[thirdparty/kernel/stable-queue.git] / releases / 4.9.129 / usb-cdc-wdm-fix-a-sleep-in-atomic-context-bug-in-service_outstanding_interrupt.patch

From 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427 Mon Sep 17 00:00:00 2001
From: Jia-Ju Bai <baijiaju1990@gmail.com>
Date: Sat, 1 Sep 2018 16:12:10 +0800
Subject: usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()

From: Jia-Ju Bai <baijiaju1990@gmail.com>

commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427 upstream.

wdm_in_callback() is a completion handler function for the USB driver.
So it should not sleep. But it calls service_outstanding_interrupt(),
which calls usb_submit_urb() with GFP_KERNEL.

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool DSAC.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/class/cdc-wdm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -470,7 +470,7 @@ static int service_outstanding_interrupt
 
 	set_bit(WDM_RESPONDING, &desc->flags);
 	spin_unlock_irq(&desc->iuspin);
-	rv = usb_submit_urb(desc->response, GFP_KERNEL);
+	rv = usb_submit_urb(desc->response, GFP_ATOMIC);
 	spin_lock_irq(&desc->iuspin);
 	if (rv) {
 		dev_err(&desc->intf->dev,
Commit	Line	Data
69a513a2 GKH	1	From 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427 Mon Sep 17 00:00:00 2001
	2	From: Jia-Ju Bai <baijiaju1990@gmail.com>
	3	Date: Sat, 1 Sep 2018 16:12:10 +0800
	4	Subject: usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()
	5
	6	From: Jia-Ju Bai <baijiaju1990@gmail.com>
	7
	8	commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427 upstream.
	9
	10	wdm_in_callback() is a completion handler function for the USB driver.
	11	So it should not sleep. But it calls service_outstanding_interrupt(),
	12	which calls usb_submit_urb() with GFP_KERNEL.
	13
	14	To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
	15
	16	This bug is found by my static analysis tool DSAC.
	17
	18	Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
	19	Cc: stable <stable@vger.kernel.org>
	20	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	21
	22	---
	23	drivers/usb/class/cdc-wdm.c \| 2 +-
	24	1 file changed, 1 insertion(+), 1 deletion(-)
	25
	26	--- a/drivers/usb/class/cdc-wdm.c
	27	+++ b/drivers/usb/class/cdc-wdm.c
	28	@@ -470,7 +470,7 @@ static int service_outstanding_interrupt
	29
	30	set_bit(WDM_RESPONDING, &desc->flags);
	31	spin_unlock_irq(&desc->iuspin);
	32	- rv = usb_submit_urb(desc->response, GFP_KERNEL);
	33	+ rv = usb_submit_urb(desc->response, GFP_ATOMIC);
	34	spin_lock_irq(&desc->iuspin);
	35	if (rv) {
	36	dev_err(&desc->intf->dev,