From patchwork Thu Nov 14 20:31:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011629 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfD5jNYz1xyT for ; Fri, 15 Nov 2024 07:32:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVc-00029w-KV; Thu, 14 Nov 2024 20:32:08 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVa-000296-Bn for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:06 +0000 Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 02A913F27D for ; Thu, 14 Nov 2024 20:32:06 +0000 (UTC) Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a9e0eb26f08so90653066b.0 for ; Thu, 14 Nov 2024 12:32:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616325; x=1732221125; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FuOgtJZ6r+7AoXXXoBAWZDRUkGGSvRZN13qtrJWBLCs=; b=nBO2wk0V3bvCYPB6KZdpAsf+T4dUlzF3NetvO64He3dR/7Jw6Y83t6BGngyxSaG5Gt nU2qP+sleTVmDEqlc8Rcg3TV1oTU5RjJ814VepQtyWaecbKf1+MnwFMvqFKNtFtWyq44 pQu1LEcVioh0hpqaN6im97xqfhS7KSu9JExna6WJj6SM2eFkAotHjj1QYSElv/5Hfi/C 1vXRkpUBfBDVC5DXVC+KRTZhXpSP4n+p1KXEgy8GdIX+qQfot3nY0q8exyt6xUr4Ko3G R5pOvxldnR0dYtWG3x755q2rc0nfSpA642aWe8+lqJrOZptSI1o1w9iGL95WhSu0wc0r gA5Q== X-Gm-Message-State: AOJu0YztMs6jxRGjUnBbrqWM/x7vgIhxJswwWFlBGgI/GBcSQWcdihV7 J/oOe/ZGISjfTMEiSl0LK17kZREXR8hgTjYbw5XRwqj+MrEw0hLJ3s9X6nbPP0OQss0TOxSTOHh LXn8tysaziVf1UMFYps62qB0Pcq9TWxSuFdSwOnJ3J1SJjE6XxNYfkFwCl0tgde0VV7Mmv/6fT9 4vms17SUPhdQ== X-Received: by 2002:a17:907:60cb:b0:a9e:c266:2e15 with SMTP id a640c23a62f3a-aa483440e79mr6013166b.27.1731616325314; Thu, 14 Nov 2024 12:32:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IFRvVY/M57ri+NNLV6/EkT+N49UHpXvzJqrFwEZorCOCpdSjcf+TBXAlNyn4D/OZvF10WDuNw== X-Received: by 2002:a17:907:60cb:b0:a9e:c266:2e15 with SMTP id a640c23a62f3a-aa483440e79mr6011166b.27.1731616324880; Thu, 14 Nov 2024 12:32:04 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:04 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 2/9] timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers Date: Thu, 14 Nov 2024 21:31:04 +0100 Message-ID: <20241114203112.57228-3-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Sebastian Andrzej Siewior PREEMPT_RT does not spin and wait until a running timer completes its callback but instead it blocks on a sleeping lock to prevent a livelock in the case that the task waiting for the callback completion preempted the callback. This cannot be done for timers flagged with TIMER_IRQSAFE. These timers can be canceled from an interrupt disabled context even on RT kernels. The expiry callback of such timers is invoked with interrupts disabled so there is no need to use the expiry lock mechanism because obviously the callback cannot be preempted even on RT kernels. Do not use the timer_base::expiry_lock mechanism when waiting for a running callback to complete if the timer is flagged with TIMER_IRQSAFE. Also add a lockdep assertion for RT kernels to validate that the expiry lock mechanism is always invoked in preemptible context. Reported-by: Mike Galbraith Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20201103190937.hga67rqhvknki3tp@linutronix.de (cherry picked from commit c725dafc95f1b37027840aaeaa8b7e4e9cd20516) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- kernel/time/timer.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kernel/time/timer.c b/kernel/time/timer.c index 4fe9b36d136a..6e8d80dd32a3 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -1320,7 +1320,7 @@ static void del_timer_wait_running(struct timer_list *timer) u32 tf; tf = READ_ONCE(timer->flags); - if (!(tf & TIMER_MIGRATING)) { + if (!(tf & (TIMER_MIGRATING | TIMER_IRQSAFE))) { struct timer_base *base = get_timer_base(tf); /* @@ -1406,6 +1406,13 @@ int timer_delete_sync(struct timer_list *timer) */ WARN_ON(in_irq() && !(timer->flags & TIMER_IRQSAFE)); + /* + * Must be able to sleep on PREEMPT_RT because of the slowpath in + * del_timer_wait_running(). + */ + if (IS_ENABLED(CONFIG_PREEMPT_RT) && !(timer->flags & TIMER_IRQSAFE)) + lockdep_assert_preemption_enabled(); + do { ret = try_to_del_timer_sync(timer);