[BUG] fs/aio: A possible sleep-in-atomic bug in aio_migratepage

From: Jia-Ju Bai
Date: Fri Oct 06 2017 - 21:37:07 EST

Next message: Linus Torvalds: "Re: [PATCH] ext2/super: Fix a possible sleep-in-atomic bug in parse_options"
Previous message: Michael Chan: "Re: [PATCH net-next 2/2] bnxt_en: tc: only the function prototypes need to be wrapped in #ifdef"
Next in thread: Al Viro: "Re: [BUG] fs/aio: A possible sleep-in-atomic bug in aio_migratepage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to fs/aio.c, cond_resched is called under a spinlock,
and the function call path is:
aio_migratepage (acquire the spinlock)
migrate_page_copy
copy_huge_page
__copy_gigantic_page
cond_resched
might_sleep

This bug is found by my static analysis tool and my code review.
A possible fix is to remove cond_resched in __copy_gigantic_page.

Thanks,
Jia-Ju Bai

Next message: Linus Torvalds: "Re: [PATCH] ext2/super: Fix a possible sleep-in-atomic bug in parse_options"
Previous message: Michael Chan: "Re: [PATCH net-next 2/2] bnxt_en: tc: only the function prototypes need to be wrapped in #ifdef"
Next in thread: Al Viro: "Re: [BUG] fs/aio: A possible sleep-in-atomic bug in aio_migratepage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]