Commit ebeeb1ad9b8a ("rds: tcp: use rds_destroy_pending() to synchronize
netns/module teardown and rds connection/workq management") adds an
rcu read critical section to __rds_conn_create. The memory allocations
in that critcal section need to use GFP_ATOMIC to avoid sleeping.
This patch was verified with syzkaller reproducer.
Reported-by: syzbot+a0564419941aaae3f...@syzkaller.appspotmail.com
Signed-off-by: Sowmini Varadhan <sowmini.varad...@oracle.com>
Fixes: ebeeb1ad9b8a ("rds: tcp: use rds_destroy_pending() to synchronize
netns/module teardown and rds connection/workq management")
---
net/rds/connection.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index 94e190f..d0f5889 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -221,6 +221,8 @@ static void __rds_conn_path_init(struct rds_connection
*conn,
conn->c_path[i].cp_index = i;
}
rcu_read_lock();
+ gfp &= ~GFP_KERNEL;
+ gfp |= GFP_ATOMIC;
if (rds_destroy_pending(conn))
ret = -ENETDOWN;
else
--
1.7.1
