linux/drivers/char
Corey Minyard 3b9a907223 ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier
free_user() could be called in atomic context.

This patch pushed the free operation off into a workqueue.

Example:

 BUG: sleeping function called from invalid context at kernel/workqueue.c:2856
 in_atomic(): 1, irqs_disabled(): 0, pid: 177, name: ksoftirqd/27
 CPU: 27 PID: 177 Comm: ksoftirqd/27 Not tainted 4.19.25-3 #1
 Hardware name: AIC 1S-HV26-08/MB-DPSB04-06, BIOS IVYBV060 10/21/2015
 Call Trace:
  dump_stack+0x5c/0x7b
  ___might_sleep+0xec/0x110
  __flush_work+0x48/0x1f0
  ? try_to_del_timer_sync+0x4d/0x80
  _cleanup_srcu_struct+0x104/0x140
  free_user+0x18/0x30 [ipmi_msghandler]
  ipmi_free_recv_msg+0x3a/0x50 [ipmi_msghandler]
  deliver_response+0xbd/0xd0 [ipmi_msghandler]
  deliver_local_response+0xe/0x30 [ipmi_msghandler]
  handle_one_recv_msg+0x163/0xc80 [ipmi_msghandler]
  ? dequeue_entity+0xa0/0x960
  handle_new_recv_msgs+0x15c/0x1f0 [ipmi_msghandler]
  tasklet_action_common.isra.22+0x103/0x120
  __do_softirq+0xf8/0x2d7
  run_ksoftirqd+0x26/0x50
  smpboot_thread_fn+0x11d/0x1e0
  kthread+0x103/0x140
  ? sort_range+0x20/0x20
  ? kthread_destroy_worker+0x40/0x40
  ret_from_fork+0x1f/0x40

Fixes: 77f8269606 ("ipmi: fix use-after-free of user->release_barrier.rda")

Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org # 5.0
Cc: Yang Yingliang <yangyingliang@huawei.com>
2019-04-17 10:29:27 -05:00
..
agp agp: efficeon: no need to set PG_reserved on GATT tables 2019-03-05 21:07:18 -08:00
hw_random ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
ipmi ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier 2019-04-17 10:29:27 -05:00
mwave char/mwave: fix potential Spectre v1 vulnerability 2019-01-18 16:42:05 +01:00
pcmcia Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
tpm tpm: Fix the type of the return value in calc_tpm2_event_size() 2019-04-08 15:58:54 -07:00
xilinx_hwicap
xillybus
adi.c
apm-emulation.c
applicom.c applicom: Fix potential Spectre v1 vulnerabilities 2019-01-22 13:34:35 +01:00
applicom.h
bsr.c
ds1620.c
dsp56k.c
dtlk.c
efirtc.c efirtc: remove unnecessary code efi_rtc_open & efi_rtc_close 2019-01-22 13:19:12 +01:00
hangcheck-timer.c
hpet.c hpet: Use struct_size() in kzalloc() 2019-02-26 12:53:55 +01:00
Kconfig tty: mark Siemens R3964 line discipline as BROKEN 2019-04-05 05:56:44 -10:00
lp.c char: lp: mark expected switch fall-through 2019-02-13 19:45:57 +01:00
Makefile char/generic_nvram: Remove as unused 2019-01-22 10:21:45 +01:00
mbcs.c mbcs: add .owner to mbcs struct file_operations 2019-01-22 14:56:00 +01:00
mbcs.h
mem.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
misc.c
mspec.c
nsc_gpio.c
nvram.c powerpc: Adopt nvram module for PPC64 2019-01-22 10:21:45 +01:00
nwbutton.c
nwbutton.h
nwflash.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
pc8736x_gpio.c
powernv-op-panel.c
ppdev.c
ps3flash.c
random.c crypto: chacha20-generic - refactor to allow varying number of rounds 2018-11-20 14:26:55 +08:00
raw.c treewide: Use array_size() in vzalloc() 2018-06-12 16:19:22 -07:00
rtc.c RTC for 4.21 2019-01-01 13:24:31 -08:00
scx200_gpio.c
snsc_event.c
snsc.c
snsc.h
sonypi.c
tb0219.c
tlclk.c tlclk: clean an indentation issue, remove extraneous tabs 2018-11-11 12:58:27 -08:00
toshiba.c
ttyprintk.c ttyprintk: make the printk log level configurable 2018-11-09 08:58:18 -08:00
uv_mmtimer.c
virtio_console.c char: virtio: Change to use DEFINE_SHOW_ATTRIBUTE macro 2018-12-06 15:42:18 +01:00