diff options
author | Jia-Ju Bai <baijiaju1990@163.com> | 2017-06-10 17:03:35 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-06-10 18:20:38 -0400 |
commit | 343eba69c6968190d8654b857aea952fed9a6749 (patch) | |
tree | 05088e941fe1061b7d12f351302be316949352c0 | |
parent | f146e872eb12ebbe92d8e583b2637e0741440db3 (diff) | |
download | linux-343eba69c6968190d8654b857aea952fed9a6749.tar.bz2 |
net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse
The kernel may sleep under a rcu read lock in tipc_msg_reverse, and the
function call path is:
tipc_l2_rcv_msg (acquire the lock by rcu_read_lock)
tipc_rcv
tipc_sk_rcv
tipc_msg_reverse
pskb_expand_head(GFP_KERNEL) --> may sleep
tipc_node_broadcast
tipc_node_xmit_skb
tipc_node_xmit
tipc_sk_rcv
tipc_msg_reverse
pskb_expand_head(GFP_KERNEL) --> may sleep
To fix it, "GFP_KERNEL" is replaced with "GFP_ATOMIC".
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/tipc/msg.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/tipc/msg.c b/net/tipc/msg.c index 312ef7de57d7..ab3087687a32 100644 --- a/net/tipc/msg.c +++ b/net/tipc/msg.c @@ -508,7 +508,7 @@ bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err) } if (skb_cloned(_skb) && - pskb_expand_head(_skb, BUF_HEADROOM, BUF_TAILROOM, GFP_KERNEL)) + pskb_expand_head(_skb, BUF_HEADROOM, BUF_TAILROOM, GFP_ATOMIC)) goto exit; /* Now reverse the concerned fields */ |