On Wed, Apr 25, 2018 at 08:12:31PM +0900, Tetsuo Handa wrote: > From: Tetsuo Handa <[email protected]> > > syzbot is reporting crashes triggered by memory allocation fault injection > at tty_ldisc_get() [1]. As an attempt to handle OOM in a graceful way, we > have tried commit 5362544bebe85071 ("tty: don't panic on OOM in > tty_set_ldisc()"). But we reverted that attempt by commit a8983d01f9b7d600 > ("Revert "tty: don't panic on OOM in tty_set_ldisc()"") due to reproducible > crash. We should spend resource for finding and fixing race condition bugs > rather than complicate error paths for 2 * sizeof(void *) bytes allocation > failure. > > [1] > https://syzkaller.appspot.com/bug?id=489d33fa386453859ead58ff5171d43772b13aa3 > > Signed-off-by: Tetsuo Handa <[email protected]> > Reported-by: syzbot <[email protected]> > Cc: Michal Hocko <[email protected]> > Cc: Vegard Nossum <[email protected]> > Cc: Dmitry Vyukov <[email protected]> > Cc: Jiri Slaby <[email protected]> > Cc: Peter Hurley <[email protected]> > Cc: One Thousand Gnomes <[email protected]> > Cc: Linus Torvalds <[email protected]> > Cc: stable <[email protected]> > --- > drivers/tty/tty_ldisc.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c > index 050f4d6..971a37e 100644 > --- a/drivers/tty/tty_ldisc.c > +++ b/drivers/tty/tty_ldisc.c > @@ -176,12 +176,11 @@ static struct tty_ldisc *tty_ldisc_get(struct > tty_struct *tty, int disc) > return ERR_CAST(ldops); > } > > - ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL); > - if (ld == NULL) { > - put_ldops(ldops); > - return ERR_PTR(-ENOMEM); > - } > - > + /* > + * There is no way to handle allocation failure of only 16 bytes. > + * Let's simplify error handling and save more memory. > + */ > + ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL | __GFP_NOFAIL); > ld->ops = ldops; > ld->tty = tty; >
Yes, this is the thing to do, thanks, I'll go queue this up now. greg k-h
