On Fri, Dec 16, 2022 at 03:05:13PM +0100, Peter Zijlstra wrote:
> On Fri, Dec 02, 2022 at 01:06:21PM -0800, Kees Cook wrote:
>
> > --- a/kernel/exit.c
> > +++ b/kernel/exit.c
> > @@ -954,7 +954,7 @@ void __noreturn make_task_dead(int signr)
> > * To make sure this can't happen, place an upper bound on how often the
> > * kernel may oops without panic().
> > */
> > - if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit))
> > + if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
> > panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
> >
>
> That's dodgy, please write as:
>
> limit = READ_ONCE(oops_limit);
> if (atomic_inc_return(&oops_count) >= limit && limit)
>
> So we don't explicitly add a reload that negates the whole READ_ONCE().
Yup, that's more correct. Sent:
https://lore.kernel.org/lkml/20221216203024.never.640-kees@xxxxxxxxxx
--
Kees Cook
