riocm_send_close() is called from rio_cm_shutdown() and riocm_ch_close().
The first site is within section protected by idr_lock spinlock,
while the second one is not in atomic context.
The patch adds gfp_t argument to allocate memory appropriately to
the corresponding context.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshi...@ispras.ru>
---
drivers/rapidio/rio_cm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/rapidio/rio_cm.c b/drivers/rapidio/rio_cm.c
index 3fa17ac8df54..ff5ed8970309 100644
--- a/drivers/rapidio/rio_cm.c
+++ b/drivers/rapidio/rio_cm.c
@@ -1395,7 +1395,7 @@ static void riocm_ch_free(struct kref *ref)
complete(&ch->comp_close);
}
-static int riocm_send_close(struct rio_channel *ch)
+static int riocm_send_close(struct rio_channel *ch, gfp_t gfp)
{
struct rio_ch_chan_hdr *hdr;
int ret;
@@ -1404,7 +1404,7 @@ static int riocm_send_close(struct rio_channel *ch)
* Send CH_CLOSE notification to the remote RapidIO device
*/
- hdr = kzalloc(sizeof(*hdr), GFP_KERNEL);
+ hdr = kzalloc(sizeof(*hdr), gfp);
if (hdr == NULL)
return -ENOMEM;
@@ -1450,7 +1450,7 @@ static int riocm_ch_close(struct rio_channel *ch)
state = riocm_exch(ch, RIO_CM_DESTROYING);
if (state == RIO_CM_CONNECTED)
- riocm_send_close(ch);
+ riocm_send_close(ch, GFP_KERNEL);
complete_all(&ch->comp);
@@ -2254,7 +2254,7 @@ static int rio_cm_shutdown(struct notifier_block *nb,
unsigned long code,
idr_for_each_entry(&ch_idr, ch, i) {
riocm_debug(EXIT, "close ch %d", ch->id);
if (ch->state == RIO_CM_CONNECTED)
- riocm_send_close(ch);
+ riocm_send_close(ch, GFP_ATOMIC);
}
spin_unlock_bh(&idr_lock);
--
2.7.4
