From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C8383229 for ; Mon, 30 Jan 2023 14:24:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1598C433D2; Mon, 30 Jan 2023 14:24:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1675088674; bh=00tXwpANIqfoedYdIG7Pm+XgsPbIa7RAKzfE1Rm319U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SSNY4Xeum05PVREBH9H1G/ejr3vCO8j3rv7eBxwoq8YPfpAn76ojTNUsNNi5zYL6d jaelJQR1BvP4FWGc16hl9bbpriwA1vZ9CdNLQMQWKghWmVlT5x4DGywhuGND4TSlEV eEhw95qLpjjsSKb4RXR8rC6cw0lrtlqC/S/O5XII= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Peter Zijlstra , "Eric W. Biederman" , Jann Horn , Arnd Bergmann , Petr Mladek , Andrew Morton , Luis Chamberlain , Marco Elver , tangmeng , Sebastian Andrzej Siewior , Tiezhu Yang , Kees Cook , Eric Biggers , Sasha Levin Subject: [PATCH 5.10 098/143] exit: Use READ_ONCE() for all oops/warn limit reads Date: Mon, 30 Jan 2023 14:52:35 +0100 Message-Id: <20230130134310.900320438@linuxfoundation.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230130134306.862721518@linuxfoundation.org> References: <20230130134306.862721518@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Kees Cook commit 7535b832c6399b5ebfc5b53af5c51dd915ee2538 upstream. Use a temporary variable to take full advantage of READ_ONCE() behavior. Without this, the report (and even the test) might be out of sync with the initial test. Reported-by: Peter Zijlstra Link: https://lore.kernel.org/lkml/Y5x7GXeluFmZ8E0E@hirez.programming.kicks-ass.net Fixes: 9fc9e278a5c0 ("panic: Introduce warn_limit") Fixes: d4ccd54d28d3 ("exit: Put an upper limit on how often we can oops") Cc: "Eric W. Biederman" Cc: Jann Horn Cc: Arnd Bergmann Cc: Petr Mladek Cc: Andrew Morton Cc: Luis Chamberlain Cc: Marco Elver Cc: tangmeng Cc: Sebastian Andrzej Siewior Cc: Tiezhu Yang Signed-off-by: Kees Cook Signed-off-by: Eric Biggers Signed-off-by: Sasha Levin --- kernel/exit.c | 6 ++++-- kernel/panic.c | 7 +++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/exit.c b/kernel/exit.c index 8c820aa7b9c5..bacdaf980933 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -916,6 +916,7 @@ void __noreturn make_task_dead(int signr) * Take the task off the cpu after something catastrophic has * happened. */ + unsigned int limit; /* * Every time the system oopses, if the oops happens while a reference @@ -927,8 +928,9 @@ void __noreturn make_task_dead(int signr) * To make sure this can't happen, place an upper bound on how often the * kernel may oops without panic(). */ - if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit) - panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); + limit = READ_ONCE(oops_limit); + if (atomic_inc_return(&oops_count) >= limit && limit) + panic("Oopsed too often (kernel.oops_limit is %d)", limit); do_exit(signr); } diff --git a/kernel/panic.c b/kernel/panic.c index 6e30455eb2e7..bc39e2b27d31 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -222,12 +222,15 @@ static void panic_print_sys_info(void) void check_panic_on_warn(const char *origin) { + unsigned int limit; + if (panic_on_warn) panic("%s: panic_on_warn set ...\n", origin); - if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit) + limit = READ_ONCE(warn_limit); + if (atomic_inc_return(&warn_count) >= limit && limit) panic("%s: system warned too often (kernel.warn_limit is %d)", - origin, warn_limit); + origin, limit); } /** -- 2.39.0