Patch "padata: Always leave BHs disabled when running ->parallel()" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 25 Dec 2022 10:30:22 -0500

This is a note to let you know that I've just added the patch titled

    padata: Always leave BHs disabled when running ->parallel()

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     padata-always-leave-bhs-disabled-when-running-parall.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f486ed3cb05d380529f581152caf82f75759454c
Author: Daniel Jordan <daniel.m.jordan@xxxxxxxxxx>
Date:   Wed Nov 16 20:28:02 2022 -0500

    padata: Always leave BHs disabled when running ->parallel()
    
    [ Upstream commit 34c3a47d20ae55b3600fed733bf96eafe9c500d5 ]
    
    A deadlock can happen when an overloaded system runs ->parallel() in the
    context of the current task:
    
        padata_do_parallel
          ->parallel()
            pcrypt_aead_enc/dec
              padata_do_serial
                spin_lock(&reorder->lock) // BHs still enabled
                  <interrupt>
                    ...
                      __do_softirq
                        ...
                          padata_do_serial
                            spin_lock(&reorder->lock)
    
    It's a bug for BHs to be on in _do_serial as Steffen points out, so
    ensure they're off in the "current task" case like they are in
    padata_parallel_worker to avoid this situation.
    
    Reported-by: syzbot+bc05445bc14148d51915@xxxxxxxxxxxxxxxxxxxxxxxxx
    Fixes: 4611ce224688 ("padata: allocate work structures for parallel jobs from a pool")
    Signed-off-by: Daniel Jordan <daniel.m.jordan@xxxxxxxxxx>
    Acked-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
    Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/padata.c b/kernel/padata.c
index d4d3ba6e1728..4d31a69a9b38 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -220,14 +220,16 @@ int padata_do_parallel(struct padata_shell *ps,
 	pw = padata_work_alloc();
 	spin_unlock(&padata_works_lock);
 
+	if (!pw) {
+		/* Maximum works limit exceeded, run in the current task. */
+		padata->parallel(padata);
+	}
+
 	rcu_read_unlock_bh();
 
 	if (pw) {
 		padata_work_init(pw, padata_parallel_worker, padata, 0);
 		queue_work(pinst->parallel_wq, &pw->pw_work);
-	} else {
-		/* Maximum works limit exceeded, run in the current task. */
-		padata->parallel(padata);
 	}
 
 	return 0;






