add idr_preload() and idr_preload_end() around idr_alloc_u32(GFP_ATOMIC)
due to internal use of per_cpu variables, which requires preemption
disabling/enabling.
reported as "BUG: "using smp_processor_id() in preemptible" by syzkaller
Reported-by: syzbot+3eec59e770685e3dc...@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <duche...@gmail.com>
---
changelog
v1: change to GFP_KERNEL for idr_alloc_u32() but might sleep
v2: revert to GFP_ATOMIC but add preemption disable/enable protection
net/qrtr/qrtr.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
index edb6ac17ceca..6361f169490e 100644
--- a/net/qrtr/qrtr.c
+++ b/net/qrtr/qrtr.c
@@ -722,17 +722,23 @@ static int qrtr_port_assign(struct qrtr_sock *ipc, int
*port)
mutex_lock(&qrtr_port_lock);
if (!*port) {
min_port = QRTR_MIN_EPH_SOCKET;
+ idr_preload(GFP_ATOMIC);
rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port,
QRTR_MAX_EPH_SOCKET, GFP_ATOMIC);
+ idr_preload_end();
if (!rc)
*port = min_port;
} else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {
rc = -EACCES;
} else if (*port == QRTR_PORT_CTRL) {
min_port = 0;
+ idr_preload(GFP_ATOMIC);
rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, 0, GFP_ATOMIC);
+ idr_preload_end();
} else {
min_port = *port;
+ idr_preload(GFP_ATOMIC);
rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, *port,
GFP_ATOMIC);
+ idr_preload_end();
if (!rc)
*port = min_port;
}
--
2.27.0
