Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp518964ybe; Wed, 18 Sep 2019 22:35:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqwLdGM9Ch1q0PBXyt6a+4Cfc7Fjq1+F7Y/zO8HKLItlwcJ0MyfmCdgYnUMdOMEVJV7aYk4g X-Received: by 2002:a50:d68a:: with SMTP id r10mr14229951edi.151.1568871316547; Wed, 18 Sep 2019 22:35:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568871316; cv=none; d=google.com; s=arc-20160816; b=qXQYPnEbmQWMkQdNOGFUi82+VElVkmgrJdc207eechHZL64Tt823+StndOcpHE1Jxi hpdMKJvtOAjQ9805VHo4OClcivcrhqgS84G70DauvgyclCMcJjYWrxPS3+MsQGV3upI9 kjMZeAwiv7e5hOKRCdDsX62KGWG3Q6arsVpfL7R4WwsVs0cjTtYPTlmyCxL/AKeC/69B /bx9nwdIHJOS1iV0w8qv6S3+5wuHfcfmN96RO7oFnkNIEhrngwi28Izd/oy8F79h/2Nx tKVA/QB6Hjw6BKhCThoCXQpUO2m0Bi4w7A80409n+ixkFjxcOVzaNB7qfMnrKtlzx1ih 6Waw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=lUFqNEchyTbvDo5i7WG9Wm7xPLkKW6NXpqAIzD5DRIk=; b=B/fzILSJKRxfL78aphoJpXXXi2fWXS4gYDrDkHvGfMVUIQQ73kHnw4Uj+D0C8Y1KAT c962MdQjzB/OMG+Ipsi3AQyCCHiqC5YbiN8v7TKtkODbtlBPokNfxHIK+cOr3/37AwTm p3LucDxgYXFepvyeKqeYylrYQrlr2P5GU+A0+FWTSKKtseykTpD6RU9MZFj7AOR1mfvd dbfcnSA2cWLBFYollY6TswndFMMYFpB94fpiLkkr+rRrAEaslrvpmxlqwA84AiAH3QDA A5Wn60RpH2EzdtlnBPl1QKx/igmdaAsRJpXVVS4qNyGuDoonP6ZImsnSZJoacpd7A+Hk 6OOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l23si2499060edr.187.2019.09.18.22.34.52; Wed, 18 Sep 2019 22:35:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388519AbfISC6m (ORCPT + 99 others); Wed, 18 Sep 2019 22:58:42 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:2679 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388438AbfISC6W (ORCPT ); Wed, 18 Sep 2019 22:58:22 -0400 Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id B9C7F296988817DA22CA; Thu, 19 Sep 2019 10:58:19 +0800 (CST) Received: from use12-sp2.huawei.com (10.67.189.174) by DGGEMS406-HUB.china.huawei.com (10.3.19.206) with Microsoft SMTP Server id 14.3.439.0; Thu, 19 Sep 2019 10:58:10 +0800 From: Xiaoming Ni To: , , , , , , , , , , , , , , , , , , , CC: , , , , , , Subject: [PATCH v4 1/3] kernel/notifier.c: intercepting duplicate registrations to avoid infinite loops Date: Thu, 19 Sep 2019 10:58:06 +0800 Message-ID: <1568861888-34045-2-git-send-email-nixiaoming@huawei.com> X-Mailer: git-send-email 1.8.5.6 In-Reply-To: <1568861888-34045-1-git-send-email-nixiaoming@huawei.com> References: <1568861888-34045-1-git-send-email-nixiaoming@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.67.189.174] X-CFilter-Loop: Reflected Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Registering the same notifier to a hook repeatedly can cause the hook list to form a ring or lose other members of the list. case1: An infinite loop in notifier_chain_register() can cause soft lockup atomic_notifier_chain_register(&test_notifier_list, &test1); atomic_notifier_chain_register(&test_notifier_list, &test1); atomic_notifier_chain_register(&test_notifier_list, &test2); case2: An infinite loop in notifier_chain_register() can cause soft lockup atomic_notifier_chain_register(&test_notifier_list, &test1); atomic_notifier_chain_register(&test_notifier_list, &test1); atomic_notifier_call_chain(&test_notifier_list, 0, NULL); case3: lose other hook test2 atomic_notifier_chain_register(&test_notifier_list, &test1); atomic_notifier_chain_register(&test_notifier_list, &test2); atomic_notifier_chain_register(&test_notifier_list, &test1); case4: Unregister returns 0, but the hook is still in the linked list, and it is not really registered. If you call notifier_call_chain after ko is unloaded, it will trigger oops. If the system is configured with softlockup_panic and the same hook is repeatedly registered on the panic_notifier_list, it will cause a loop panic. Add a check in notifier_chain_register(), Intercepting duplicate registrations to avoid infinite loops Signed-off-by: Xiaoming Ni Reviewed-by: Vasily Averin --- kernel/notifier.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/notifier.c b/kernel/notifier.c index d9f5081..30bedb8 100644 --- a/kernel/notifier.c +++ b/kernel/notifier.c @@ -23,7 +23,10 @@ static int notifier_chain_register(struct notifier_block **nl, struct notifier_block *n) { while ((*nl) != NULL) { - WARN_ONCE(((*nl) == n), "double register detected"); + if (unlikely((*nl) == n)) { + WARN(1, "double register detected"); + return 0; + } if (n->priority > (*nl)->priority) break; nl = &((*nl)->next); -- 1.8.5.6