On Wed, May 04, 2022 at 05:07:36PM +0200, Sebastian Andrzej Siewior wrote: > The access to cryptd_queue::cpu_queue is synchronized by disabling > preemption in cryptd_enqueue_request() and disabling BH in > cryptd_queue_worker(). This implies that access is allowed from BH. > > If cryptd_enqueue_request() is invoked from preemptible context _and_ > soft interrupt then this can lead to list corruption since > cryptd_enqueue_request() is not protected against access from > soft interrupt. > > Replace get_cpu() in cryptd_enqueue_request() with local_bh_disable() > to ensure BH is always disabled. > Remove preempt_disable() from cryptd_queue_worker() since it is not > needed because local_bh_disable() ensures synchronisation. > > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> > --- > crypto/cryptd.c | 23 +++++++++++------------ > 1 file changed, 11 insertions(+), 12 deletions(-) Good catch! This bug has been around for a while. Did you detect this in the field or was it through code-review? Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt