| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Aug 2016 21:11:48 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, kernel test robot <xiaolong.ye@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Adam Borowski <kilobyte@...band.pl>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Anna-Maria Gleixner <anna-maria@...utronix.de>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Borislav Petkov <bp@...e.de>, Jiri Olsa <jolsa@...hat.com>,
Kan Liang <kan.liang@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Stephane Eranian <eranian@...gle.com>,
Vince Weaver <vincent.weaver@...ne.edu>, lkp@...org,
tipbuild@...or.com, Ingo Molnar <mingo@...nel.org>
Subject: [PATCH 4.6 85/96] cpu/hotplug: Keep enough storage space if SMP=n to avoid array out of bounds scribble
4.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@...utronix.de>
commit a7c734140aa36413944eef0f8c660e0e2256357d upstream.
Xiaolong Ye reported lock debug warnings triggered by the following commit:
8de4a0066106 ("perf/x86: Convert the core to the hotplug state machine")
The bug is the following: the cpuhp_bp_states[] array is cut short when
CONFIG_SMP=n, but the dynamically registered callbacks are stored nevertheless
and happily scribble outside of the array bounds...
We need to store them in case that the state is unregistered so we can invoke
the teardown function. That's independent of CONFIG_SMP. Make sure the array
is large enough.
Reported-by: kernel test robot <xiaolong.ye@...el.com>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Cc: Adam Borowski <kilobyte@...band.pl>
Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Cc: Anna-Maria Gleixner <anna-maria@...utronix.de>
Cc: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: Borislav Petkov <bp@...e.de>
Cc: Jiri Olsa <jolsa@...hat.com>
Cc: Kan Liang <kan.liang@...el.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: Stephane Eranian <eranian@...gle.com>
Cc: Vince Weaver <vincent.weaver@...ne.edu>
Cc: lkp@...org
Cc: tipbuild@...or.com
Fixes: cff7d378d3fd "cpu/hotplug: Convert to a state machine for the control processor"
Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1607122144560.4083@nanos
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
kernel/cpu.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -1218,6 +1218,8 @@ static struct cpuhp_step cpuhp_bp_states
.teardown = takedown_cpu,
.cant_stop = true,
},
+#else
+ [CPUHP_BRINGUP_CPU] = { },
#endif
};
Powered by blists - more mailing lists