Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2507803pxj; Mon, 10 May 2021 04:48:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjpKV2W5GmtV4jDNo9bXXjKipw2q31HX91AjCWvB29BA5fbZgsRsbkkAf/evBkL+k5+kpU X-Received: by 2002:aa7:d699:: with SMTP id d25mr28424294edr.107.1620647326315; Mon, 10 May 2021 04:48:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620647326; cv=none; d=google.com; s=arc-20160816; b=gBoYFc5cSup4DTtNJJrSVzaWzANlCBapl+j8vhgtx3YXnmqpLqgubwPFh+BtsUmS/c hAKS1RScUGILC3N0xunAgo1ycbcGtjjhUZ2X6VWoDqGVo37WmFaCVUdAIqKsQYhmQqcu kNBbwRKxblEnN1IbJ/lyxI7cRAtdGbbEKgAmAI+y1aA1Z7c32i9ObnZbBOyKXN6wT1g2 2vo8j4vs6xDzylg6rG/0HYMXSweL5q6Ni38IpY/txG7IGDEUCSjNvxS0ksNq5KNysbeT KIOS+P5N5eXBWc1MMllscjFxzzF1PoOyJntEVlfh/SMgeLMpksKHW3EdDdzoSp6iGm3n YPdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=X9zbxSIT/TeHptxscQnU2vPdE3E3rV9Vi3l/iPGMH8A=; b=ebiTmilgzytQu1Wvw+hDadPzIhRzhELdveQBeLZbvj5NXLZE1mgeJjo4Dcg+/5/M9p tIYZdNJkjlLsyFUdF3F9p0gP5wOwm6zGU1c6m/CeNEO2B4KnrcU3/sAai9vw534ipd9L YMIYa5VE20S12H+FMZSltqL/qbJHVSICiGYik+75UakjigfLxs6U+S8j5L0VojQP4bKC U4yCNJmnis26VP+zkX5tae+OKPv5XRrDI8cfHO1wxx1DeBGs7JUXBDrh2aGSnZNih2CH 8aSX9hh5vNlz8YF2zHuLjCptGuLuk4ndHhFx3GrThJHkF7lqx6WQ4frvXXYjseseYTsB oHaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WhffVQb+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w13si14461784edx.449.2021.05.10.04.48.23; Mon, 10 May 2021 04:48:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WhffVQb+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241686AbhEJLig (ORCPT + 99 others); Mon, 10 May 2021 07:38:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:45210 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234485AbhEJK4e (ORCPT ); Mon, 10 May 2021 06:56:34 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7AB89614A7; Mon, 10 May 2021 10:46:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620643588; bh=s4bEDhrcdO7IwratN3VIoVQJwBOVOaLx+cy+meq0g8w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WhffVQb+gk04Qiq+zMz1DbteQ2s8VWZuC3U4/20e7KE3h8D/uG6UVqP6MEOgZFY6O WMWydIeawjVR3AZxKLF/4mqN8SKKD3+kvUdA0nVZHhJAASm/BrKXxTqwPJRWP5oAhr m/XAjMMr9r8EOEc1Z+fNfKZS27B0eFQuClwhkBw4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , Vitaly Kuznetsov , Sasha Levin Subject: [PATCH 5.11 075/342] genirq/matrix: Prevent allocation counter corruption Date: Mon, 10 May 2021 12:17:45 +0200 Message-Id: <20210510102012.593418277@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102010.096403571@linuxfoundation.org> References: <20210510102010.096403571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vitaly Kuznetsov [ Upstream commit c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab ] When irq_matrix_free() is called for an unallocated vector the managed_allocated and total_allocated counters get out of sync with the real state of the matrix. Later, when the last interrupt is freed, these counters will underflow resulting in UINTMAX because the counters are unsigned. While this is certainly a problem of the calling code, this can be catched in the allocator by checking the allocation bit for the to be freed vector which simplifies debugging. An example of the problem described above: https://lore.kernel.org/lkml/20210318192819.636943062@linutronix.de/ Add the missing sanity check and emit a warning when it triggers. Suggested-by: Thomas Gleixner Signed-off-by: Vitaly Kuznetsov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20210319111823.1105248-1-vkuznets@redhat.com Signed-off-by: Sasha Levin --- kernel/irq/matrix.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/irq/matrix.c b/kernel/irq/matrix.c index 651a4ad6d711..8e586858bcf4 100644 --- a/kernel/irq/matrix.c +++ b/kernel/irq/matrix.c @@ -423,7 +423,9 @@ void irq_matrix_free(struct irq_matrix *m, unsigned int cpu, if (WARN_ON_ONCE(bit < m->alloc_start || bit >= m->alloc_end)) return; - clear_bit(bit, cm->alloc_map); + if (WARN_ON_ONCE(!test_and_clear_bit(bit, cm->alloc_map))) + return; + cm->allocated--; if(managed) cm->managed_allocated--; -- 2.30.2