From: Minghao Chi chi.minghao@zte.com.cn
commit 520ba724061cef59763e2b6f5b26e8387c2e5822 upstream.
We can't call kvfree() with a spin lock held, so defer it.
Link: https://lkml.kernel.org/r/20211223031207.556189-1-chi.minghao@zte.com.cn Fixes: fc37a3b8b438 ("[PATCH] ipc sem: use kvmalloc for sem_undo allocation") Reported-by: Zeal Robot zealci@zte.com.cn Signed-off-by: Minghao Chi chi.minghao@zte.com.cn Reviewed-by: Shakeel Butt shakeelb@google.com Reviewed-by: Manfred Spraul manfred@colorfullife.com Cc: Arnd Bergmann arnd@arndb.de Cc: Yang Guang cgel.zte@gmail.com Cc: Davidlohr Bueso dbueso@suse.de Cc: Randy Dunlap rdunlap@infradead.org Cc: Bhaskar Chowdhury unixbhaskar@gmail.com Cc: Vasily Averin vvs@virtuozzo.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- ipc/sem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/ipc/sem.c +++ b/ipc/sem.c @@ -1964,6 +1964,7 @@ static struct sem_undo *find_alloc_undo( */ un = lookup_undo(ulp, semid); if (un) { + spin_unlock(&ulp->lock); kvfree(new); goto success; } @@ -1976,9 +1977,8 @@ static struct sem_undo *find_alloc_undo( ipc_assert_locked_object(&sma->sem_perm); list_add(&new->list_id, &sma->list_id); un = new; - -success: spin_unlock(&ulp->lock); +success: sem_unlock(sma, -1); out: return un;