[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220315112521.29093-1-cheng-jui.wang@mediatek.com>
Date: Tue, 15 Mar 2022 19:25:21 +0800
From: Cheng Jui Wang <cheng-jui.wang@...iatek.com>
To: <linux-kernel@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-mediatek@...ts.infradead.org>
CC: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>, Will Deacon <will@...nel.org>,
Waiman Long <longman@...hat.com>,
Boqun Feng <boqun.feng@...il.com>,
Matthias Brugger <matthias.bgg@...il.com>,
"Bart Van Assche" <bvanassche@....org>,
<wsd_upstream@...iatek.com>,
Eason-YH Lin <eason-yh.lin@...iatek.com>,
Kobe-CP Wu <kobe-cp.wu@...iatek.com>,
"Jeff-cc Hsu" <jeff-cc.hsu@...iatek.com>,
Cheng Jui Wang <cheng-jui.wang@...iatek.com>
Subject: [PATCH] lockdep: Zap lock classes with debug_locks == false again
If a lock_class_key has been registered but lockdep_unregister_key() is
called with debug_locks == false. The lockdep_unregister_key() will not
unregister the key and just return without error.
Users may assume lockdep_unregister_key() always succeed and free the
lock_class_key even if it is still remained in lockdep structures.
Which lead to following crash when 'cat /proc/lockdep' after
debug_locks == false:
==================================================================
BUG: KASAN: invalid-access in string+0x50/0x10c
Read at addr f2ffff81ac61c880 by ...
Pointer tag: [f2], memory tag: [fb]
...
Call trace:
dump_backtrace.cfi_jt+0x0/0x8
show_stack+0x1c/0x2c
dump_stack_lvl+0xd8/0x16c
print_address_description+0x90/0x2e8
__kasan_report+0x144/0x224
kasan_report+0x50/0xa0
__do_kernel_fault+0xf4/0x2a8
do_bad_area+0x34/0xf8
do_tag_check_fault+0x24/0x38
do_mem_abort+0x68/0x168
el1_abort+0x4c/0x74
el1_sync_handler+0x4c/0x8c
el1_sync+0x8c/0x140
string+0x50/0x10c
vsnprintf+0x468/0x69c
seq_printf+0x8c/0xd8
print_name+0x64/0xf4
l_show+0x1a8/0x278
seq_read_iter+0x3cc/0x5fc
proc_reg_read_iter+0xdc/0x1d4
vfs_read+0x2e0/0x354
ksys_read+0x7c/0xec
__arm64_sys_read+0x20/0x30
el0_svc_common.llvm.8008154191216078041+0xd8/0x20c
do_el0_svc+0x28/0xa0
el0_svc+0x24/0x38
el0_sync_handler+0x88/0xec
el0_sync+0x1b4/0x1c0
...
==================================================================
Allow lockdep_unregister_key to zap lock classes with
debug_locks == false again.
Remove the WARN_ON_ONCE(!found) and only zap lock classes when the key
can be found.
Fixes: 8b39adbee805 ("locking/lockdep: Make lockdep_unregister_key() honor 'debug_locks' again")
Signed-off-by: Cheng Jui Wang <cheng-jui.wang@...iatek.com>
---
kernel/locking/lockdep.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index f8a0212189ca..90dadecb2577 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -6305,8 +6305,7 @@ void lockdep_unregister_key(struct lock_class_key *key)
return;
raw_local_irq_save(flags);
- if (!graph_lock())
- goto out_irq;
+ lockdep_lock();
pf = get_pending_free();
hlist_for_each_entry_rcu(k, hash_head, hash_entry) {
@@ -6316,11 +6315,11 @@ void lockdep_unregister_key(struct lock_class_key *key)
break;
}
}
- WARN_ON_ONCE(!found);
- __lockdep_free_key_range(pf, key, 1);
- call_rcu_zapped(pf);
- graph_unlock();
-out_irq:
+ if (found) {
+ __lockdep_free_key_range(pf, key, 1);
+ call_rcu_zapped(pf);
+ }
+ lockdep_unlock();
raw_local_irq_restore(flags);
/* Wait until is_dynamic_key() has finished accessing k->hash_entry. */
--
2.18.0
Powered by blists - more mailing lists