Commit ebeeb1ad9b8a ("rds: tcp: use rds_destroy_pending() to synchronize
netns/module teardown and rds connection/workq management") adds an
rcu read critical section to __rds_conn_create. The memory allocations
in that critcal section need to use GFP_ATOMIC to avoid sleeping.This patch was verified with syzkaller reproducer. Reported-by: [email protected] Signed-off-by: Sowmini Varadhan <[email protected]> Fixes: ebeeb1ad9b8a ("rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management") --- net/rds/connection.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/net/rds/connection.c b/net/rds/connection.c index 94e190f..d0f5889 100644 --- a/net/rds/connection.c +++ b/net/rds/connection.c @@ -221,6 +221,8 @@ static void __rds_conn_path_init(struct rds_connection *conn, conn->c_path[i].cp_index = i; } rcu_read_lock(); + gfp &= ~GFP_KERNEL; + gfp |= GFP_ATOMIC; if (rds_destroy_pending(conn)) ret = -ENETDOWN; else -- 1.7.1
