diff options
| author | Jia-Ju Bai <baijiaju1990@163.com> | 2017-10-03 10:25:22 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-11-10 07:41:42 -0800 |
| commit | 333de2f4131efde180eba58abe231f4ad35d8451 (patch) | |
| tree | 4dc2d178c9b76042c3da80ac4dc09bfa985fa1f0 /crypto | |
| parent | 2e3ae534fb98c7a6a5cf3e80a190181154328f80 (diff) | |
| download | linux-stable-333de2f4131efde180eba58abe231f4ad35d8451.tar.gz linux-stable-333de2f4131efde180eba58abe231f4ad35d8451.tar.bz2 linux-stable-333de2f4131efde180eba58abe231f4ad35d8451.zip | |
crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
[ Upstream commit 9039f3ef446e9ffa200200c934f049add9e58426 ]
The SCTP program may sleep under a spinlock, and the function call path is:
sctp_generate_t3_rtx_event (acquire the spinlock)
sctp_do_sm
sctp_side_effects
sctp_cmd_interpreter
sctp_make_init_ack
sctp_pack_cookie
crypto_shash_setkey
shash_setkey_unaligned
kmalloc(GFP_KERNEL)
For the same reason, the orinoco driver may sleep in interrupt handler,
and the function call path is:
orinoco_rx_isr_tasklet
orinoco_rx
orinoco_mic
crypto_shash_setkey
shash_setkey_unaligned
kmalloc(GFP_KERNEL)
To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool and my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/shash.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/shash.c b/crypto/shash.c index 5444b429e35d..4f89f78031e2 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -41,7 +41,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, int err; absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); - buffer = kmalloc(absize, GFP_KERNEL); + buffer = kmalloc(absize, GFP_ATOMIC); if (!buffer) return -ENOMEM; |