| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEEQ3wmk5jBOPqD-5GUZ+463mcG919uuKVnBJrWedKLssVDBaA@mail.gmail.com> Date: Thu, 20 Feb 2025 20:49:50 +0800 From: yunhui cui <cuiyunhui@...edance.com> To: peterz@...radead.org, mingo@...hat.com, will@...nel.org, boqun.feng@...il.com, longman@...hat.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] locking/mutex: add MUTEX_WARN_ON() into fast path Hi All, Gentle ping. Any comments on this patch? On Sun, Jan 26, 2025 at 11:32 AM Yunhui Cui <cuiyunhui@...edance.com> wrote: > > Scenario: In platform_device_register, the driver misuses struct > device as platform_data, making kmemdup duplicate a device. Accessing > the duplicate may cause list corruption due to its mutex magic or list > holding old content. > It recurs randomly as the first mutex - getting process skips the slow > path and mutex check. Adding MUTEX_WARN_ON(lock->magic!= lock) in > __mutex_trylock_fast() makes it always happen. > > Signed-off-by: Yunhui Cui <cuiyunhui@...edance.com> > --- > kernel/locking/mutex.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c > index b36f23de48f1..19b636f60a24 100644 > --- a/kernel/locking/mutex.c > +++ b/kernel/locking/mutex.c > @@ -143,6 +143,8 @@ static __always_inline bool __mutex_trylock_fast(struct mutex *lock) > unsigned long curr = (unsigned long)current; > unsigned long zero = 0UL; > > + MUTEX_WARN_ON(lock->magic != lock); > + > if (atomic_long_try_cmpxchg_acquire(&lock->owner, &zero, curr)) > return true; > > -- > 2.39.2 > Thanks, Yunhui
Powered by blists - more mailing lists