lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260205105704.GA245049@noisy.programming.kicks-ass.net>
Date: Thu, 5 Feb 2026 11:57:04 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Chuyi Zhou <zhouchuyi@...edance.com>
Cc: tglx@...utronix.de, mingo@...hat.com, luto@...nel.org,
	paulmck@...nel.org, muchun.song@...ux.dev, bp@...en8.de,
	dave.hansen@...ux.intel.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 05/11] smp: Enable preemption early in
 smp_call_function_many_cond

On Thu, Feb 05, 2026 at 10:52:36AM +0100, Peter Zijlstra wrote:
> On Tue, Feb 03, 2026 at 07:23:55PM +0800, Chuyi Zhou wrote:
> 
> > +	/*
> > +	 * Prevent the current CPU from going offline.
> > +	 * Being migrated to another CPU and calling csd_lock_wait() may cause
> > +	 * UAF due to smpcfd_dead_cpu() during the current CPU offline process.
> > +	 */
> > +	migrate_disable();
> 
> This is horrible crap. migrate_disable() is *NOT* supposed to be used to
> serialize cpu hotplug.

This was too complicated or something?

--- a/kernel/smp.c
+++ b/kernel/smp.c
@@ -802,19 +802,20 @@ static void smp_call_function_many_cond(
 					unsigned int scf_flags,
 					smp_cond_func_t cond_func)
 {
-	int cpu, last_cpu, this_cpu = smp_processor_id();
-	struct call_function_data *cfd;
+	struct call_function_data *cfd = this_cpu_ptr(&cfd_data);
+	struct cpumask *cpumask = cfd->cpumask;
 	bool wait = scf_flags & SCF_WAIT;
-	bool preemptible_wait = true;
 	cpumask_var_t cpumask_stack;
-	struct cpumask *cpumask;
+	int cpu, last_cpu, this_cpu;
 	int nr_cpus = 0;
 	bool run_remote = false;
 
-	lockdep_assert_preemption_disabled();
+	if (wait && !alloc_cpumask_var(&cpumask_stack, GFP_ATOMIC))
+		cpumask = cpumask_stack;
 
-	if (!alloc_cpumask_var(&cpumask_stack, GFP_ATOMIC))
-		preemptible_wait = false;
+	cpus_read_lock();
+	preempt_disable();
+	this_cpu = smp_processor_id();
 
 	/*
 	 * Can deadlock when called with interrupts disabled.
@@ -836,10 +837,6 @@ static void smp_call_function_many_cond(
 
 	/* Check if we need remote execution, i.e., any CPU excluding this one. */
 	if (cpumask_any_and_but(mask, cpu_online_mask, this_cpu) < nr_cpu_ids) {
-		cfd = this_cpu_ptr(&cfd_data);
-
-		cpumask = preemptible_wait ? cpumask_stack : cfd->cpumask;
-
 		cpumask_and(cpumask, mask, cpu_online_mask);
 		__cpumask_clear_cpu(this_cpu, cpumask);
 
@@ -897,6 +894,7 @@ static void smp_call_function_many_cond(
 		csd_do_func(func, info, NULL);
 		local_irq_restore(flags);
 	}
+	preempt_enable();
 
 	if (run_remote && wait) {
 		for_each_cpu(cpu, cpumask) {
@@ -907,8 +905,8 @@ static void smp_call_function_many_cond(
 		}
 	}
 
-	if (preemptible_wait)
-		free_cpumask_var(cpumask_stack);
+	cpus_read_unlock();
+	free_cpumask_var(cpumask_stack);
 }
 
 /**

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ