| From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| Date: Wed, 25 Apr 2018 20:12:31 +0900 |
| Subject: tty: Use __GFP_NOFAIL for tty_ldisc_get() |
| |
| commit bcdd0ca8cb8730573afebcaae4138f8f4c8eaa20 upstream. |
| |
| syzbot is reporting crashes triggered by memory allocation fault injection |
| at tty_ldisc_get() [1]. As an attempt to handle OOM in a graceful way, we |
| have tried commit 5362544bebe85071 ("tty: don't panic on OOM in |
| tty_set_ldisc()"). But we reverted that attempt by commit a8983d01f9b7d600 |
| ("Revert "tty: don't panic on OOM in tty_set_ldisc()"") due to reproducible |
| crash. We should spend resource for finding and fixing race condition bugs |
| rather than complicate error paths for 2 * sizeof(void *) bytes allocation |
| failure. |
| |
| [1] https://syzkaller.appspot.com/bug?id=489d33fa386453859ead58ff5171d43772b13aa3 |
| |
| Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| Reported-by: syzbot <syzbot+40b7287c2dc987c48c81@syzkaller.appspotmail.com> |
| Cc: Michal Hocko <mhocko@suse.com> |
| Cc: Vegard Nossum <vegard.nossum@gmail.com> |
| Cc: Dmitry Vyukov <dvyukov@google.com> |
| Cc: Jiri Slaby <jslaby@suse.com> |
| Cc: Peter Hurley <peter@hurleysoftware.com> |
| Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk> |
| Cc: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| drivers/tty/tty_ldisc.c | 11 +++++------ |
| 1 file changed, 5 insertions(+), 6 deletions(-) |
| |
| --- a/drivers/tty/tty_ldisc.c |
| +++ b/drivers/tty/tty_ldisc.c |
| @@ -171,12 +171,11 @@ static struct tty_ldisc *tty_ldisc_get(s |
| return ERR_CAST(ldops); |
| } |
| |
| - ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL); |
| - if (ld == NULL) { |
| - put_ldops(ldops); |
| - return ERR_PTR(-ENOMEM); |
| - } |
| - |
| + /* |
| + * There is no way to handle allocation failure of only 16 bytes. |
| + * Let's simplify error handling and save more memory. |
| + */ |
| + ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL | __GFP_NOFAIL); |
| ld->ops = ldops; |
| ld->tty = tty; |
| |