| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Jun 2020 09:11:21 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Matthew Wilcox <willy@...radead.org>
Cc: syzbot <syzbot+3eec59e770685e3dc879@...kaller.appspotmail.com>,
bjorn.andersson@...aro.org, davem@...emloft.net, kuba@...nel.org,
linux-kernel@...r.kernel.org, manivannan.sadhasivam@...aro.org,
netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: BUG: using smp_processor_id() in preemptible code in
radix_tree_node_alloc
On Fri, Jun 05, 2020 at 04:29:22AM -0700, Matthew Wilcox wrote:
> On Thu, Jun 04, 2020 at 08:55:55PM -0700, Eric Biggers wrote:
> > Possibly a bug in lib/radix-tree.c? this_cpu_ptr() in radix_tree_node_alloc()
> > can be reached without a prior preempt_disable(). Or is the caller of
> > idr_alloc() doing something wrong?
>
> Yes, the idr_alloc() call is plainly wrong:
>
> mutex_lock(&qrtr_port_lock);
> if (!*port) {
> rc = idr_alloc(&qrtr_ports, ipc,
> QRTR_MIN_EPH_SOCKET, QRTR_MAX_EPH_SOCKET + 1,
> GFP_ATOMIC);
>
> If we can take a mutex lock, there's no excuse to be using GFP_ATOMIC.
> That (and the call slightly lower in the function) should be GFP_KERNEL
> as the minimal fix (below). I'll send a followup patch which converts
> this IDR to the XArray instead.
I did see that the GFP_ATOMIC was unnecessary, but it wasn't obvious to me that
it was actually *wrong*.
Shouldn't this requirement be documented for the @gfp argument to idr_alloc()?
- Eric
Powered by blists - more mailing lists