| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251121143500.42111-2-frederic@kernel.org> Date: Fri, 21 Nov 2025 15:34:58 +0100 From: Frederic Weisbecker <frederic@...nel.org> To: Thomas Gleixner <tglx@...utronix.de> Cc: LKML <linux-kernel@...r.kernel.org>, Marek Szyprowski <m.szyprowski@...sung.com>, Marco Crivellari <marco.crivellari@...e.com>, Waiman Long <llong@...hat.com>, cgroups@...r.kernel.org, Frederic Weisbecker <frederic@...nel.org> Subject: [PATCH 1/3 v3] genirq: Prevent from early irq thread spurious wake-ups From: Thomas Gleixner <tglx@...utronix.de> During initialization, the IRQ thread is created before the IRQ get a chance to be enabled. But the IRQ enablement may happen before the first official kthread wake up point. As a result, the firing IRQ can perform an early wake-up of the IRQ thread before the first official kthread wake up point. Although this has happened to be harmless so far, this uncontrolled behaviour is a bug waiting to happen at some point in the future with the threaded handler accessing halfway initialized states. Prevent from such surprise with performing a wake-up only if the target is in TASK_INTERRUPTIBLE state. Since the IRQ thread waits in this state for interrupts to handle only after proper initialization, it is then guaranteed not to be spuriously woken up while waiting in TASK_UNINTERRUPTIBLE, right after creation in the kthread code, before the official first wake up point to be reached. Not-yet-Signed-off-by: Thomas Gleixner <tglx@...utronix.de> Signed-off-by: Frederic Weisbecker <frederic@...nel.org> --- kernel/irq/handle.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c index e103451243a0..786f5570a640 100644 --- a/kernel/irq/handle.c +++ b/kernel/irq/handle.c @@ -133,7 +133,15 @@ void __irq_wake_thread(struct irq_desc *desc, struct irqaction *action) */ atomic_inc(&desc->threads_active); - wake_up_process(action->thread); + /* + * This might be a premature wakeup before the thread reached the + * thread function and set the IRQTF_READY bit. It's waiting in + * kthread code with state UNINTERRUPTIBLE. Once it reaches the + * thread function it waits with INTERRUPTIBLE. The wakeup is not + * lost in that case because the thread is guaranteed to observe + * the RUN flag before it goes to sleep in wait_for_interrupt(). + */ + wake_up_state(action->thread, TASK_INTERRUPTIBLE); } static DEFINE_STATIC_KEY_FALSE(irqhandler_duration_check_enabled); -- 2.51.1
Powered by blists - more mailing lists