From: Petr Mladek <pmladek@suse.com>
To: Qiliang Yuan <realwujing@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Li Huafei <lihuafei1@huawei.com>,
Thorsten Blum <thorsten.blum@linux.dev>,
Jinchao Wang <wangjinchao600@gmail.com>,
Yicong Yang <yangyicong@hisilicon.com>,
Pingfan Liu <kernelfans@gmail.com>,
Lecopzer Chen <lecopzer.chen@mediatek.com>,
Douglas Anderson <dianders@chromium.org>,
linux-watchdog@vger.kernel.org, mm-commits@vger.kernel.org,
Shouxin Sun <sunshx@chinatelecom.cn>,
Junnan Zhang <zhangjn11@chinatelecom.cn>,
Qiliang Yuan <yuanql9@chinatelecom.cn>,
Song Liu <song@kernel.org>,
stable@vger.kernel.org,
"Yury Norov (NVIDIA)" <yury.norov@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5] watchdog/hardlockup: Fix UAF in perf event cleanup due to migration race
Date: Tue, 3 Feb 2026 17:35:56 +0100 [thread overview]
Message-ID: <aYIj7BzCI46iz2wj@pathway.suse.cz> (raw)
In-Reply-To: <20260127022238.1182079-1-realwujing@gmail.com>
On Mon 2026-01-26 21:22:24, Qiliang Yuan wrote:
> The hardlockup detector's probe path (watchdog_hardlockup_probe()) can
> be executed in a non-pinned context, such as during the asynchronous
> retry mechanism (lockup_detector_delay_init) which runs in a standard
> unbound workqueue.
[...]
> Refactor hardlockup_detector_event_create() to be stateless by returning
> the created perf_event pointer instead of directly modifying the per-cpu
> 'watchdog_ev' variable. This allows the probe logic to safely manage
> the temporary event. Use cpu_hotplug_disable() during the probe to ensure
> the target CPU remains valid throughout the check.
>
> Fixes: 930d8f8dbab9 ("watchdog/perf: adapt the watchdog_perf interface for async model")
> Signed-off-by: Shouxin Sun <sunshx@chinatelecom.cn>
> Signed-off-by: Junnan Zhang <zhangjn11@chinatelecom.cn>
> Signed-off-by: Qiliang Yuan <realwujing@gmail.com>
> Signed-off-by: Qiliang Yuan <yuanql9@chinatelecom.cn>
> Cc: Song Liu <song@kernel.org>
> Cc: Douglas Anderson <dianders@chromium.org>
> Cc: Jinchao Wang <wangjinchao600@gmail.com>
> Cc: <stable@vger.kernel.org>
Please, do not remove people from Cc, especially when you send new
versions on such a rapid speed.
I was on Cc only for this version. There were no replies. I started
review just to realize that another 4 versions were sent within
a week and they got some proper review and v9 already ended in
linux-next...
Best Regards,
Petr
prev parent reply other threads:[~2026-02-03 16:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-27 2:22 [PATCH v5] watchdog/hardlockup: Fix UAF in perf event cleanup due to migration race Qiliang Yuan
2026-02-03 16:35 ` Petr Mladek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYIj7BzCI46iz2wj@pathway.suse.cz \
--to=pmladek@suse.com \
--cc=akpm@linux-foundation.org \
--cc=dianders@chromium.org \
--cc=kernelfans@gmail.com \
--cc=lecopzer.chen@mediatek.com \
--cc=lihuafei1@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-watchdog@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mm-commits@vger.kernel.org \
--cc=realwujing@gmail.com \
--cc=song@kernel.org \
--cc=stable@vger.kernel.org \
--cc=sunshx@chinatelecom.cn \
--cc=thorsten.blum@linux.dev \
--cc=wangjinchao600@gmail.com \
--cc=yangyicong@hisilicon.com \
--cc=yuanql9@chinatelecom.cn \
--cc=yury.norov@gmail.com \
--cc=zhangjn11@chinatelecom.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox