Re: [PATCH 2/2] bdisp: Fix a possible sleep-in-atomic bug in bdisp_hw_save_request

2017-12-15 Thread Fabien DESSENNE 
Hi


Thank you for the patch.


On 12/12/17 14:47, Jia-Ju Bai wrote:
> The driver may sleep under a spinlock.
> The function call path is:
> bdisp_device_run (acquire the spinlock)
>bdisp_hw_update
>  bdisp_hw_save_request
>devm_kzalloc(GFP_KERNEL) --> may sleep
>
> To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
>
> This bug is found by my static analysis tool(DSAC) and checked by my code 
> review.
>
> Signed-off-by: Jia-Ju Bai 
Reviewed-by: Fabien Dessenne 
> ---
>   drivers/media/platform/sti/bdisp/bdisp-hw.c |2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c 
> b/drivers/media/platform/sti/bdisp/bdisp-hw.c
> index 4b62ceb..7b45b43 100644
> --- a/drivers/media/platform/sti/bdisp/bdisp-hw.c
> +++ b/drivers/media/platform/sti/bdisp/bdisp-hw.c
> @@ -1064,7 +1064,7 @@ static void bdisp_hw_save_request(struct bdisp_ctx *ctx)
>   if (!copy_node[i]) {
>   copy_node[i] = devm_kzalloc(ctx->bdisp_dev->dev,
>   sizeof(*copy_node[i]),
> - GFP_KERNEL);
> + GFP_ATOMIC);
>   if (!copy_node[i])
>   return;
>   }

[PATCH 2/2] bdisp: Fix a possible sleep-in-atomic bug in bdisp_hw_save_request

2017-12-12 Thread Jia-Ju Bai 
The driver may sleep under a spinlock.
The function call path is:
bdisp_device_run (acquire the spinlock)
  bdisp_hw_update
bdisp_hw_save_request
  devm_kzalloc(GFP_KERNEL) --> may sleep

To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool(DSAC) and checked by my code 
review.

Signed-off-by: Jia-Ju Bai 
---
 drivers/media/platform/sti/bdisp/bdisp-hw.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c 
b/drivers/media/platform/sti/bdisp/bdisp-hw.c
index 4b62ceb..7b45b43 100644
--- a/drivers/media/platform/sti/bdisp/bdisp-hw.c
+++ b/drivers/media/platform/sti/bdisp/bdisp-hw.c
@@ -1064,7 +1064,7 @@ static void bdisp_hw_save_request(struct bdisp_ctx *ctx)
if (!copy_node[i]) {
copy_node[i] = devm_kzalloc(ctx->bdisp_dev->dev,
sizeof(*copy_node[i]),
-   GFP_KERNEL);
+   GFP_ATOMIC);
if (!copy_node[i])
return;
}
-- 
1.7.9.5