From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Date: Tue, 13 Feb 2018 17:46:16 +0000 (-0800)
Subject: rds: do not call ->conn_alloc with GFP_KERNEL
X-Git-Tag: v4.16-rc3~29^2~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4014d8cc6dfa964e3e66df525de2384e3583018;p=thirdparty%2Fkernel%2Flinux.git

rds: do not call ->conn_alloc with GFP_KERNEL

Commit ebeeb1ad9b8a ("rds: tcp: use rds_destroy_pending() to synchronize
netns/module teardown and rds connection/workq management")
adds an rcu read critical section to __rd_conn_create. The
memory allocations in that critcal section need to use
GFP_ATOMIC to avoid sleeping.

This patch was verified with syzkaller reproducer.

Reported-by: syzbot+a0564419941aaae3fe3c@syzkaller.appspotmail.com
Fixes: ebeeb1ad9b8a ("rds: tcp: use rds_destroy_pending() to synchronize
       netns/module teardown and rds connection/workq management")
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/rds/connection.c b/net/rds/connection.c
index 94e190febfddd..2da3176bf7924 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -224,7 +224,7 @@ static struct rds_connection *__rds_conn_create(struct net *net,
 	if (rds_destroy_pending(conn))
 		ret = -ENETDOWN;
 	else
-		ret = trans->conn_alloc(conn, gfp);
+		ret = trans->conn_alloc(conn, GFP_ATOMIC);
 	if (ret) {
 		rcu_read_unlock();
 		kfree(conn->c_path);