Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2458288pxj; Mon, 10 May 2021 03:33:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkAuxevrdfOPGOtYn67T3y0KDC1CSf4pcj4QYp8o/s6s8sDCutJ+iFoTn8zZgD9xAmWo/q X-Received: by 2002:a17:906:fa83:: with SMTP id lt3mr24552235ejb.261.1620642804083; Mon, 10 May 2021 03:33:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620642804; cv=none; d=google.com; s=arc-20160816; b=ad3vL5XxAHM2LBIh0/HQymMPgASZSLit4w2Nw6BmfFweX6+Ek/SEh6eHRw8h5iRxfS BDumABbTb1TgQ4MrNBSOWf0JHZTqkYrjwKpbfeXyAlYf7MEDE+puwJbwXJxtITnmy8FF BCyu2rbtVNWAe9091wlE+j8hZmIZNdfWWjMyselXBpXSsjI4GdUfEpJTrH0VW/cnyZ3O Ne9d59FnicXjKh/M4qF2yddpjqDcLmEifwGhkL8CDSlg1rCIGsiuraNhEF/UKyc6kwcN RFe7CK4970RWeJQZEh/4PgpmKR/a5NndihROV9TfP5ufDWWtTS1lKyeO5Oopxp7txBnR dr1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=X9zbxSIT/TeHptxscQnU2vPdE3E3rV9Vi3l/iPGMH8A=; b=VEpp2eOXrDYS9AfQ1YMkiGoXy+7XDP8H0JGIhQ9rAJM/xtw7sJqOdI2RaKZs2dAt9j 3WWmtnerDfc+lXFoO3YxtAYlP+bipiArarUbIQ/wO5VvTsoW5GeZK7QcCzgggFCI6DyT GanLYCVTd/+wWHd8NvjcLWbwOctH4rJdqrKOnCo3pJBtqtoEmFBpXR9reMO2umv5Q4oW xJNEC2DJEAmARgpuI/AWUxn+6WH6cMQNdoUX53ZZf+BvrkWpSSK+NbOcMQREZVcQdsaC J+sTWUc/XS07aoWTjB0XpkxRSqlEaZxeCKiFHltzGFaetnkDyJNbayL885rCESj/ZmAN 4ZWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FjcOVDSv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id zb13si328163ejb.487.2021.05.10.03.33.00; Mon, 10 May 2021 03:33:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FjcOVDSv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230468AbhEJKcE (ORCPT + 99 others); Mon, 10 May 2021 06:32:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:58886 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231598AbhEJK2o (ORCPT ); Mon, 10 May 2021 06:28:44 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E0ECB613D6; Mon, 10 May 2021 10:27:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620642430; bh=s4bEDhrcdO7IwratN3VIoVQJwBOVOaLx+cy+meq0g8w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FjcOVDSvGSTDSwayJ/JDADotYCyaRzZ7qUC3BC9qunSeV8qT8eMrQ4OJsCvYNkVHm Pbi7tzYpEe9ErZ43JVXBjoSartgDGT/jsxK8Usw13Wkd2gWnysVaEpc1Nt0ZAU0UHv YEvLvvioteU/hM1Fweh1DGqWtjpo32+RX90UxnUo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , Vitaly Kuznetsov , Sasha Levin Subject: [PATCH 5.4 046/184] genirq/matrix: Prevent allocation counter corruption Date: Mon, 10 May 2021 12:19:00 +0200 Message-Id: <20210510101951.712725838@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510101950.200777181@linuxfoundation.org> References: <20210510101950.200777181@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vitaly Kuznetsov [ Upstream commit c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab ] When irq_matrix_free() is called for an unallocated vector the managed_allocated and total_allocated counters get out of sync with the real state of the matrix. Later, when the last interrupt is freed, these counters will underflow resulting in UINTMAX because the counters are unsigned. While this is certainly a problem of the calling code, this can be catched in the allocator by checking the allocation bit for the to be freed vector which simplifies debugging. An example of the problem described above: https://lore.kernel.org/lkml/20210318192819.636943062@linutronix.de/ Add the missing sanity check and emit a warning when it triggers. Suggested-by: Thomas Gleixner Signed-off-by: Vitaly Kuznetsov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20210319111823.1105248-1-vkuznets@redhat.com Signed-off-by: Sasha Levin --- kernel/irq/matrix.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/irq/matrix.c b/kernel/irq/matrix.c index 651a4ad6d711..8e586858bcf4 100644 --- a/kernel/irq/matrix.c +++ b/kernel/irq/matrix.c @@ -423,7 +423,9 @@ void irq_matrix_free(struct irq_matrix *m, unsigned int cpu, if (WARN_ON_ONCE(bit < m->alloc_start || bit >= m->alloc_end)) return; - clear_bit(bit, cm->alloc_map); + if (WARN_ON_ONCE(!test_and_clear_bit(bit, cm->alloc_map))) + return; + cm->allocated--; if(managed) cm->managed_allocated--; -- 2.30.2