In the following call chain, we allocate memory using GFP_KERNEL
while holding the socket spinlock.
tipc_sk_rcv() // grab spinlock sk->sk_lock.slock
tipc_sk_enqueue()
tipc_msg_reverse(err = TIPC_ERR_OVERLOAD)
In tipc_msg_reverse() we allocate the skb using GFP_ATOMIC but
call pskb_expand_head with GFP_KERNEL flag. This allocation might
sleep, hence the following BUG is reported.
BUG: sleeping function called from invalid context at mm/slab.c:2859
in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper/0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.21+ #11
Hardware name: Ericsson AB CXC1060320/ROJ208840/5, BIOS 4.6.5 11/07/2013
0000000000000000 ffff880c7f0039a0 ffffffff813109ab ffffffff81a604f7
0000000000000b2b ffff880c7f0039b0 ffffffff8107c8be ffff880c7f0039d8
ffffffff8107c952 00000000ffffffff 0000000000000000 00000000024102c0
Call Trace:
<IRQ> [<ffffffff813109ab>] ? dump_stack+0x4d/0x72
[<ffffffff8107c8be>] ? ___might_sleep+0xde/0x120
[<ffffffff8107c952>] ? __might_sleep+0x52/0xb0
[<ffffffff8116fb7b>] ? kmem_cache_alloc_node_trace+0x16b/0x250
[<ffffffff81601cb1>] ? __kmalloc_reserve.isra.43+0x31/0x90
[<ffffffff81601d65>] ? __alloc_skb+0x55/0x1d0
[<ffffffff8116fc91>] ? __kmalloc_node_track_caller+0x31/0x40
[<ffffffff81601cb1>] ? __kmalloc_reserve.isra.43+0x31/0x90
[<ffffffff816038de>] ? pskb_expand_head+0x6e/0x250
[<ffffffffa00d89e7>] ? tipc_msg_reverse+0x107/0x390 [tipc]
[<ffffffffa00e3e21>] ? tipc_sk_lookup+0xe1/0x140 [tipc]
[<ffffffffa00e7fad>] ? tipc_sk_rcv+0x4ad/0x500 [tipc]
[<ffffffffa00e2862>] ? tipc_rcv+0x1b2/0x3d0 [tipc]
[<ffffffffa00e2896>] ? tipc_rcv+0x1e6/0x3d0 [tipc]
[<ffffffffa00d137f>] ? tipc_l2_rcv_msg+0x4f/0x70 [tipc]
[<ffffffff81610c21>] ? __netif_receive_skb_core+0x2e1/0xa30
[<ffffffff8161337b>] ? __netif_receive_skb+0x1b/0x70
[<ffffffff81613404>] ? netif_receive_skb_internal+0x34/0xa0
[<ffffffff81614054>] ? napi_gro_receive+0x94/0x140
[<ffffffff814ef912>] ? ixgbe_clean_rx_irq+0x412/0x9a0
[<ffffffff814f0a89>] ? ixgbe_poll+0x349/0x790
[<ffffffff81614d10>] ? net_rx_action+0x1d0/0x340
[<ffffffff8105b306>] ? __do_softirq+0xa6/0x2d0
[<ffffffff8105b638>] ? irq_exit+0x48/0x50
[<ffffffff8174b254>] ? do_IRQ+0x54/0xd0
[<ffffffff8174973f>] ? common_interrupt+0x7f/0x7f
<EOI> [<ffffffff815c9bf6>] ? cpuidle_enter_state+0xb6/0x280
In this commit, we allocate memory with GFP_ATOMIC flag while
holding spinlock.
Signed-off-by: Parthasarathy Bhuvaragan <[email protected]>
---
net/tipc/msg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 312ef7de57d7..ab3087687a32 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -508,7 +508,7 @@ bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb,
int err)
}
if (skb_cloned(_skb) &&
- pskb_expand_head(_skb, BUF_HEADROOM, BUF_TAILROOM, GFP_KERNEL))
+ pskb_expand_head(_skb, BUF_HEADROOM, BUF_TAILROOM, GFP_ATOMIC))
goto exit;
/* Now reverse the concerned fields */
--
2.1.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
