lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240316053948.1711-1-hdanton@sina.com>
Date: Sat, 16 Mar 2024 13:39:48 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+28c1a5a5b041a754b947@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [sound?] possible deadlock in snd_pcm_period_elapsed (4)

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git  master

--- x/sound/core/timer.c
+++ y/sound/core/timer.c
@@ -409,8 +409,9 @@ static void snd_timer_close_locked(struc
 	struct snd_timer *timer = timeri->timer;
 
 	if (timer) {
-		guard(spinlock)(&timer->lock);
+		spin_lock_irq(&timer->lock);
 		timeri->flags |= SNDRV_TIMER_IFLG_DEAD;
+		spin_unlock_irq(&timer->lock);
 	}
 
 	if (!list_empty(&timeri->open_list)) {
--- x/drivers/virtio/virtio_ring.c
+++ y/drivers/virtio/virtio_ring.c
@@ -316,7 +316,13 @@ static void *vring_alloc_queue(struct vi
 		return dma_alloc_coherent(dma_dev, size,
 					  dma_handle, flag);
 	} else {
-		void *queue = alloc_pages_exact(PAGE_ALIGN(size), flag);
+		void *queue;
+		unsigned long sz = PAGE_ALIGN(size);
+		unsigned int order = 0;
+
+		while ((PAGE_SIZE << order) < sz)
+			order++;
+		queue = (void *) __get_free_pages(flag, order);
 
 		if (queue) {
 			phys_addr_t phys_addr = virt_to_phys(queue);
@@ -334,7 +340,7 @@ static void *vring_alloc_queue(struct vi
 			 * unrepresentable address.
 			 */
 			if (WARN_ON_ONCE(*dma_handle != phys_addr)) {
-				free_pages_exact(queue, PAGE_ALIGN(size));
+				free_pages((unsigned long) queue, order);
 				return NULL;
 			}
 		}
@@ -348,8 +354,14 @@ static void vring_free_queue(struct virt
 {
 	if (vring_use_dma_api(vdev))
 		dma_free_coherent(dma_dev, size, queue, dma_handle);
-	else
-		free_pages_exact(queue, PAGE_ALIGN(size));
+	else {
+		unsigned long sz = PAGE_ALIGN(size);
+		unsigned int order = 0;
+
+		while ((PAGE_SIZE << order) < sz)
+			order++;
+		free_pages((unsigned long) queue, order);
+	}
 }
 
 /*
--- x/mm/debug_vm_pgtable.c
+++ y/mm/debug_vm_pgtable.c
@@ -77,6 +77,7 @@ struct pgtable_debug_args {
 	pgprot_t		page_prot_none;
 
 	bool			is_contiguous_page;
+	unsigned int		ctg_order;
 	unsigned long		pud_pfn;
 	unsigned long		pmd_pfn;
 	unsigned long		pte_pfn;
@@ -1033,7 +1034,8 @@ static void __init destroy_args(struct p
 	    has_transparent_pud_hugepage() &&
 	    args->pud_pfn != ULONG_MAX) {
 		if (args->is_contiguous_page) {
-			free_contig_range(args->pud_pfn,
+			if (args->ctg_order == HPAGE_PUD_SHIFT - PAGE_SHIFT)
+				free_contig_range(args->pud_pfn,
 					  (1 << (HPAGE_PUD_SHIFT - PAGE_SHIFT)));
 		} else {
 			page = pfn_to_page(args->pud_pfn);
@@ -1049,7 +1051,8 @@ static void __init destroy_args(struct p
 	    has_transparent_hugepage() &&
 	    args->pmd_pfn != ULONG_MAX) {
 		if (args->is_contiguous_page) {
-			free_contig_range(args->pmd_pfn, (1 << HPAGE_PMD_ORDER));
+			if (args->ctg_order == HPAGE_PMD_ORDER)
+				free_contig_range(args->pmd_pfn, (1 << HPAGE_PMD_ORDER));
 		} else {
 			page = pfn_to_page(args->pmd_pfn);
 			__free_pages(page, HPAGE_PMD_ORDER);
@@ -1104,6 +1107,7 @@ debug_vm_pgtable_alloc_huge_page(struct
 					  first_online_node, NULL);
 		if (page) {
 			args->is_contiguous_page = true;
+			args->ctg_order = order;
 			return page;
 		}
 	}
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ