[PATCH] staging: android: ion: Bail out upon SIGKILL when allocating memory.
From: Tetsuo Handa
Date: Mon Jul 01 2019 - 06:55:52 EST
Andrew, can you pick up this patch? No response from Laura Abbott nor Sumit Semwal.
On 2019/06/21 18:58, Tetsuo Handa wrote:
> From e0758655727044753399fb4f7c5f3eb25ac5cccd Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Date: Fri, 21 Jun 2019 11:22:51 +0900
> Subject: [PATCH] staging: android: ion: Bail out upon SIGKILL when allocating memory.
>
> syzbot found that a thread can stall for minutes inside
> ion_system_heap_allocate() after that thread was killed by SIGKILL [1].
> Let's check for SIGKILL before doing memory allocation.
>
> [1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f5e
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Reported-by: syzbot <syzbot+8ab2d0f39fb79fe6ca40@xxxxxxxxxxxxxxxxxxxxxxxxx>
> ---
> drivers/staging/android/ion/ion_page_pool.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/staging/android/ion/ion_page_pool.c b/drivers/staging/android/ion/ion_page_pool.c
> index fd4995fb676e..f85ec5b16b65 100644
> --- a/drivers/staging/android/ion/ion_page_pool.c
> +++ b/drivers/staging/android/ion/ion_page_pool.c
> @@ -8,11 +8,14 @@
> #include <linux/list.h>
> #include <linux/slab.h>
> #include <linux/swap.h>
> +#include <linux/sched/signal.h>
>
> #include "ion.h"
>
> static inline struct page *ion_page_pool_alloc_pages(struct ion_page_pool *pool)
> {
> + if (fatal_signal_pending(current))
> + return NULL;
> return alloc_pages(pool->gfp_mask, pool->order);
> }
>
>