| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zfidal8CEZStp3R7@zx2c4.com> Date: Mon, 18 Mar 2024 21:00:42 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: Guoyong Wang <guoyong.wang@...iatek.com> Cc: Theodore Ts'o <tytso@....edu>, Tejun Heo <tj@...nel.org>, Lai Jiangshan <jiangshanlai@...il.com>, Matthias Brugger <matthias.bgg@...il.com>, AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-mediatek@...ts.infradead.org, wsd_upstream@...iatek.com Subject: Re: [PATCH] random: Fix the issue of '_might_sleep' function running in an atomic contex Hi Guoyong, On Mon, Mar 18, 2024 at 03:53:27PM +0800, Guoyong Wang wrote: > 'input_handle_event' runs in an atomic context > (spinlock). In rare instances, it may call > the '_might_sleep' function, which could trigger > a kernel exception. > > Backtrace: > [<ffffffd613025ba0>] die+0xa8/0x2fc > [<ffffffd613027428>] bug_handler+0x44/0xec > [<ffffffd613016964>] brk_handler+0x90/0x144 > [<ffffffd613041e58>] do_debug_exception+0xa0/0x148 > [<ffffffd61400c208>] el1_dbg+0x60/0x7c > [<ffffffd61400c000>] el1h_64_sync_handler+0x38/0x90 > [<ffffffd613011294>] el1h_64_sync+0x64/0x6c > [<ffffffd613102d88>] __might_resched+0x1fc/0x2e8 > [<ffffffd613102b54>] __might_sleep+0x44/0x7c > [<ffffffd6130b6eac>] cpus_read_lock+0x1c/0xec > [<ffffffd6132c2820>] static_key_enable+0x14/0x38 > [<ffffffd61400ac08>] crng_set_ready+0x14/0x28 > [<ffffffd6130df4dc>] execute_in_process_context+0xb8/0xf8 > [<ffffffd61400ab30>] _credit_init_bits+0x118/0x1dc > [<ffffffd6138580c8>] add_timer_randomness+0x264/0x270 > [<ffffffd613857e54>] add_input_randomness+0x38/0x48 > [<ffffffd613a80f94>] input_handle_event+0x2b8/0x490 > [<ffffffd613a81310>] input_event+0x6c/0x98 Thanks for reporting this. I'm wondering, though, rather than introducing a second function, maybe execute_in_process_context() should just gain a `&& !in_atomic()`. That'd make things a bit simpler. However, I'm pretty sure in_atomic() isn't actually a reliable way of determining that, depending on config. So maybe this should just call the worker always (if system_wq isn't null). Alternatively, any chance the call to add_input_randomness() could be moved outside the spinlock, or does this not look possible? Jason
Powered by blists - more mailing lists