| Message ID | 20220315041745.625517-1-lsahlber@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | cifs: fix KASAN warning in parse_server_interfaces() during mount | expand |
tentatively merged into cifs-2.6-git for-next pending testing On Mon, Mar 14, 2022 at 11:17 PM Ronnie Sahlberg <lsahlber@redhat.com> wrote: > > In parse_server_interfaces() we hold a spinlock across a parsing look that > calls kmalloc(). Use GFP_ATOMIC for this kmalloc since we can not sleep > while holding a spinlock. > > KASAN warning for this bug looks as: > [ 2638.506227] BUG: sleeping function called from invalid context at include/li\ > nux/sched/mm.h:256 > [ 2638.506360] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3633, nam\ > e: mount.cifs > [ 2638.506446] preempt_count: 1, expected: 0 > [ 2638.506486] CPU: 0 PID: 3633 Comm: mount.cifs Tainted: G W OE 5.\ > 17.0-rc7-00006-g4eb628dd74df #135 > [ 2638.506490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-\ > 1.fc33 04/01/2014 > [ 2638.506493] Call Trace: > [ 2638.506495] <TASK> > [ 2638.506497] dump_stack_lvl+0x34/0x44 > [ 2638.506505] __might_resched.cold+0x13f/0x172 > [ 2638.506509] ? _raw_spin_lock+0x81/0xe0 > [ 2638.506514] ? parse_server_interfaces+0x3fe/0xc17 [cifs] > [ 2638.506610] kmem_cache_alloc_trace+0x261/0x2f0 > [ 2638.506616] parse_server_interfaces+0x3fe/0xc17 [cifs] > [ 2638.506685] ? kref_put.isra.0+0x42/0x42 [cifs] > [ 2638.506754] smb3_qfs_tcon.cold+0x28/0x2d [cifs] > [ 2638.506821] ? open_cached_dir+0x1080/0x1080 [cifs] > [ 2638.506884] ? io_schedule_timeout+0x1a0/0x1a0 > [ 2638.506888] ? _raw_spin_lock+0x81/0xe0 > [ 2638.506892] ? _raw_write_lock_irq+0xd0/0xd0 > [ 2638.506896] ? __raw_callee_save___native_queued_spin_unlock+0x11/0x1e > [ 2638.506901] ? _raw_spin_lock+0x81/0xe0 > [ 2638.506904] ? cifs_get_tcon+0xea3/0x1bc0 [cifs] > [ 2638.506959] mount_get_conns+0x366/0xf60 [cifs] > [ 2638.507012] cifs_mount+0xcc/0xe90 [cifs] > [ 2638.507068] ? __irq_work_queue_local+0x67/0xa0 > [ 2638.507073] ? follow_dfs_link+0x810/0x810 [cifs] > [ 2638.507125] ? _raw_spin_lock+0x81/0xe0 > [ 2638.507130] cifs_smb3_do_mount+0x259/0x5f0 [cifs] > [ 2638.507180] ? cifs_sb_deactive+0x60/0x60 [cifs] > [ 2638.507231] ? mutex_lock+0x9f/0xf0 > [ 2638.507234] ? __mutex_lock_slowpath+0x10/0x10 > [ 2638.507238] ? smb3_fs_context_parse_monolithic+0x10b/0x2e0 [cifs] > [ 2638.507309] ? smb3_init_fs_context+0x1b6/0x8f0 [cifs] > [ 2638.507388] smb3_get_tree+0x77/0xf0 [cifs] > [ 2638.507450] vfs_get_tree+0x84/0x2b0 > [ 2638.507455] do_new_mount+0x21e/0x480 > [ 2638.507460] ? do_add_mount+0x370/0x370 > [ 2638.507464] ? security_capable+0x56/0x90 > [ 2638.507469] path_mount+0x2ad/0x1660 > > Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> > --- > fs/cifs/smb2ops.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c > index e04c3045c4d6..0ecd6e1832a1 100644 > --- a/fs/cifs/smb2ops.c > +++ b/fs/cifs/smb2ops.c > @@ -569,7 +569,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf, > > /* no match. insert the entry in the list */ > info = kmalloc(sizeof(struct cifs_server_iface), > - GFP_KERNEL); > + GFP_ATOMIC); > if (!info) { > rc = -ENOMEM; > spin_unlock(&ses->iface_lock); > -- > 2.30.2 >
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index e04c3045c4d6..0ecd6e1832a1 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -569,7 +569,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf, /* no match. insert the entry in the list */ info = kmalloc(sizeof(struct cifs_server_iface), - GFP_KERNEL); + GFP_ATOMIC); if (!info) { rc = -ENOMEM; spin_unlock(&ses->iface_lock);
In parse_server_interfaces() we hold a spinlock across a parsing look that calls kmalloc(). Use GFP_ATOMIC for this kmalloc since we can not sleep while holding a spinlock. KASAN warning for this bug looks as: [ 2638.506227] BUG: sleeping function called from invalid context at include/li\ nux/sched/mm.h:256 [ 2638.506360] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3633, nam\ e: mount.cifs [ 2638.506446] preempt_count: 1, expected: 0 [ 2638.506486] CPU: 0 PID: 3633 Comm: mount.cifs Tainted: G W OE 5.\ 17.0-rc7-00006-g4eb628dd74df #135 [ 2638.506490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-\ 1.fc33 04/01/2014 [ 2638.506493] Call Trace: [ 2638.506495] <TASK> [ 2638.506497] dump_stack_lvl+0x34/0x44 [ 2638.506505] __might_resched.cold+0x13f/0x172 [ 2638.506509] ? _raw_spin_lock+0x81/0xe0 [ 2638.506514] ? parse_server_interfaces+0x3fe/0xc17 [cifs] [ 2638.506610] kmem_cache_alloc_trace+0x261/0x2f0 [ 2638.506616] parse_server_interfaces+0x3fe/0xc17 [cifs] [ 2638.506685] ? kref_put.isra.0+0x42/0x42 [cifs] [ 2638.506754] smb3_qfs_tcon.cold+0x28/0x2d [cifs] [ 2638.506821] ? open_cached_dir+0x1080/0x1080 [cifs] [ 2638.506884] ? io_schedule_timeout+0x1a0/0x1a0 [ 2638.506888] ? _raw_spin_lock+0x81/0xe0 [ 2638.506892] ? _raw_write_lock_irq+0xd0/0xd0 [ 2638.506896] ? __raw_callee_save___native_queued_spin_unlock+0x11/0x1e [ 2638.506901] ? _raw_spin_lock+0x81/0xe0 [ 2638.506904] ? cifs_get_tcon+0xea3/0x1bc0 [cifs] [ 2638.506959] mount_get_conns+0x366/0xf60 [cifs] [ 2638.507012] cifs_mount+0xcc/0xe90 [cifs] [ 2638.507068] ? __irq_work_queue_local+0x67/0xa0 [ 2638.507073] ? follow_dfs_link+0x810/0x810 [cifs] [ 2638.507125] ? _raw_spin_lock+0x81/0xe0 [ 2638.507130] cifs_smb3_do_mount+0x259/0x5f0 [cifs] [ 2638.507180] ? cifs_sb_deactive+0x60/0x60 [cifs] [ 2638.507231] ? mutex_lock+0x9f/0xf0 [ 2638.507234] ? __mutex_lock_slowpath+0x10/0x10 [ 2638.507238] ? smb3_fs_context_parse_monolithic+0x10b/0x2e0 [cifs] [ 2638.507309] ? smb3_init_fs_context+0x1b6/0x8f0 [cifs] [ 2638.507388] smb3_get_tree+0x77/0xf0 [cifs] [ 2638.507450] vfs_get_tree+0x84/0x2b0 [ 2638.507455] do_new_mount+0x21e/0x480 [ 2638.507460] ? do_add_mount+0x370/0x370 [ 2638.507464] ? security_capable+0x56/0x90 [ 2638.507469] path_mount+0x2ad/0x1660 Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> --- fs/cifs/smb2ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)