From: Jia-Ju Bai <baijiaju1990@gmail.com>
Date: Sat, 1 Sep 2018 08:12:10 +0000 (+0800)
Subject: usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()
X-Git-Tag: v4.14.72~71
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=80f539981a9b950ecc295ea9893e17f44c08ef9c;p=platform%2Fkernel%2Flinux-exynos.git

usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()

commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427 upstream.

wdm_in_callback() is a completion handler function for the USB driver.
So it should not sleep. But it calls service_outstanding_interrupt(),
which calls usb_submit_urb() with GFP_KERNEL.

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool DSAC.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
index 3e865dbf878c..a9509ecccedb 100644
--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -457,7 +457,7 @@ static int service_outstanding_interrupt(struct wdm_device *desc)
 
 	set_bit(WDM_RESPONDING, &desc->flags);
 	spin_unlock_irq(&desc->iuspin);
-	rv = usb_submit_urb(desc->response, GFP_KERNEL);
+	rv = usb_submit_urb(desc->response, GFP_ATOMIC);
 	spin_lock_irq(&desc->iuspin);
 	if (rv) {
 		dev_err(&desc->intf->dev,