[PATCH] futex: Don't enable IRQs unconditionally in put_pi

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state()
@ 2020-11-06  8:52 ` Dan Carpenter
  0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2020-11-06  8:52 UTC (permalink / raw)
  To: Peter Zijlstra, Thomas Gleixner
  Cc: Ingo Molnar, Darren Hart, linux-kernel, kernel-janitors

The exit_pi_state_list() function calls put_pi_state() with IRQs
disabled and is not expecting that IRQs will be enabled inside the
function.  Use the _irqsave() so that IRQs are restored to the original
state instead of enabled unconditionally.

Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This is from static analysis and not tested.  I am not very familiar
with futex code.

 kernel/futex.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index f8614ef4ff31..ca84745713bc 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -788,8 +788,9 @@ static void put_pi_state(struct futex_pi_state *pi_state)
 	 */
 	if (pi_state->owner) {
 		struct task_struct *owner;
+		unsigned long flags;
 
-		raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
+		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
 		owner = pi_state->owner;
 		if (owner) {
 			raw_spin_lock(&owner->pi_lock);
@@ -797,7 +798,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
 			raw_spin_unlock(&owner->pi_lock);
 		}
 		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
-		raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
 	}
 
 	if (current->pi_state_cache) {
-- 
2.28.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state()
@ 2020-11-06  8:52 ` Dan Carpenter
  0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2020-11-06  8:52 UTC (permalink / raw)
  To: Peter Zijlstra, Thomas Gleixner
  Cc: Ingo Molnar, Darren Hart, linux-kernel, kernel-janitors

The exit_pi_state_list() function calls put_pi_state() with IRQs
disabled and is not expecting that IRQs will be enabled inside the
function.  Use the _irqsave() so that IRQs are restored to the original
state instead of enabled unconditionally.

Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This is from static analysis and not tested.  I am not very familiar
with futex code.

 kernel/futex.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index f8614ef4ff31..ca84745713bc 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -788,8 +788,9 @@ static void put_pi_state(struct futex_pi_state *pi_state)
 	 */
 	if (pi_state->owner) {
 		struct task_struct *owner;
+		unsigned long flags;
 
-		raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
+		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
 		owner = pi_state->owner;
 		if (owner) {
 			raw_spin_lock(&owner->pi_lock);
@@ -797,7 +798,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
 			raw_spin_unlock(&owner->pi_lock);
 		}
 		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
-		raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
 	}
 
 	if (current->pi_state_cache) {
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state()
  2020-11-06  8:52 ` Dan Carpenter
@ 2020-11-09 11:21   ` Peter Zijlstra
  -1 siblings, 0 replies; 5+ messages in thread
From: Peter Zijlstra @ 2020-11-09 11:21 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Thomas Gleixner, Ingo Molnar, Darren Hart, linux-kernel,
	kernel-janitors

On Fri, Nov 06, 2020 at 11:52:05AM +0300, Dan Carpenter wrote:
> The exit_pi_state_list() function calls put_pi_state() with IRQs
> disabled and is not expecting that IRQs will be enabled inside the
> function.  Use the _irqsave() so that IRQs are restored to the original
> state instead of enabled unconditionally.
> 
> Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This is from static analysis and not tested.  I am not very familiar
> with futex code.

It it exceedingly rare if at all possible to trigger this, but yes, your
patch is correct.

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>

> 
>  kernel/futex.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/futex.c b/kernel/futex.c
> index f8614ef4ff31..ca84745713bc 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -788,8 +788,9 @@ static void put_pi_state(struct futex_pi_state *pi_state)
>  	 */
>  	if (pi_state->owner) {
>  		struct task_struct *owner;
> +		unsigned long flags;
>  
> -		raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
> +		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
>  		owner = pi_state->owner;
>  		if (owner) {
>  			raw_spin_lock(&owner->pi_lock);
> @@ -797,7 +798,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
>  			raw_spin_unlock(&owner->pi_lock);
>  		}
>  		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
> -		raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
> +		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
>  	}
>  
>  	if (current->pi_state_cache) {
> -- 
> 2.28.0
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state()
@ 2020-11-09 11:21   ` Peter Zijlstra
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Zijlstra @ 2020-11-09 11:21 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Thomas Gleixner, Ingo Molnar, Darren Hart, linux-kernel,
	kernel-janitors

On Fri, Nov 06, 2020 at 11:52:05AM +0300, Dan Carpenter wrote:
> The exit_pi_state_list() function calls put_pi_state() with IRQs
> disabled and is not expecting that IRQs will be enabled inside the
> function.  Use the _irqsave() so that IRQs are restored to the original
> state instead of enabled unconditionally.
> 
> Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This is from static analysis and not tested.  I am not very familiar
> with futex code.

It it exceedingly rare if at all possible to trigger this, but yes, your
patch is correct.

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>

> 
>  kernel/futex.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/futex.c b/kernel/futex.c
> index f8614ef4ff31..ca84745713bc 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -788,8 +788,9 @@ static void put_pi_state(struct futex_pi_state *pi_state)
>  	 */
>  	if (pi_state->owner) {
>  		struct task_struct *owner;
> +		unsigned long flags;
>  
> -		raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
> +		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
>  		owner = pi_state->owner;
>  		if (owner) {
>  			raw_spin_lock(&owner->pi_lock);
> @@ -797,7 +798,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
>  			raw_spin_unlock(&owner->pi_lock);
>  		}
>  		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
> -		raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
> +		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
>  	}
>  
>  	if (current->pi_state_cache) {
> -- 
> 2.28.0
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [tip: locking/urgent] futex: Don't enable IRQs unconditionally in put_pi_state()
  2020-11-06  8:52 ` Dan Carpenter
  (?)
  (?)
@ 2020-11-09 13:34 ` tip-bot2 for Dan Carpenter
  -1 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Dan Carpenter @ 2020-11-09 13:34 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Dan Carpenter, Thomas Gleixner, Peter Zijlstra (Intel), stable,
	x86, linux-kernel

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     1e106aa3509b86738769775969822ffc1ec21bf4
Gitweb:        https://git.kernel.org/tip/1e106aa3509b86738769775969822ffc1ec21bf4
Author:        Dan Carpenter <dan.carpenter@oracle.com>
AuthorDate:    Fri, 06 Nov 2020 11:52:05 +03:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Mon, 09 Nov 2020 14:30:30 +01:00

futex: Don't enable IRQs unconditionally in put_pi_state()

The exit_pi_state_list() function calls put_pi_state() with IRQs disabled
and is not expecting that IRQs will be enabled inside the function.

Use the _irqsave() variant so that IRQs are restored to the original state
instead of being enabled unconditionally.

Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201106085205.GA1159983@mwanda
---
 kernel/futex.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index ac32887..00259c7 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -788,8 +788,9 @@ static void put_pi_state(struct futex_pi_state *pi_state)
 	 */
 	if (pi_state->owner) {
 		struct task_struct *owner;
+		unsigned long flags;
 
-		raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
+		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
 		owner = pi_state->owner;
 		if (owner) {
 			raw_spin_lock(&owner->pi_lock);
@@ -797,7 +798,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
 			raw_spin_unlock(&owner->pi_lock);
 		}
 		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
-		raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
 	}
 
 	if (current->pi_state_cache) {

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-11-09 13:35 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-06  8:52 [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state() Dan Carpenter
2020-11-06  8:52 ` Dan Carpenter
2020-11-09 11:21 ` Peter Zijlstra
2020-11-09 11:21   ` Peter Zijlstra
2020-11-09 13:34 ` [tip: locking/urgent] " tip-bot2 for Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.