| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Dec 2022 12:30:28 -0800
From: Kees Cook <keescook@...omium.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Kees Cook <keescook@...omium.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Jann Horn <jannh@...gle.com>, Arnd Bergmann <arnd@...db.de>,
Petr Mladek <pmladek@...e.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Luis Chamberlain <mcgrof@...nel.org>,
Marco Elver <elver@...gle.com>,
tangmeng <tangmeng@...ontech.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Tiezhu Yang <yangtiezhu@...ngson.cn>,
Stafford Horne <shorne@...il.com>,
"Guilherme G. Piccoli" <gpiccoli@...lia.com>,
John Ogness <john.ogness@...utronix.de>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: [PATCH] exit: Use READ_ONCE() for all oops/warn limit reads
Use a temporary variable to take full advantage of READ_ONCE() behavior.
Without this, the report (and even the test) might be out of sync with
the initial test.
Reported-by: Peter Zijlstra <peterz@...radead.org>
Link: https://lore.kernel.org/lkml/Y5x7GXeluFmZ8E0E@hirez.programming.kicks-ass.net
Fixes: 9fc9e278a5c0 ("panic: Introduce warn_limit")
Fixes: d4ccd54d28d3 ("exit: Put an upper limit on how often we can oops")
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Jann Horn <jannh@...gle.com>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Petr Mladek <pmladek@...e.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Luis Chamberlain <mcgrof@...nel.org>
Cc: Marco Elver <elver@...gle.com>
Cc: tangmeng <tangmeng@...ontech.com>
Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: Tiezhu Yang <yangtiezhu@...ngson.cn>
Signed-off-by: Kees Cook <keescook@...omium.org>
---
kernel/exit.c | 6 ++++--
kernel/panic.c | 7 +++++--
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/kernel/exit.c b/kernel/exit.c
index deffb8e4b1b2..15dc2ec80c46 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -931,6 +931,7 @@ void __noreturn make_task_dead(int signr)
* Then do everything else.
*/
struct task_struct *tsk = current;
+ unsigned int limit;
if (unlikely(in_interrupt()))
panic("Aiee, killing interrupt handler!");
@@ -954,8 +955,9 @@ void __noreturn make_task_dead(int signr)
* To make sure this can't happen, place an upper bound on how often the
* kernel may oops without panic().
*/
- if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
- panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
+ limit = READ_ONCE(oops_limit);
+ if (atomic_inc_return(&oops_count) >= limit && limit)
+ panic("Oopsed too often (kernel.oops_limit is %d)", limit);
/*
* We're taking recursive faults here in make_task_dead. Safest is to just
diff --git a/kernel/panic.c b/kernel/panic.c
index 54deb743b2d5..7834c9854e02 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -231,12 +231,15 @@ static void panic_print_sys_info(bool console_flush)
void check_panic_on_warn(const char *origin)
{
+ unsigned int limit;
+
if (panic_on_warn)
panic("%s: panic_on_warn set ...\n", origin);
- if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit)
+ limit = READ_ONCE(warn_limit);
+ if (atomic_inc_return(&warn_count) >= limit && limit)
panic("%s: system warned too often (kernel.warn_limit is %d)",
- origin, warn_limit);
+ origin, limit);
}
/**
--
2.34.1
Powered by blists - more mailing lists