[PATCH v2] padata: use integer wrap around to prevent deadlock on seq_nr overflow

VanGiang Nguyen <vangiang.nguyen@xxxxxxxxxxxxxxxxx> · Thu, 15 Aug 2024 09:38:36 +0000

When submitting more than 2^32 padata objects to padata_do_serial, the
current sorting implementation incorrectly sorts padata objects with
overflowed seq_nr, causing them to be placed before existing objects in
the reorder list. This leads to a deadlock in the serialization process
as padata_find_next cannot match padata->seq_nr and pd->processed
because the padata instance with overflowed seq_nr will be selected
next.

To fix this, we use an unsigned integer wrap around to correctly sort
padata objects in scenarios with integer overflow.

Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")

Co-developed-by: Christian Gafert <christian.gafert@xxxxxxxxxxxxxxxxx>
Signed-off-by: Christian Gafert <christian.gafert@xxxxxxxxxxxxxxxxx>
Co-developed-by: Max Ferger <max.ferger@xxxxxxxxxxxxxxxxx>
Signed-off-by: Max Ferger <max.ferger@xxxxxxxxxxxxxxxxx>
Signed-off-by: Van Giang Nguyen <vangiang.nguyen@xxxxxxxxxxxxxxxxx>
Acked-by: Daniel Jordan <daniel.m.jordan@xxxxxxxxxx>
---
v2: include Fixes tag and Daniel's Acked-by tag
v1: https://lore.kernel.org/a16995232eda4d39812f4bd94d9fb846@xxxxxxxxxxxxxxxxx
 kernel/padata.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/padata.c b/kernel/padata.c
index 53f4bc912712..222bccd0c96b 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -404,7 +404,8 @@ void padata_do_serial(struct padata_priv *padata)
 	/* Sort in ascending order of sequence number. */
 	list_for_each_prev(pos, &reorder->list) {
 		cur = list_entry(pos, struct padata_priv, list);
-		if (cur->seq_nr < padata->seq_nr)
+		/* Compare by difference to consider integer wrap around */
+		if ((signed int)(cur->seq_nr - padata->seq_nr) < 0)
 			break;
 	}
 	list_add(&padata->list, pos);
-- 
2.34.1








