers/isdn/mISDN/layer2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/drivers/isdn/mISDN/layer2.c b/drivers/isdn/mISDN/layer2.c
index 9ff0903a0e89..383f31ae4b92 100644
--- a/drivers/isdn/mISDN/layer2.c
+++ b/drivers/isdn/mISDN/layer2.c
@@ -2123,7 +2123,7 @@  create_l2(struct mISDNchannel *ch, u_int protocol, u_long options, int tei,
 	struct layer2		*l2;
 	struct channel_req	rq;
 
-	l2 = kzalloc(sizeof(struct layer2), GFP_KERNEL);
+	l2 = kzalloc(sizeof(struct layer2), GFP_ATOMIC);
 	if (!l2) {
 		printk(KERN_ERR "kzalloc layer2 failed\n");
 		return NULL;