| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190821092409.13225-2-julien.grall@arm.com>
Date: Wed, 21 Aug 2019 10:24:07 +0100
From: Julien Grall <julien.grall@....com>
To: linux-rt-users@...r.kernel.org
Cc: tglx@...utronix.de, linux-kernel@...r.kernel.org, maz@...nel.org,
bigeasy@...utronix.de, rostedt@...dmis.org,
Julien Grall <julien.grall@....com>
Subject: [RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock()
The update to timer->base is protected by the base->cpu_base->lock().
However, hrtimer_grab_expirty_lock() does not access it with the lock.
So it would theorically be possible to have timer->base changed under
our feet. We need to prevent the compiler to refetch timer->base so the
check and the access is performed on the same base.
Other access of timer->base are either done with a lock or protected
with READ_ONCE(). So use READ_ONCE() in hrtimer_grab_expirty_lock().
Signed-off-by: Julien Grall <julien.grall@....com>
---
This is rather theoritical so far as I don't have a reproducer for this.
---
kernel/time/hrtimer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
index 7d7db8802131..b869e816e96a 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -932,7 +932,7 @@ EXPORT_SYMBOL_GPL(hrtimer_forward);
void hrtimer_grab_expiry_lock(const struct hrtimer *timer)
{
- struct hrtimer_clock_base *base = timer->base;
+ struct hrtimer_clock_base *base = READ_ONCE(timer->base);
if (base && base->cpu_base) {
spin_lock(&base->cpu_base->softirq_expiry_lock);
--
2.11.0
Powered by blists - more mailing lists