MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2025-12-17 07:57:18 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
b2926ac817
linux-imx/kernel/locking
History
Peter Zijlstra bca4104b00 lockdep: Fix block chain corruption 
Kent reported an occasional KASAN splat in lockdep. Mark then noted:

> I suspect the dodgy access is to chain_block_buckets[-1], which hits the last 4
> bytes of the redzone and gets (incorrectly/misleadingly) attributed to
> nr_large_chain_blocks.

That would mean @size == 0, at which point size_to_bucket() returns -1
and the above happens.

alloc_chain_hlocks() has 'size - req', for the first with the
precondition 'size >= rq', which allows the 0.

This code is trying to split a block, del_chain_block() takes what we
need, and add_chain_block() puts back the remainder, except in the
above case the remainder is 0 sized and things go sideways.

Fixes: 810507fe6f ("locking/lockdep: Reuse freed chain_hlocks entries")
Reported-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Kent Overstreet <kent.overstreet@linux.dev>
Link: https://lkml.kernel.org/r/20231121114126.GH8262@noisy.programming.kicks-ass.net
2023-11-24 11:04:54 +01:00
..
irqflag-debug.c
lock_events_list.h
lock_events.c
lock_events.h
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
lockdep.c lockdep: Fix block chain corruption 2023-11-24 11:04:54 +01:00
locktorture.c
Makefile
mcs_spinlock.h
mutex-debug.c
mutex.c
mutex.h
osq_lock.c
percpu-rwsem.c
qrwlock.c
qspinlock_paravirt.h
qspinlock_stat.h
qspinlock.c
rtmutex_api.c
rtmutex_common.h
rtmutex.c
rwbase_rt.c
rwsem.c
semaphore.c
spinlock_debug.c
spinlock_rt.c
spinlock.c
test-ww_mutex.c
ww_mutex.h
ww_rt_mutex.c