lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <161619083334.398.8036450907118788955.tip-bot2@tip-bot2>
Date:   Fri, 19 Mar 2021 21:53:53 -0000
From:   "tip-bot2 for Vitaly Kuznetsov" <tip-bot2@...utronix.de>
To:     linux-tip-commits@...r.kernel.org
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Vitaly Kuznetsov <vkuznets@...hat.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org, maz@...nel.org
Subject: [tip: irq/core] genirq/matrix: Prevent allocation counter corruption

The following commit has been merged into the irq/core branch of tip:

Commit-ID:     c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab
Gitweb:        https://git.kernel.org/tip/c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab
Author:        Vitaly Kuznetsov <vkuznets@...hat.com>
AuthorDate:    Fri, 19 Mar 2021 12:18:23 +01:00
Committer:     Thomas Gleixner <tglx@...utronix.de>
CommitterDate: Fri, 19 Mar 2021 22:52:11 +01:00

genirq/matrix: Prevent allocation counter corruption

When irq_matrix_free() is called for an unallocated vector the
managed_allocated and total_allocated counters get out of sync with the
real state of the matrix. Later, when the last interrupt is freed, these
counters will underflow resulting in UINTMAX because the counters are
unsigned.

While this is certainly a problem of the calling code, this can be catched
in the allocator by checking the allocation bit for the to be freed vector
which simplifies debugging.

An example of the problem described above:
https://lore.kernel.org/lkml/20210318192819.636943062@linutronix.de/

Add the missing sanity check and emit a warning when it triggers.

Suggested-by: Thomas Gleixner <tglx@...utronix.de>
Signed-off-by: Vitaly Kuznetsov <vkuznets@...hat.com>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Link: https://lore.kernel.org/r/20210319111823.1105248-1-vkuznets@redhat.com

---
 kernel/irq/matrix.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/irq/matrix.c b/kernel/irq/matrix.c
index 6f8b1d1..578596e 100644
--- a/kernel/irq/matrix.c
+++ b/kernel/irq/matrix.c
@@ -422,7 +422,9 @@ void irq_matrix_free(struct irq_matrix *m, unsigned int cpu,
 	if (WARN_ON_ONCE(bit < m->alloc_start || bit >= m->alloc_end))
 		return;
 
-	clear_bit(bit, cm->alloc_map);
+	if (WARN_ON_ONCE(!test_and_clear_bit(bit, cm->alloc_map)))
+		return;
+
 	cm->allocated--;
 	if(managed)
 		cm->managed_allocated--;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ