Patch "lockdep: Fix block chain corruption" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    lockdep: Fix block chain corruption

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     lockdep-fix-block-chain-corruption.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 800fc8815bfd2332760f3b4dc87f0c52e8020421
Author: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Date:   Tue Nov 21 12:41:26 2023 +0100

    lockdep: Fix block chain corruption
    
    [ Upstream commit bca4104b00fec60be330cd32818dd5c70db3d469 ]
    
    Kent reported an occasional KASAN splat in lockdep. Mark then noted:
    
    > I suspect the dodgy access is to chain_block_buckets[-1], which hits the last 4
    > bytes of the redzone and gets (incorrectly/misleadingly) attributed to
    > nr_large_chain_blocks.
    
    That would mean @size == 0, at which point size_to_bucket() returns -1
    and the above happens.
    
    alloc_chain_hlocks() has 'size - req', for the first with the
    precondition 'size >= rq', which allows the 0.
    
    This code is trying to split a block, del_chain_block() takes what we
    need, and add_chain_block() puts back the remainder, except in the
    above case the remainder is 0 sized and things go sideways.
    
    Fixes: 810507fe6fd5 ("locking/lockdep: Reuse freed chain_hlocks entries")
    Reported-by: Kent Overstreet <kent.overstreet@xxxxxxxxx>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
    Tested-by: Kent Overstreet <kent.overstreet@xxxxxxxxx>
    Link: https://lkml.kernel.org/r/20231121114126.GH8262@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index 6cbd2b4444769..7471d85f54ae5 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -3357,7 +3357,8 @@ static int alloc_chain_hlocks(int req)
 		size = chain_block_size(curr);
 		if (likely(size >= req)) {
 			del_chain_block(0, size, chain_block_next(curr));
-			add_chain_block(curr + req, size - req);
+			if (size > req)
+				add_chain_block(curr + req, size - req);
 			return curr;
 		}
 	}



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux