lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cb2103843f235bc8ca2e10d065f3191cd414d5a9.1770155771.git.jpoimboe@kernel.org>
Date: Tue,  3 Feb 2026 13:59:32 -0800
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: linux-kernel@...r.kernel.org,
	Peter Zijlstra <peterz@...radead.org>,
	Julia Lawall <julia.lawall@...ia.fr>
Subject: [PATCH 1/2] unwind: Fix negative bit check in unwind_deferred_request()

The following warning will never trigger because 'bit' is unsigned:

	if (WARN_ON_ONCE(bit < 0))
		return -EINVAL;

That variable is used for two distinct purposes, so split it into two
variables accordingly: an 'int bit' and an 'unsigned long bit_mask'.
Rename a few other variables for consistency with the "*_mask" scheme.

Fixes: 357eda2d7450 ("unwind deferred: Use SRCU unwind_deferred_task_work()")
Reported-by: Julia Lawall <julia.lawall@...ia.fr>
Signed-off-by: Josh Poimboeuf <jpoimboe@...nel.org>
---
 kernel/unwind/deferred.c | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/kernel/unwind/deferred.c b/kernel/unwind/deferred.c
index a88fb481c4a3..416af9b98bad 100644
--- a/kernel/unwind/deferred.c
+++ b/kernel/unwind/deferred.c
@@ -230,10 +230,9 @@ void unwind_deferred_task_exit(struct task_struct *task)
 int unwind_deferred_request(struct unwind_work *work, u64 *cookie)
 {
 	struct unwind_task_info *info = &current->unwind_info;
+	unsigned long bit_mask, old_mask, new_mask;
 	int twa_mode = TWA_RESUME;
-	unsigned long old, bits;
-	unsigned long bit;
-	int ret;
+	int bit, ret;
 
 	*cookie = 0;
 
@@ -257,17 +256,16 @@ int unwind_deferred_request(struct unwind_work *work, u64 *cookie)
 	if (WARN_ON_ONCE(bit < 0))
 		return -EINVAL;
 
-	/* Only need the mask now */
-	bit = BIT(bit);
+	bit_mask = BIT(bit);
 
 	guard(irqsave)();
 
 	*cookie = get_cookie(info);
 
-	old = atomic_long_read(&info->unwind_mask);
+	old_mask = atomic_long_read(&info->unwind_mask);
 
 	/* Is this already queued or executed */
-	if (old & bit)
+	if (old_mask & bit_mask)
 		return 1;
 
 	/*
@@ -276,15 +274,15 @@ int unwind_deferred_request(struct unwind_work *work, u64 *cookie)
 	 * work's bit or PENDING was already set, then this is already queued
 	 * to have a callback.
 	 */
-	bits = UNWIND_PENDING | bit;
-	old = atomic_long_fetch_or(bits, &info->unwind_mask);
-	if (old & bits) {
+	new_mask = UNWIND_PENDING | bit_mask;
+	old_mask = atomic_long_fetch_or(new_mask, &info->unwind_mask);
+	if (old_mask & new_mask) {
 		/*
 		 * If the work's bit was set, whatever set it had better
 		 * have also set pending and queued a callback.
 		 */
-		WARN_ON_ONCE(!(old & UNWIND_PENDING));
-		return old & bit;
+		WARN_ON_ONCE(!(old_mask & UNWIND_PENDING));
+		return old_mask & bit_mask;
 	}
 
 	/* The work has been claimed, now schedule it. */
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ