[PATCH 5.4 17/17] exit: Use READ_ONCE() for all oops/warn limit reads

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: stable@vger.kernel.org
Cc: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>,
	Kees Cook <keescook@chromium.org>, SeongJae Park <sj@kernel.org>,
	Seth Jenkins <sethjenkins@google.com>,
	Jann Horn <jannh@google.com>,
	"Eric W . Biederman" <ebiederm@xmission.com>,
	linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>, Petr Mladek <pmladek@suse.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Marco Elver <elver@google.com>, tangmeng <tangmeng@uniontech.com>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	Tiezhu Yang <yangtiezhu@loongson.cn>,
	Peter Zijlstra <peterz@infradead.org>
Subject: [PATCH 5.4 17/17] exit: Use READ_ONCE() for all oops/warn limit reads
Date: Wed,  1 Feb 2023 20:42:55 -0800	[thread overview]
Message-ID: <20230202044255.128815-18-ebiggers@kernel.org> (raw)
In-Reply-To: <20230202044255.128815-1-ebiggers@kernel.org>

From: Kees Cook <keescook@chromium.org>

commit 7535b832c6399b5ebfc5b53af5c51dd915ee2538 upstream.

Use a temporary variable to take full advantage of READ_ONCE() behavior.
Without this, the report (and even the test) might be out of sync with
the initial test.

Reported-by: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/lkml/Y5x7GXeluFmZ8E0E@hirez.programming.kicks-ass.net
Fixes: 9fc9e278a5c0 ("panic: Introduce warn_limit")
Fixes: d4ccd54d28d3 ("exit: Put an upper limit on how often we can oops")
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jann Horn <jannh@google.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Marco Elver <elver@google.com>
Cc: tangmeng <tangmeng@uniontech.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 kernel/exit.c  | 6 ++++--
 kernel/panic.c | 7 +++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/kernel/exit.c b/kernel/exit.c
index 381282fb756c3..563bdaa766945 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -917,6 +917,7 @@ void __noreturn make_task_dead(int signr)
 	 * Take the task off the cpu after something catastrophic has
 	 * happened.
 	 */
+	unsigned int limit;
 
 	/*
 	 * Every time the system oopses, if the oops happens while a reference
@@ -928,8 +929,9 @@ void __noreturn make_task_dead(int signr)
 	 * To make sure this can't happen, place an upper bound on how often the
 	 * kernel may oops without panic().
 	 */
-	if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
-		panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
+	limit = READ_ONCE(oops_limit);
+	if (atomic_inc_return(&oops_count) >= limit && limit)
+		panic("Oopsed too often (kernel.oops_limit is %d)", limit);
 
 	do_exit(signr);
 }
diff --git a/kernel/panic.c b/kernel/panic.c
index 2c118645e7408..cef79466f9417 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -199,12 +199,15 @@ static void panic_print_sys_info(void)
 
 void check_panic_on_warn(const char *origin)
 {
+	unsigned int limit;
+
 	if (panic_on_warn)
 		panic("%s: panic_on_warn set ...\n", origin);
 
-	if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit)
+	limit = READ_ONCE(warn_limit);
+	if (atomic_inc_return(&warn_count) >= limit && limit)
 		panic("%s: system warned too often (kernel.warn_limit is %d)",
-		      origin, warn_limit);
+		      origin, limit);
 }
 
 /**
-- 
2.39.1

next prev parent reply	other threads:[~2023-02-02  4:45 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-02  4:42 [PATCH 5.4 00/17] Backport oops_limit to 5.4 Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 01/17] sysctl: add a new register_sysctl_init() interface Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 02/17] panic: unset panic_on_warn inside panic() Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 03/17] mm: kasan: do not panic if both panic_on_warn and kasan_multishot set Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 04/17] exit: Add and use make_task_dead Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 05/17] objtool: Add a missing comma to avoid string concatenation Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 06/17] hexagon: Fix function name in die() Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 07/17] h8300: Fix build errors from do_exit() to make_task_dead() transition Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 08/17] csky: Fix function name in csky_alignment() and die() Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 09/17] ia64: make IA64_MCA_RECOVERY bool instead of tristate Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 10/17] exit: Put an upper limit on how often we can oops Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 11/17] exit: Expose "oops_count" to sysfs Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 12/17] exit: Allow oops_limit to be disabled Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 13/17] panic: Consolidate open-coded panic_on_warn checks Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 14/17] panic: Introduce warn_limit Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 15/17] panic: Expose "warn_count" to sysfs Eric Biggers
2023-02-02  4:42 ` [PATCH 5.4 16/17] docs: Fix path paste-o for /sys/kernel/warn_count Eric Biggers
2023-02-02  4:42 ` Eric Biggers [this message]
2023-02-02 17:16 ` [PATCH 5.4 00/17] Backport oops_limit to 5.4 Sasha Levin
2023-02-02 17:47   ` Sasha Levin
2023-02-02 19:20     ` Eric Biggers
2023-02-02 18:43 ` SeongJae Park

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:381282fb756c dfblob:563bdaa76694 dfblob:2c118645e740
dfblob:cef79466f941 )
 OR (
bs:"[PATCH 5.4 17/17] exit: Use READ_ONCE() for all oops/warn limit reads" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230202044255.128815-18-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=bigeasy@linutronix.de \
    --cc=ebiederm@xmission.com \
    --cc=elver@google.com \
    --cc=harshit.m.mogalapalli@oracle.com \
    --cc=jannh@google.com \
    --cc=keescook@chromium.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=peterz@infradead.org \
    --cc=pmladek@suse.com \
    --cc=sethjenkins@google.com \
    --cc=sj@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tangmeng@uniontech.com \
    --cc=yangtiezhu@loongson.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.