Commit-ID: c1c33b92db4fb274dfbff778ccf2459e4bebd48e
Gitweb: http://git.kernel.org/tip/c1c33b92db4fb274dfbff778ccf2459e4bebd48e
Author: Davidlohr Bueso <dave@xxxxxxxxxxxx>
AuthorDate: Tue, 12 Apr 2016 08:47:18 -0700
Committer: Ingo Molnar <mingo@xxxxxxxxxx>
CommitDate: Wed, 13 Apr 2016 08:52:23 +0200
locking/locktorture: Fix NULL pointer dereference for cleanup paths
It has been found that paths that invoke cleanups through
lock_torture_cleanup() can trigger NULL pointer dereferencing
bugs during the statistics printing phase. This is mainly
because we should not be calling into statistics before we are
sure things have been set up correctly.
Specifically, early checks (and the need for handling this in
the cleanup call) only include parameter checks and basic
statistics allocation. Once we start write/read kthreads
we then consider the test as started. As such, update the function
in question to check for cxt.lwsa writer stats, if not set,
we either have a bogus parameter or -ENOMEM situation and
therefore only need to deal with general torture calls.
Reported-and-tested-by: Kefeng Wang <wangkefeng.wang@xxxxxxxxxx>
Signed-off-by: Davidlohr Bueso <dbueso@xxxxxxx>
Signed-off-by: Paul E. McKenney <paulmck@xxxxxxxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: bobby.prani@xxxxxxxxx
Cc: dhowells@xxxxxxxxxx
Cc: dipankar@xxxxxxxxxx
Cc: dvhart@xxxxxxxxxxxxxxx
Cc: edumazet@xxxxxxxxxx
Cc: fweisbec@xxxxxxxxx
Cc: jiangshanlai@xxxxxxxxx
Cc: josh@xxxxxxxxxxxxxxxx
Cc: mathieu.desnoyers@xxxxxxxxxxxx
Cc: oleg@xxxxxxxxxx
Cc: rostedt@xxxxxxxxxxx
Link: http://lkml.kernel.org/r/1460476038-27060-2-git-send-email-paulmck@xxxxxxxxxxxxxxxxxx
[ Improved the changelog. ]
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
---
kernel/locking/locktorture.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/kernel/locking/locktorture.c b/kernel/locking/locktorture.c
index 9e9c5f4..d066a50 100644
--- a/kernel/locking/locktorture.c
+++ b/kernel/locking/locktorture.c
@@ -748,6 +748,15 @@ static void lock_torture_cleanup(void)
if (torture_cleanup_begin())
return;
+ /*
+ * Indicates early cleanup, meaning that the test has not run,
+ * such as when passing bogus args when loading the module. As
+ * such, only perform the underlying torture-specific cleanups,
+ * and avoid anything related to locktorture.
+ */
+ if (!cxt.lwsa)
+ goto end;
+
if (writer_tasks) {
for (i = 0; i < cxt.nrealwriters_stress; i++)
torture_stop_kthread(lock_torture_writer,
@@ -776,6 +785,7 @@ static void lock_torture_cleanup(void)
else
lock_torture_print_module_parms(cxt.cur_ops,
"End of test: SUCCESS");
+end:
torture_cleanup_end();
}
@@ -870,6 +880,7 @@ static int __init lock_torture_init(void)
VERBOSE_TOROUT_STRING("cxt.lrsa: Out of memory");
firsterr = -ENOMEM;
kfree(cxt.lwsa);
+ cxt.lwsa = NULL;
goto unwind;
}
@@ -878,6 +889,7 @@ static int __init lock_torture_init(void)
cxt.lrsa[i].n_lock_acquired = 0;
}
}
+
lock_torture_print_module_parms(cxt.cur_ops, "Start of test");
/* Prepare torture context. */
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|