From patchwork Thu Nov 14 20:31:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011631 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfD6376z1yCh for ; Fri, 15 Nov 2024 07:32:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVa-00029G-D2; Thu, 14 Nov 2024 20:32:06 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVZ-00028x-Hu for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:05 +0000 Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 5464B3F27D for ; Thu, 14 Nov 2024 20:32:05 +0000 (UTC) Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a9a2a81ab82so90677666b.1 for ; Thu, 14 Nov 2024 12:32:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616325; x=1732221125; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KjSqzRtZq409FXWLUpWHD4XySwExY7Eu6ghNRMzMGhU=; b=rwKTxVCw1Dq1t3lqFKKkrHtyokD1w4IpjnQXNjrEGps79Ew01c47NfrvKhnX2pYcS6 ypTsj0fCMUFuu/xZBP0DPTC8bNKnxsUTYOFbpKJki3+++brY+gsDRm6X9oX3CnWk3DKa qJSawBFXRilAoBdoInTM3Kpmdy9TCCvMfu5oXrbdf5+IB0uXWZzbUUS3zqi+ogKCzO39 setb49SQ8JMoOL1kNHehwEXV9l6tNzxrKZgeYN0WReVV9sKj3OiKUtDZd1byRfp/NQUt MjhkTJi3Ud+IJlth8KC+eTit3yIUv5msfIGwdp44mjq+RAWj2aTnQqjRE0VFdkDXx05u Wphg== X-Gm-Message-State: AOJu0Yxvy5lO6XzCQWar3ap7LhBfNedONXzwC32ylV/9YLbyOfYYJxSu hzT8jwWQEAFZXApK+oD4DQ0oMk9kbQkyMZIAbIjayTpTw1+kxsvgjIV6QtijhBtRrstMzvy2qG8 RgimHU64adihXqvNIp9rBK3oKwyRhYD2Lc2NTJqJ1pUdIbBI2Q/3wxbydY4v1QsYZ8uPQ55M2DG Tk+CW862CT8w== X-Received: by 2002:a17:907:9621:b0:a99:4780:1af with SMTP id a640c23a62f3a-aa483482425mr4362466b.31.1731616324632; Thu, 14 Nov 2024 12:32:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IFN6sLhdz0ynv8mVxdsJrYPlkFdNau/xJ/sl1+Q8g67zBN64mq+aLp9OpmiKUzZ5nbbtJw6NQ== X-Received: by 2002:a17:907:9621:b0:a99:4780:1af with SMTP id a640c23a62f3a-aa483482425mr4360366b.31.1731616324149; Thu, 14 Nov 2024 12:32:04 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:03 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 1/9] lockdep: Add preemption enabled/disabled assertion APIs Date: Thu, 14 Nov 2024 21:31:03 +0100 Message-ID: <20241114203112.57228-2-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Ahmed S. Darwish" Asserting that preemption is enabled or disabled is a critical sanity check. Developers are usually reluctant to add such a check in a fastpath as reading the preemption count can be costly. Extend the lockdep API with macros asserting that preemption is disabled or enabled. If lockdep is disabled, or if the underlying architecture does not support kernel preemption, this assert has no runtime overhead. References: f54bb2ec02c8 ("locking/lockdep: Add IRQs disabled/enabled assertion APIs: ...") Signed-off-by: Ahmed S. Darwish Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200720155530.1173732-8-a.darwish@linutronix.de (cherry picked from commit 8fd8ad5c5dfcb09cf62abadd4043eaf1afbbd0ce) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- include/linux/lockdep.h | 19 +++++++++++++++++++ lib/Kconfig.debug | 1 + 2 files changed, 20 insertions(+) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 410243038add..907820556316 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -655,12 +655,31 @@ do { \ "Not in hardirq as expected\n"); \ } while (0) +#define lockdep_assert_preemption_enabled() \ +do { \ + WARN_ON_ONCE(IS_ENABLED(CONFIG_PREEMPT_COUNT) && \ + debug_locks && \ + (preempt_count() != 0 || \ + !this_cpu_read(hardirqs_enabled))); \ +} while (0) + +#define lockdep_assert_preemption_disabled() \ +do { \ + WARN_ON_ONCE(IS_ENABLED(CONFIG_PREEMPT_COUNT) && \ + debug_locks && \ + (preempt_count() == 0 && \ + this_cpu_read(hardirqs_enabled))); \ +} while (0) + #else # define might_lock(lock) do { } while (0) # define might_lock_read(lock) do { } while (0) # define lockdep_assert_irqs_enabled() do { } while (0) # define lockdep_assert_irqs_disabled() do { } while (0) # define lockdep_assert_in_irq() do { } while (0) + +# define lockdep_assert_preemption_enabled() do { } while (0) +# define lockdep_assert_preemption_disabled() do { } while (0) #endif #ifdef CONFIG_LOCKDEP diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 6d79e7c3219c..1f06d0a7ec15 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1070,6 +1070,7 @@ config PROVE_LOCKING select DEBUG_RWSEMS select DEBUG_WW_MUTEX_SLOWPATH select DEBUG_LOCK_ALLOC + select PREEMPT_COUNT if !ARCH_NO_PREEMPT select TRACE_IRQFLAGS default n help From patchwork Thu Nov 14 20:31:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011629 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfD5jNYz1xyT for ; Fri, 15 Nov 2024 07:32:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVc-00029w-KV; Thu, 14 Nov 2024 20:32:08 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVa-000296-Bn for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:06 +0000 Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 02A913F27D for ; Thu, 14 Nov 2024 20:32:06 +0000 (UTC) Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a9e0eb26f08so90653066b.0 for ; Thu, 14 Nov 2024 12:32:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616325; x=1732221125; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FuOgtJZ6r+7AoXXXoBAWZDRUkGGSvRZN13qtrJWBLCs=; b=nBO2wk0V3bvCYPB6KZdpAsf+T4dUlzF3NetvO64He3dR/7Jw6Y83t6BGngyxSaG5Gt nU2qP+sleTVmDEqlc8Rcg3TV1oTU5RjJ814VepQtyWaecbKf1+MnwFMvqFKNtFtWyq44 pQu1LEcVioh0hpqaN6im97xqfhS7KSu9JExna6WJj6SM2eFkAotHjj1QYSElv/5Hfi/C 1vXRkpUBfBDVC5DXVC+KRTZhXpSP4n+p1KXEgy8GdIX+qQfot3nY0q8exyt6xUr4Ko3G R5pOvxldnR0dYtWG3x755q2rc0nfSpA642aWe8+lqJrOZptSI1o1w9iGL95WhSu0wc0r gA5Q== X-Gm-Message-State: AOJu0YztMs6jxRGjUnBbrqWM/x7vgIhxJswwWFlBGgI/GBcSQWcdihV7 J/oOe/ZGISjfTMEiSl0LK17kZREXR8hgTjYbw5XRwqj+MrEw0hLJ3s9X6nbPP0OQss0TOxSTOHh LXn8tysaziVf1UMFYps62qB0Pcq9TWxSuFdSwOnJ3J1SJjE6XxNYfkFwCl0tgde0VV7Mmv/6fT9 4vms17SUPhdQ== X-Received: by 2002:a17:907:60cb:b0:a9e:c266:2e15 with SMTP id a640c23a62f3a-aa483440e79mr6013166b.27.1731616325314; Thu, 14 Nov 2024 12:32:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IFRvVY/M57ri+NNLV6/EkT+N49UHpXvzJqrFwEZorCOCpdSjcf+TBXAlNyn4D/OZvF10WDuNw== X-Received: by 2002:a17:907:60cb:b0:a9e:c266:2e15 with SMTP id a640c23a62f3a-aa483440e79mr6011166b.27.1731616324880; Thu, 14 Nov 2024 12:32:04 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:04 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 2/9] timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers Date: Thu, 14 Nov 2024 21:31:04 +0100 Message-ID: <20241114203112.57228-3-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Sebastian Andrzej Siewior PREEMPT_RT does not spin and wait until a running timer completes its callback but instead it blocks on a sleeping lock to prevent a livelock in the case that the task waiting for the callback completion preempted the callback. This cannot be done for timers flagged with TIMER_IRQSAFE. These timers can be canceled from an interrupt disabled context even on RT kernels. The expiry callback of such timers is invoked with interrupts disabled so there is no need to use the expiry lock mechanism because obviously the callback cannot be preempted even on RT kernels. Do not use the timer_base::expiry_lock mechanism when waiting for a running callback to complete if the timer is flagged with TIMER_IRQSAFE. Also add a lockdep assertion for RT kernels to validate that the expiry lock mechanism is always invoked in preemptible context. Reported-by: Mike Galbraith Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20201103190937.hga67rqhvknki3tp@linutronix.de (cherry picked from commit c725dafc95f1b37027840aaeaa8b7e4e9cd20516) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- kernel/time/timer.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kernel/time/timer.c b/kernel/time/timer.c index 4fe9b36d136a..6e8d80dd32a3 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -1320,7 +1320,7 @@ static void del_timer_wait_running(struct timer_list *timer) u32 tf; tf = READ_ONCE(timer->flags); - if (!(tf & TIMER_MIGRATING)) { + if (!(tf & (TIMER_MIGRATING | TIMER_IRQSAFE))) { struct timer_base *base = get_timer_base(tf); /* @@ -1406,6 +1406,13 @@ int timer_delete_sync(struct timer_list *timer) */ WARN_ON(in_irq() && !(timer->flags & TIMER_IRQSAFE)); + /* + * Must be able to sleep on PREEMPT_RT because of the slowpath in + * del_timer_wait_running(). + */ + if (IS_ENABLED(CONFIG_PREEMPT_RT) && !(timer->flags & TIMER_IRQSAFE)) + lockdep_assert_preemption_enabled(); + do { ret = try_to_del_timer_sync(timer); From patchwork Thu Nov 14 20:31:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011630 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfD5rtsz1yCf for ; Fri, 15 Nov 2024 07:32:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVd-0002AP-SE; Thu, 14 Nov 2024 20:32:09 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVb-00029g-WB for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:08 +0000 Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id C460E3F27D for ; Thu, 14 Nov 2024 20:32:06 +0000 (UTC) Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a99ef476aadso89504966b.3 for ; Thu, 14 Nov 2024 12:32:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616326; x=1732221126; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DveaIEBsGCz+LApHZ4nQfCdEa6+6/rql1XsKoGS2fvs=; b=SgpU465j6BXCuYBvW65h+8LcQmOsJArK3wrohzbrDHFS/HgpuoCMQfGQ6YZD0QaUCc jGbxX6ky7lLWxnN+TjW6DydHWC0DZXyeGZdJAoozwzynh846Mwj+PZ0ksvssjKcwMtQk AiQuqJAZGZHqf7sVeJ1XIHVrT+B9oUlzkuxJMZYrHZjd+JytYy2dPNKKrtFLgJIySzXD or7Q67HMOxqoj0as4vuBO0TqjQZvkgXiW4/ASGyZjfmtHqiddr87mdHVmZS2Vq9umS2t /cGkN99DLq0sYxtO3gTcurUdMzsnI/hjSQ3PIzsHuY2+Yvq3+/Ino87oED/OU/AGJIe2 t2bg== X-Gm-Message-State: AOJu0YxLjf3C+8EMtx8hb5EbeHeAwZlYSFUc5c1YNyJH6819NrX2Tz+j 5XKLZqbpkL0s423tYLVXufzBT+MEGy43cQJc2S9hrOwN6a8uRc9osoyxQ8ARIbcNYB14HEwnrHc grz+UUpu7fmvsrfbCFP+JsFzOJMhzdTfg/7UCC6vTLNocxia7u4cPEYYR9T6UlHKhaXy6a1+ePg /2L4KrmtPYEg== X-Received: by 2002:a17:906:4785:b0:a9a:ea4:2834 with SMTP id a640c23a62f3a-aa48347e83cmr4506866b.33.1731616326131; Thu, 14 Nov 2024 12:32:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IHavRDytXOBqSKzxkPlO5G7LN08jG6CoxW2+YVpYN1R0sD+qhwYNwVNwLOMhztYyR/0SEyCYA== X-Received: by 2002:a17:906:4785:b0:a9a:ea4:2834 with SMTP id a640c23a62f3a-aa48347e83cmr4505366b.33.1731616325656; Thu, 14 Nov 2024 12:32:05 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:05 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 3/9] timers: Rename del_timer() to timer_delete() Date: Thu, 14 Nov 2024 21:31:05 +0100 Message-ID: <20241114203112.57228-4-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Thomas Gleixner The timer related functions do not have a strict timer_ prefixed namespace which is really annoying. Rename del_timer() to timer_delete() and provide del_timer() as a wrapper. Document that del_timer() is not for new code. Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Reviewed-by: Steven Rostedt (Google) Reviewed-by: Jacob Keller Reviewed-by: Anna-Maria Behnsen Link: https://lore.kernel.org/r/20221123201625.015535022@linutronix.de (backported from commit bb663f0f3c396c6d05f6c5eeeea96ced20ff112e) [mpellizzer: backported solving merge conflicts due to surrounding instructions which do not affect the patch] CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- include/linux/timer.h | 15 ++++++++++++++- kernel/time/timer.c | 6 +++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/include/linux/timer.h b/include/linux/timer.h index cadb23acd229..efac7424fe57 100644 --- a/include/linux/timer.h +++ b/include/linux/timer.h @@ -168,7 +168,6 @@ static inline int timer_pending(const struct timer_list * timer) } extern void add_timer_on(struct timer_list *timer, int cpu); -extern int del_timer(struct timer_list * timer); extern int mod_timer(struct timer_list *timer, unsigned long expires); extern int mod_timer_pending(struct timer_list *timer, unsigned long expires); extern int timer_reduce(struct timer_list *timer, unsigned long expires); @@ -183,6 +182,7 @@ extern void add_timer(struct timer_list *timer); extern int try_to_del_timer_sync(struct timer_list *timer); extern int timer_delete_sync(struct timer_list *timer); +extern int timer_delete(struct timer_list *timer); /** * del_timer_sync - Delete a pending timer and wait for a running callback @@ -199,6 +199,19 @@ static inline int del_timer_sync(struct timer_list *timer) #define del_singleshot_timer_sync(t) del_timer_sync(t) +/** + * del_timer - Delete a pending timer + * @timer: The timer to be deleted + * + * See timer_delete() for detailed explanation. + * + * Do not use in new code. Use timer_delete() instead. + */ +static inline int del_timer(struct timer_list *timer) +{ + return timer_delete(timer); +} + extern void init_timers(void); extern void run_local_timers(void); struct hrtimer; diff --git a/kernel/time/timer.c b/kernel/time/timer.c index 6e8d80dd32a3..f4a28deb179a 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -1206,7 +1206,7 @@ void add_timer_on(struct timer_list *timer, int cpu) EXPORT_SYMBOL_GPL(add_timer_on); /** - * del_timer - Deactivate a timer. + * timer_delete - Deactivate a timer * @timer: The timer to be deactivated * * The function only deactivates a pending timer, but contrary to @@ -1219,7 +1219,7 @@ EXPORT_SYMBOL_GPL(add_timer_on); * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated */ -int del_timer(struct timer_list *timer) +int timer_delete(struct timer_list *timer) { struct timer_base *base; unsigned long flags; @@ -1235,7 +1235,7 @@ int del_timer(struct timer_list *timer) return ret; } -EXPORT_SYMBOL(del_timer); +EXPORT_SYMBOL(timer_delete); /** * try_to_del_timer_sync - Try to deactivate a timer From patchwork Thu Nov 14 20:31:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011634 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfD5ncmz1yCb for ; Fri, 15 Nov 2024 07:32:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVg-0002CS-2R; Thu, 14 Nov 2024 20:32:12 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVc-00029t-Hg for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:08 +0000 Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 102823F27D for ; Thu, 14 Nov 2024 20:32:08 +0000 (UTC) Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a9a23eada74so74307866b.3 for ; Thu, 14 Nov 2024 12:32:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616327; x=1732221127; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UUolzF7MUvYdv5OVB4dT9tvKrd4Altan0dUBaTJcvOs=; b=ceNrdLLuxQYFlbCZ03Z87g7cM9SWA0KJm3qd+5wPobvViTJsz/YTEkQLcOHbnhMgVf Qbv+EZh2A78uF4cPBsPa5af9+n/k3Aek4Z+zvjuXYcYLxlq52bwDQRDeWrJOstGxWDuI WI2/qmrDBMOSVa9mwYaqgWo2WSoTXzWNlArsuhh/PqYZSNbow2O2k1JgCkZsXlBygMaU UgMiGqcxBq66da3jIovuIN+IcZDFtP29yhF1kNtp9IqnOOOREIqLmo1yhFSPl3djWa7j 4SGOvrbUu8rfanj2ZeSaNmEgdsZ42Jg3dIKe0Xw0XNOUqlCqZyO3ape3j4uItS9PAJmJ 81/Q== X-Gm-Message-State: AOJu0Yy8vZ3/G1DOgcOlbdX8yeSfdzlUbOPhxRL5+HL1OGF8zxi5QbDN o3eH14dQdHht3JctqamDQP3kPbNBRcMnw951uAtvmouir/+/E7Sbxlk9bTaBQIxBmnUIeNRXlfh HjwF9bXpRzbeFqdPpp4Digkoj75lX/e4VO+YExAe19Wah5IHeFP6S4VW1RV7u+eFAxhGvSgcu84 4GRQfHyMco5Q== X-Received: by 2002:a17:907:2d90:b0:aa3:5ca5:2ca4 with SMTP id a640c23a62f3a-aa483441d9cmr5738166b.25.1731616327014; Thu, 14 Nov 2024 12:32:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IEOjs7LXfwrf3bQuuWd0C8f5F9JWtSWf0tkj/l91J9baYxVKzYQFVHfKRMGtm/UpACPdNgWRw== X-Received: by 2002:a17:907:2d90:b0:aa3:5ca5:2ca4 with SMTP id a640c23a62f3a-aa483441d9cmr5735466b.25.1731616326450; Thu, 14 Nov 2024 12:32:06 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:05 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 4/9] timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode Date: Thu, 14 Nov 2024 21:31:06 +0100 Message-ID: <20241114203112.57228-5-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Thomas Gleixner Tearing down timers which have circular dependencies to other functionality, e.g. workqueues, where the timer can schedule work and work can arm timers, is not trivial. In those cases it is desired to shutdown the timer in a way which prevents rearming of the timer. The mechanism to do so is to set timer->function to NULL and use this as an indicator for the timer arming functions to ignore the (re)arm request. Split the inner workings of try_do_del_timer_sync(), del_timer_sync() and del_timer() into helper functions to prepare for implementing the shutdown functionality. No functional change. Co-developed-by: Steven Rostedt Signed-off-by: Steven Rostedt Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Reviewed-by: Jacob Keller Reviewed-by: Anna-Maria Behnsen Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home Link: https://lore.kernel.org/all/20221110064101.429013735@goodmis.org Link: https://lore.kernel.org/r/20221123201625.195147423@linutronix.de (backported from commit 8553b5f2774a66b1f293b7d783934210afb8f23c) [mpellizzer: backported solving trivial merge conflicts] CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- kernel/time/timer.c | 145 ++++++++++++++++++++++++++++---------------- 1 file changed, 93 insertions(+), 52 deletions(-) diff --git a/kernel/time/timer.c b/kernel/time/timer.c index f4a28deb179a..2aca1a7edf6c 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -1206,20 +1206,14 @@ void add_timer_on(struct timer_list *timer, int cpu) EXPORT_SYMBOL_GPL(add_timer_on); /** - * timer_delete - Deactivate a timer + * __timer_delete - Internal function: Deactivate a timer * @timer: The timer to be deactivated * - * The function only deactivates a pending timer, but contrary to - * timer_delete_sync() it does not take into account whether the timer's - * callback function is concurrently executed on a different CPU or not. - * It neither prevents rearming of the timer. If @timer can be rearmed - * concurrently then the return value of this function is meaningless. - * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated */ -int timer_delete(struct timer_list *timer) +static int __timer_delete(struct timer_list *timer) { struct timer_base *base; unsigned long flags; @@ -1235,25 +1229,37 @@ int timer_delete(struct timer_list *timer) return ret; } -EXPORT_SYMBOL(timer_delete); /** - * try_to_del_timer_sync - Try to deactivate a timer - * @timer: Timer to deactivate + * timer_delete - Deactivate a timer + * @timer: The timer to be deactivated * - * This function tries to deactivate a timer. On success the timer is not - * queued and the timer callback function is not running on any CPU. + * The function only deactivates a pending timer, but contrary to + * timer_delete_sync() it does not take into account whether the timer's + * callback function is concurrently executed on a different CPU or not. + * It neither prevents rearming of the timer. If @timer can be rearmed + * concurrently then the return value of this function is meaningless. * - * This function does not guarantee that the timer cannot be rearmed right - * after dropping the base lock. That needs to be prevented by the calling - * code if necessary. + * Return: + * * %0 - The timer was not pending + * * %1 - The timer was pending and deactivated + */ +int timer_delete(struct timer_list *timer) +{ + return __timer_delete(timer); +} +EXPORT_SYMBOL(timer_delete); + +/** + * __try_to_del_timer_sync - Internal function: Try to deactivate a timer + * @timer: Timer to deactivate * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated * * %-1 - The timer callback function is running on a different CPU */ -int try_to_del_timer_sync(struct timer_list *timer) +static int __try_to_del_timer_sync(struct timer_list *timer) { struct timer_base *base; unsigned long flags; @@ -1270,6 +1276,27 @@ int try_to_del_timer_sync(struct timer_list *timer) return ret; } + +/** + * try_to_del_timer_sync - Try to deactivate a timer + * @timer: Timer to deactivate + * + * This function tries to deactivate a timer. On success the timer is not + * queued and the timer callback function is not running on any CPU. + * + * This function does not guarantee that the timer cannot be rearmed right + * after dropping the base lock. That needs to be prevented by the calling + * code if necessary. + * + * Return: + * * %0 - The timer was not pending + * * %1 - The timer was pending and deactivated + * * %-1 - The timer callback function is running on a different CPU + */ +int try_to_del_timer_sync(struct timer_list *timer) +{ + return __try_to_del_timer_sync(timer); +} EXPORT_SYMBOL(try_to_del_timer_sync); #ifdef CONFIG_PREEMPT_RT @@ -1346,45 +1373,15 @@ static inline void del_timer_wait_running(struct timer_list *timer) { } #endif /** - * timer_delete_sync - Deactivate a timer and wait for the handler to finish. + * __timer_delete_sync - Internal function: Deactivate a timer and wait + * for the handler to finish. * @timer: The timer to be deactivated * - * Synchronization rules: Callers must prevent restarting of the timer, - * otherwise this function is meaningless. It must not be called from - * interrupt contexts unless the timer is an irqsafe one. The caller must - * not hold locks which would prevent completion of the timer's callback - * function. The timer's handler must not call add_timer_on(). Upon exit - * the timer is not queued and the handler is not running on any CPU. - * - * For !irqsafe timers, the caller must not hold locks that are held in - * interrupt context. Even if the lock has nothing to do with the timer in - * question. Here's why:: - * - * CPU0 CPU1 - * ---- ---- - * - * call_timer_fn(); - * base->running_timer = mytimer; - * spin_lock_irq(somelock); - * - * spin_lock(somelock); - * timer_delete_sync(mytimer); - * while (base->running_timer == mytimer); - * - * Now timer_delete_sync() will never return and never release somelock. - * The interrupt on the other CPU is waiting to grab somelock but it has - * interrupted the softirq that CPU0 is waiting to finish. - * - * This function cannot guarantee that the timer is not rearmed again by - * some concurrent or preempting code, right after it dropped the base - * lock. If there is the possibility of a concurrent rearm then the return - * value of the function is meaningless. - * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated */ -int timer_delete_sync(struct timer_list *timer) +static int __timer_delete_sync(struct timer_list *timer) { int ret; @@ -1414,7 +1411,7 @@ int timer_delete_sync(struct timer_list *timer) lockdep_assert_preemption_enabled(); do { - ret = try_to_del_timer_sync(timer); + ret = __try_to_del_timer_sync(timer); if (unlikely(ret < 0)) { del_timer_wait_running(timer); @@ -1424,6 +1421,50 @@ int timer_delete_sync(struct timer_list *timer) return ret; } + +/** + * timer_delete_sync - Deactivate a timer and wait for the handler to finish. + * @timer: The timer to be deactivated + * + * Synchronization rules: Callers must prevent restarting of the timer, + * otherwise this function is meaningless. It must not be called from + * interrupt contexts unless the timer is an irqsafe one. The caller must + * not hold locks which would prevent completion of the timer's callback + * function. The timer's handler must not call add_timer_on(). Upon exit + * the timer is not queued and the handler is not running on any CPU. + * + * For !irqsafe timers, the caller must not hold locks that are held in + * interrupt context. Even if the lock has nothing to do with the timer in + * question. Here's why:: + * + * CPU0 CPU1 + * ---- ---- + * + * call_timer_fn(); + * base->running_timer = mytimer; + * spin_lock_irq(somelock); + * + * spin_lock(somelock); + * timer_delete_sync(mytimer); + * while (base->running_timer == mytimer); + * + * Now timer_delete_sync() will never return and never release somelock. + * The interrupt on the other CPU is waiting to grab somelock but it has + * interrupted the softirq that CPU0 is waiting to finish. + * + * This function cannot guarantee that the timer is not rearmed again by + * some concurrent or preempting code, right after it dropped the base + * lock. If there is the possibility of a concurrent rearm then the return + * value of the function is meaningless. + * + * Return: + * * %0 - The timer was not pending + * * %1 - The timer was pending and deactivated + */ +int timer_delete_sync(struct timer_list *timer) +{ + return __timer_delete_sync(timer); +} EXPORT_SYMBOL(timer_delete_sync); static void call_timer_fn(struct timer_list *timer, From patchwork Thu Nov 14 20:31:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011635 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfF5b41z1yCm for ; Fri, 15 Nov 2024 07:32:21 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVh-0002Ef-LV; Thu, 14 Nov 2024 20:32:13 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVe-0002BD-AG for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:10 +0000 Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 9264A3F2BC for ; Thu, 14 Nov 2024 20:32:08 +0000 (UTC) Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a9ad6d781acso101084566b.2 for ; Thu, 14 Nov 2024 12:32:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616328; x=1732221128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EqWcfyWhXyQffzE8zDoHT10UVlT99EbxcB9YWJmdZg0=; b=KcxrebdUUrO+eoBHSW/GLVx4hUHBjiNXem+M9DVOLoctJD/By7RvSfZ0gN/gUjU3jQ 5cfcjE9SC/5zMljzUbTSkj3nMYjTuAtEXlb+hQK0OFDyANWDfGSguEXYV4pkeksqon5V ab0M2zUj29uua+dWKqkoQkXp7dHB9xpPOY/BTKxOz55trKbhF407cyefmNsJlFbKL+LH NaJmjoCkC07CIpNcleMuWi2rLJI35jakjh291zqfOAgYbGG0QQycjoP695upIFoyE6gx G42WOVgFQVFRTB2HNBbr2X0gTQymxTixnU/HL1VfkLc8TQyDqFI8SyhBKCrQ8oI19Lh/ ueRg== X-Gm-Message-State: AOJu0Yx1HhIPN1hU3M7fbkV0XeNta97TGpg2rvFyeFyIw1BDG9vU6Bqo PwU5KJGKvtrTVPeYVTIj5xaf0bGF8qtIUIElGpQhe7LrkuaEOW2vpAGxGz+kWdKhAXJo55XHCfg lI2AAW5DIQx1bxxDjzRzA9J2YC4pAKgPd/wXqYWsis01168vxwOyBYfp+oWbq94sdF/KRsVZ/5j TAkeDHZKAS3w== X-Received: by 2002:a17:907:2d90:b0:a9f:168:efdf with SMTP id a640c23a62f3a-aa4833f6fe1mr5808566b.6.1731616327730; Thu, 14 Nov 2024 12:32:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IH7oBxPBJcdAkR5YPcOhKnZd+Z+AFPPYe2yfS1aaRcpbZUOULF3ACZspDBwBO4cRD0bd/0qDQ== X-Received: by 2002:a17:907:2d90:b0:a9f:168:efdf with SMTP id a640c23a62f3a-aa4833f6fe1mr5807066b.6.1731616327110; Thu, 14 Nov 2024 12:32:07 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:06 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 5/9] timers: Add shutdown mechanism to the internal functions Date: Thu, 14 Nov 2024 21:31:07 +0100 Message-ID: <20241114203112.57228-6-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Thomas Gleixner Tearing down timers which have circular dependencies to other functionality, e.g. workqueues, where the timer can schedule work and work can arm timers, is not trivial. In those cases it is desired to shutdown the timer in a way which prevents rearming of the timer. The mechanism to do so is to set timer->function to NULL and use this as an indicator for the timer arming functions to ignore the (re)arm request. Add a shutdown argument to the relevant internal functions which makes the actual deactivation code set timer->function to NULL which in turn prevents rearming of the timer. Co-developed-by: Steven Rostedt Signed-off-by: Steven Rostedt Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Reviewed-by: Jacob Keller Reviewed-by: Anna-Maria Behnsen Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home Link: https://lore.kernel.org/all/20221110064101.429013735@goodmis.org Link: https://lore.kernel.org/r/20221123201625.253883224@linutronix.de (cherry picked from commit 0cc04e80458a822300b93f82ed861a513edde194) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- kernel/time/timer.c | 62 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 8 deletions(-) diff --git a/kernel/time/timer.c b/kernel/time/timer.c index 2aca1a7edf6c..a47bc6f294b3 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -1208,12 +1208,19 @@ EXPORT_SYMBOL_GPL(add_timer_on); /** * __timer_delete - Internal function: Deactivate a timer * @timer: The timer to be deactivated + * @shutdown: If true, this indicates that the timer is about to be + * shutdown permanently. + * + * If @shutdown is true then @timer->function is set to NULL under the + * timer base lock which prevents further rearming of the time. In that + * case any attempt to rearm @timer after this function returns will be + * silently ignored. * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated */ -static int __timer_delete(struct timer_list *timer) +static int __timer_delete(struct timer_list *timer, bool shutdown) { struct timer_base *base; unsigned long flags; @@ -1221,9 +1228,22 @@ static int __timer_delete(struct timer_list *timer) debug_assert_init(timer); - if (timer_pending(timer)) { + /* + * If @shutdown is set then the lock has to be taken whether the + * timer is pending or not to protect against a concurrent rearm + * which might hit between the lockless pending check and the lock + * aquisition. By taking the lock it is ensured that such a newly + * enqueued timer is dequeued and cannot end up with + * timer->function == NULL in the expiry code. + * + * If timer->function is currently executed, then this makes sure + * that the callback cannot requeue the timer. + */ + if (timer_pending(timer) || shutdown) { base = lock_timer_base(timer, &flags); ret = detach_if_pending(timer, base, true); + if (shutdown) + timer->function = NULL; raw_spin_unlock_irqrestore(&base->lock, flags); } @@ -1246,20 +1266,31 @@ static int __timer_delete(struct timer_list *timer) */ int timer_delete(struct timer_list *timer) { - return __timer_delete(timer); + return __timer_delete(timer, false); } EXPORT_SYMBOL(timer_delete); /** * __try_to_del_timer_sync - Internal function: Try to deactivate a timer * @timer: Timer to deactivate + * @shutdown: If true, this indicates that the timer is about to be + * shutdown permanently. + * + * If @shutdown is true then @timer->function is set to NULL under the + * timer base lock which prevents further rearming of the timer. Any + * attempt to rearm @timer after this function returns will be silently + * ignored. + * + * This function cannot guarantee that the timer cannot be rearmed + * right after dropping the base lock if @shutdown is false. That + * needs to be prevented by the calling code if necessary. * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated * * %-1 - The timer callback function is running on a different CPU */ -static int __try_to_del_timer_sync(struct timer_list *timer) +static int __try_to_del_timer_sync(struct timer_list *timer, bool shutdown) { struct timer_base *base; unsigned long flags; @@ -1271,6 +1302,8 @@ static int __try_to_del_timer_sync(struct timer_list *timer) if (base->running_timer != timer) ret = detach_if_pending(timer, base, true); + if (shutdown) + timer->function = NULL; raw_spin_unlock_irqrestore(&base->lock, flags); @@ -1295,7 +1328,7 @@ static int __try_to_del_timer_sync(struct timer_list *timer) */ int try_to_del_timer_sync(struct timer_list *timer) { - return __try_to_del_timer_sync(timer); + return __try_to_del_timer_sync(timer, false); } EXPORT_SYMBOL(try_to_del_timer_sync); @@ -1376,12 +1409,25 @@ static inline void del_timer_wait_running(struct timer_list *timer) { } * __timer_delete_sync - Internal function: Deactivate a timer and wait * for the handler to finish. * @timer: The timer to be deactivated + * @shutdown: If true, @timer->function will be set to NULL under the + * timer base lock which prevents rearming of @timer + * + * If @shutdown is not set the timer can be rearmed later. If the timer can + * be rearmed concurrently, i.e. after dropping the base lock then the + * return value is meaningless. + * + * If @shutdown is set then @timer->function is set to NULL under timer + * base lock which prevents rearming of the timer. Any attempt to rearm + * a shutdown timer is silently ignored. + * + * If the timer should be reused after shutdown it has to be initialized + * again. * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated */ -static int __timer_delete_sync(struct timer_list *timer) +static int __timer_delete_sync(struct timer_list *timer, bool shutdown) { int ret; @@ -1411,7 +1457,7 @@ static int __timer_delete_sync(struct timer_list *timer) lockdep_assert_preemption_enabled(); do { - ret = __try_to_del_timer_sync(timer); + ret = __try_to_del_timer_sync(timer, shutdown); if (unlikely(ret < 0)) { del_timer_wait_running(timer); @@ -1463,7 +1509,7 @@ static int __timer_delete_sync(struct timer_list *timer) */ int timer_delete_sync(struct timer_list *timer) { - return __timer_delete_sync(timer); + return __timer_delete_sync(timer, false); } EXPORT_SYMBOL(timer_delete_sync); From patchwork Thu Nov 14 20:31:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011638 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfJ0fGCz1yCb for ; Fri, 15 Nov 2024 07:32:24 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVj-0002Ij-Ua; Thu, 14 Nov 2024 20:32:15 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVe-0002AQ-18 for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:10 +0000 Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B022040593 for ; Thu, 14 Nov 2024 20:32:09 +0000 (UTC) Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a9a0c259715so429666b.0 for ; Thu, 14 Nov 2024 12:32:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616328; x=1732221128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EMs1aN3xqCZS0Wsf1jdpiXWYFU5cWy9+qRCxitvPdCY=; b=kH8PjkduuS6tH57f8iZ3CcMdHYaj/22EzAZEUW8g0kRlZ2BwSMx/e9jGFUAkw513UO RvEi9ivmoGR0qRByEQZ8DCC2yIFbqtPgStgW8exlxNF6iF7qilpAy5/5DnHwn+NW6mwS jdjB7Jvn2HyXk6r3vfSzs2tB2noPLcTxKDIeByH1FH2sTxXfNjAj4lQD55hmaHejmYnT o5jOQX8FJkw+eEN2zvLlhoFiY99kVY5gWJnu6tz6n/lsQXwWhf8JTEVCCAZ+AMma9LrN QEJuDit3ueVafTHM530eedghM9MXozfsKuv0fvRFLuSyJVFkCXzJFMDzsDFhO01aL2lu rWng== X-Gm-Message-State: AOJu0YwQ9z9c0FFpSBh5Hg9bq1aSL4DzL0hbjXwM/GezIhI6mcw0VzkH Y+wDV9kXrysENXXPKYFnApyWsabA2QlbLGyNp2sXe8jXOczLkccik/og3jtLTccsuGLaalBYOhj qczBKqRBZ/J8uaKLtqKvgcEau8r80DcZQXPNZPhq9nlT/kWZLEDMlbMQahuY9JaXm0nPEHtS+s2 ZaKjMCZ1C+hg== X-Received: by 2002:a17:906:d54b:b0:a9a:dc3:c86e with SMTP id a640c23a62f3a-aa4833eb3d4mr5305066b.11.1731616328428; Thu, 14 Nov 2024 12:32:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IGXdsabgkA9zkfRJ5rjI2bvJ1lWKnXL6rCJhHGXl4A1aIwlXnGdNyXzkAkFJkF3VQZUmGV9RQ== X-Received: by 2002:a17:906:d54b:b0:a9a:dc3:c86e with SMTP id a640c23a62f3a-aa4833eb3d4mr5303166b.11.1731616327909; Thu, 14 Nov 2024 12:32:07 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:07 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 6/9] clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function Date: Thu, 14 Nov 2024 21:31:08 +0100 Message-ID: <20241114203112.57228-7-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Steven Rostedt (Google)" A new "shutdown" timer state is being added to the generic timer code. One of the functions to change the timer into the state is called "timer_shutdown()". This means that there can not be other functions called "timer_shutdown()" as the timer code owns the "timer_*" name space. Rename timer_shutdown() to arch_timer_shutdown() to avoid this conflict. Signed-off-by: Steven Rostedt (Google) Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Reviewed-by: Guenter Roeck Reviewed-by: Jacob Keller Reviewed-by: Anna-Maria Behnsen Acked-by: Marc Zyngier Link: https://lkml.kernel.org/r/20221106212702.002251651@goodmis.org Link: https://lore.kernel.org/all/20221105060155.409832154@goodmis.org/ Link: https://lore.kernel.org/r/20221110064146.981725531@goodmis.org Link: https://lore.kernel.org/r/20221123201624.574672568@linutronix.de (cherry picked from commit 73737a5833ace25a8408b0d3b783637cb6bf29d1) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- drivers/clocksource/arm_arch_timer.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c index ec6f28ed21e2..63bd4e846b2b 100644 --- a/drivers/clocksource/arm_arch_timer.c +++ b/drivers/clocksource/arm_arch_timer.c @@ -675,8 +675,8 @@ static irqreturn_t arch_timer_handler_virt_mem(int irq, void *dev_id) return timer_handler(ARCH_TIMER_MEM_VIRT_ACCESS, evt); } -static __always_inline int timer_shutdown(const int access, - struct clock_event_device *clk) +static __always_inline int arch_timer_shutdown(const int access, + struct clock_event_device *clk) { unsigned long ctrl; @@ -689,22 +689,22 @@ static __always_inline int timer_shutdown(const int access, static int arch_timer_shutdown_virt(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); } static int arch_timer_shutdown_phys(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); } static int arch_timer_shutdown_virt_mem(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); } static int arch_timer_shutdown_phys_mem(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); } static __always_inline void set_next_event(const int access, unsigned long evt, From patchwork Thu Nov 14 20:31:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011633 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfD6X86z1yCl for ; Fri, 15 Nov 2024 07:32:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVg-0002Cg-BP; Thu, 14 Nov 2024 20:32:12 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVe-0002Aa-43 for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:10 +0000 Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id E278140CE6 for ; Thu, 14 Nov 2024 20:32:09 +0000 (UTC) Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aa2099d0114so131242266b.1 for ; Thu, 14 Nov 2024 12:32:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616329; x=1732221129; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LQNO6ZL1aF/hcnHSFz3TlCmq5mKIIOeWm+IAueO09BA=; b=Db0pPnP7cNAc0n2Me8YFU6ECspmdKg4KoyjBy/S/hzO3CdMv5AXVHVpR+0Pf0bCj9d c4IFmcgXiznm0/bzVenjTnhmJo58QC5yF10TaOTgUUP3Xke4sbmxXMbV6+rqSdtg1sV9 bJcegFliD8QOfQs9q6YFhIndrkSawtsu8ZwkW4oS6ufSGQSVO2mBpelOQysAfbgrJNw2 5MY+ZS1tLcNoUq1BgXCH7WdANyF+OtxFRKxb1vdJYCXw2oIxgsNlvrD4BjgbR0QJgMuk 4hz98B48eZZukQx/xxFsGLWn5FphghmNoF9Hl6NAv2qZDIh47EOOiu+mXHuIQBJkZuPc y1ew== X-Gm-Message-State: AOJu0YxuEJPiA9JVIvI7qN5jVf1vj1jz8QtJ2KzXXbRJaptckaAc+IpR BRL7YhVagjXrCWhX9/lYJsky8C7Lu3N/ed9Cd0rKjmUuKsHag6VKHHFB0gaUVzCCQ4m0YUnqt+1 yTgrKIIQej462AMuMP2Nyk+xrPt99VqdbTDSt/VNdXwzA+dR3Yq2OTzqdk0YWC/jy+XzSGUpRBa MktA6XoBZw2w== X-Received: by 2002:a17:907:608b:b0:a9e:85f8:2a49 with SMTP id a640c23a62f3a-aa20768720amr417820266b.8.1731616329155; Thu, 14 Nov 2024 12:32:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IHtYkES+dW4lBS1pF/ioh8cnVAGnyhjIqcdhNEgtR4Q9IczGwMKvlIkK9aYaQ/RzC9lJ6gSQw== X-Received: by 2002:a17:907:608b:b0:a9e:85f8:2a49 with SMTP id a640c23a62f3a-aa20768720amr417818066b.8.1731616328722; Thu, 14 Nov 2024 12:32:08 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:08 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 7/9] clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function Date: Thu, 14 Nov 2024 21:31:09 +0100 Message-ID: <20241114203112.57228-8-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Steven Rostedt (Google)" A new "shutdown" timer state is being added to the generic timer code. One of the functions to change the timer into the state is called "timer_shutdown()". This means that there can not be other functions called "timer_shutdown()" as the timer code owns the "timer_*" name space. Rename timer_shutdown() to evt_timer_shutdown() to avoid this conflict. Signed-off-by: Steven Rostedt (Google) Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Reviewed-by: Guenter Roeck Reviewed-by: Jacob Keller Reviewed-by: Anna-Maria Behnsen Link: https://lkml.kernel.org/r/20221106212702.182883323@goodmis.org Link: https://lore.kernel.org/all/20221105060155.592778858@goodmis.org/ Link: https://lore.kernel.org/r/20221110064147.158230501@goodmis.org Link: https://lore.kernel.org/r/20221123201624.634354813@linutronix.de (backported from commit 6e1fc2591f116dfb20b65cf27356475461d61bd8) [mpellizzer: backported solving merge conflicts due to surrounding instructions which do not affect the patch] CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- drivers/clocksource/timer-sp804.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/clocksource/timer-sp804.c b/drivers/clocksource/timer-sp804.c index c9aa0498fb84..e3fffd2a0d5d 100644 --- a/drivers/clocksource/timer-sp804.c +++ b/drivers/clocksource/timer-sp804.c @@ -122,14 +122,14 @@ static irqreturn_t sp804_timer_interrupt(int irq, void *dev_id) return IRQ_HANDLED; } -static inline void timer_shutdown(struct clock_event_device *evt) +static inline void evt_timer_shutdown(struct clock_event_device *evt) { writel(0, clkevt_base + TIMER_CTRL); } static int sp804_shutdown(struct clock_event_device *evt) { - timer_shutdown(evt); + evt_timer_shutdown(evt); return 0; } @@ -138,7 +138,7 @@ static int sp804_set_periodic(struct clock_event_device *evt) unsigned long ctrl = TIMER_CTRL_32BIT | TIMER_CTRL_IE | TIMER_CTRL_PERIODIC | TIMER_CTRL_ENABLE; - timer_shutdown(evt); + evt_timer_shutdown(evt); writel(clkevt_reload, clkevt_base + TIMER_LOAD); writel(ctrl, clkevt_base + TIMER_CTRL); return 0; From patchwork Thu Nov 14 20:31:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011636 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfG68l2z1xyT for ; Fri, 15 Nov 2024 07:32:22 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVi-0002FN-1w; Thu, 14 Nov 2024 20:32:14 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVf-0002Ba-81 for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:11 +0000 Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id D57F63F27D for ; Thu, 14 Nov 2024 20:32:10 +0000 (UTC) Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a99f43c4c7bso70093066b.0 for ; Thu, 14 Nov 2024 12:32:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616330; x=1732221130; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gkYtHdXtlOU2MRyeaAIIiekLdycp7yVlaphQ9nRg3tY=; b=vKISKaoKjTtY5/tEmLfl39EJKNrm3vrsYakr++yQ+2Ts9pzk6Vy57z0orrwm0MJURL +QN0Vo1MhU6190Vaxs1a2LEW3BCc9fOTzCFvPjHdRjsgxBwpJyhcj2HuOJc+82/VQTG7 aq+KAA58bLkAf4bkhx7lRfGTru7RiShPRuq8icQlMH752Ls/FPnvoVZQKSdj+PVnPoIE 0ke5MkD6riGpF2t3tEUxOVyt93XC7anCWUK3mR0ZtLxS8AWf2kFRU/mchvQJxONfljZ/ U6cg8BQq217ZbXwKcR7JY/dV4nSJ+YHQuAfZ08Wf+ZJrtYhf5GtgubpG68MFfgnZcuQ/ OO4w== X-Gm-Message-State: AOJu0Yzo7q7KJbAl6U7fvwErmNZwL5764h6T2eovXM/ws8AgZTN+WWYg eNoGYjcIpcaWmJma3OdYyN8Y7HluHk5TS2izAXnRndBmLOuwjN317MhJjp8C2cO/9NAMuLe8drA 87UFVWa7MiS6vyiaYaGK+xrHikso7T8Y25xxe4OEg3IThBrgJTK3P6wMQYQoa8QYMX00pppOdHo aNEETMjWTt1A== X-Received: by 2002:a17:907:9309:b0:a99:f4fd:31c8 with SMTP id a640c23a62f3a-aa483427617mr5619966b.22.1731616330028; Thu, 14 Nov 2024 12:32:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IGvEhOOFT7likgT+YvM9SmmT1Ewnuyps+UgYelrhKddTWxXfiKAT4eZV8TQeu+Uzyz3Xqi/7g== X-Received: by 2002:a17:907:9309:b0:a99:f4fd:31c8 with SMTP id a640c23a62f3a-aa483427617mr5617166b.22.1731616329510; Thu, 14 Nov 2024 12:32:09 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:09 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 8/9] timers: Provide timer_shutdown[_sync]() Date: Thu, 14 Nov 2024 21:31:10 +0100 Message-ID: <20241114203112.57228-9-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Thomas Gleixner Tearing down timers which have circular dependencies to other functionality, e.g. workqueues, where the timer can schedule work and work can arm timers, is not trivial. In those cases it is desired to shutdown the timer in a way which prevents rearming of the timer. The mechanism to do so is to set timer->function to NULL and use this as an indicator for the timer arming functions to ignore the (re)arm request. Expose new interfaces for this: timer_shutdown_sync() and timer_shutdown(). timer_shutdown_sync() has the same functionality as timer_delete_sync() plus the NULL-ification of the timer function. timer_shutdown() has the same functionality as timer_delete() plus the NULL-ification of the timer function. In both cases the rearming of the timer is prevented by silently discarding rearm attempts due to timer->function being NULL. Co-developed-by: Steven Rostedt Signed-off-by: Steven Rostedt Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Reviewed-by: Jacob Keller Reviewed-by: Anna-Maria Behnsen Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home Link: https://lore.kernel.org/all/20221110064101.429013735@goodmis.org Link: https://lore.kernel.org/r/20221123201625.314230270@linutronix.de (cherry picked from commit f571faf6e443b6011ccb585d57866177af1f643c) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- include/linux/timer.h | 2 ++ kernel/time/timer.c | 66 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/include/linux/timer.h b/include/linux/timer.h index efac7424fe57..d4e698beabd0 100644 --- a/include/linux/timer.h +++ b/include/linux/timer.h @@ -183,6 +183,8 @@ extern void add_timer(struct timer_list *timer); extern int try_to_del_timer_sync(struct timer_list *timer); extern int timer_delete_sync(struct timer_list *timer); extern int timer_delete(struct timer_list *timer); +extern int timer_shutdown_sync(struct timer_list *timer); +extern int timer_shutdown(struct timer_list *timer); /** * del_timer_sync - Delete a pending timer and wait for a running callback diff --git a/kernel/time/timer.c b/kernel/time/timer.c index a47bc6f294b3..464107ed0bec 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -1270,6 +1270,27 @@ int timer_delete(struct timer_list *timer) } EXPORT_SYMBOL(timer_delete); +/** + * timer_shutdown - Deactivate a timer and prevent rearming + * @timer: The timer to be deactivated + * + * The function does not wait for an eventually running timer callback on a + * different CPU but it prevents rearming of the timer. Any attempt to arm + * @timer after this function returns will be silently ignored. + * + * This function is useful for teardown code and should only be used when + * timer_shutdown_sync() cannot be invoked due to locking or context constraints. + * + * Return: + * * %0 - The timer was not pending + * * %1 - The timer was pending + */ +int timer_shutdown(struct timer_list *timer) +{ + return __timer_delete(timer, true); +} +EXPORT_SYMBOL_GPL(timer_shutdown); + /** * __try_to_del_timer_sync - Internal function: Try to deactivate a timer * @timer: Timer to deactivate @@ -1503,6 +1524,9 @@ static int __timer_delete_sync(struct timer_list *timer, bool shutdown) * lock. If there is the possibility of a concurrent rearm then the return * value of the function is meaningless. * + * If such a guarantee is needed, e.g. for teardown situations then use + * timer_shutdown_sync() instead. + * * Return: * * %0 - The timer was not pending * * %1 - The timer was pending and deactivated @@ -1513,6 +1537,48 @@ int timer_delete_sync(struct timer_list *timer) } EXPORT_SYMBOL(timer_delete_sync); +/** + * timer_shutdown_sync - Shutdown a timer and prevent rearming + * @timer: The timer to be shutdown + * + * When the function returns it is guaranteed that: + * - @timer is not queued + * - The callback function of @timer is not running + * - @timer cannot be enqueued again. Any attempt to rearm + * @timer is silently ignored. + * + * See timer_delete_sync() for synchronization rules. + * + * This function is useful for final teardown of an infrastructure where + * the timer is subject to a circular dependency problem. + * + * A common pattern for this is a timer and a workqueue where the timer can + * schedule work and work can arm the timer. On shutdown the workqueue must + * be destroyed and the timer must be prevented from rearming. Unless the + * code has conditionals like 'if (mything->in_shutdown)' to prevent that + * there is no way to get this correct with timer_delete_sync(). + * + * timer_shutdown_sync() is solving the problem. The correct ordering of + * calls in this case is: + * + * timer_shutdown_sync(&mything->timer); + * workqueue_destroy(&mything->workqueue); + * + * After this 'mything' can be safely freed. + * + * This obviously implies that the timer is not required to be functional + * for the rest of the shutdown operation. + * + * Return: + * * %0 - The timer was not pending + * * %1 - The timer was pending + */ +int timer_shutdown_sync(struct timer_list *timer) +{ + return __timer_delete_sync(timer, true); +} +EXPORT_SYMBOL_GPL(timer_shutdown_sync); + static void call_timer_fn(struct timer_list *timer, void (*fn)(struct timer_list *), unsigned long baseclk) From patchwork Thu Nov 14 20:31:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2011639 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XqBfK2Ls7z1xyT for ; Fri, 15 Nov 2024 07:32:25 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1tBgVk-0002JP-7u; Thu, 14 Nov 2024 20:32:16 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1tBgVf-0002C2-QE for kernel-team@lists.ubuntu.com; Thu, 14 Nov 2024 20:32:11 +0000 Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 552E03F27D for ; Thu, 14 Nov 2024 20:32:11 +0000 (UTC) Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a9a22a62e80so82190266b.1 for ; Thu, 14 Nov 2024 12:32:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731616331; x=1732221131; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=edJwYqQLyt1cvfEF6e0X1E5MZQPbGWoViQorp/qyk2M=; b=IlQ/Nvi8zFQo6HAVV5GhDeAvzAIPhWXllZZSUF1FZYV0zmme9dMVrhcVrbIQ8oHrY6 1dS7VsqkJOd7hj91HFh5du2ebJ6/a0fyWH/MOjYRUMEZ7LIUBo6CRkl4+8kbQQjA2Rgy 9qEk0hhFvh+PdrQ5dCdmzaEFiU8uzGxiGtzJdJXxUG3aBnIjJJ9+cijQoJ+Qnb/cFsr1 skvRtZjpxZzGN497ZhHTN8Uct2RsuDnWkIC/4oAXBkn3B9jSq7LBO1aeP0Jn0JHnJr+f BGFbFrjBM8+hjXUMcfbywPs6WQYhCwAW0U/3cY9NPzswTgZcwG3Pj6IaUGoiWboaGojz wPbA== X-Gm-Message-State: AOJu0YxOJUdYTBnYSfsBiIZBhKIzaszgWhlF2/DQ9PBv8IGlOI9Xsa7/ PCD7B6AjjtuiNlATYZ8105rjuM91cdbmCu5lkxvpAi5KMHTvFsWMXaV1n1oXwiE1MnIjIj59PK7 mNC+RSX1FlkmMw+bS0iDdVWKCat/Iu1cKkpW7k4HSHK3DgUF23mlY/a285NWr0lZ/GBd8Kk+YU6 Kc07uRL0NFhA== X-Received: by 2002:a17:907:3e86:b0:a99:fe71:bd76 with SMTP id a640c23a62f3a-aa483488cebmr3872266b.34.1731616330676; Thu, 14 Nov 2024 12:32:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IG8n+O3G4GhFEJeeLmA5cLMv6Pwm/mxdk6/vqwO/H/lmV2QOsPKbpQkXrd8Bn6IOvyRy+lVyQ== X-Received: by 2002:a17:907:3e86:b0:a99:fe71:bd76 with SMTP id a640c23a62f3a-aa483488cebmr3870666b.34.1731616330243; Thu, 14 Nov 2024 12:32:10 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-107.cust.vodafonedsl.it. [93.66.99.107]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20df26fc4sm99785266b.12.2024.11.14.12.32.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Nov 2024 12:32:09 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 9/9] ax25: fix use-after-free bugs caused by ax25_ds_del_timer Date: Thu, 14 Nov 2024 21:31:11 +0100 Message-ID: <20241114203112.57228-10-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> References: <20241114203112.57228-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Duoming Zhou When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou Reviewed-by: Simon Horman Link: https://lore.kernel.org/r/20240329015023.9223-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski (cherry picked from commit fd819ad3ecf6f3c232a06b27423ce9ed8c20da89) CVE-2024-35887 Signed-off-by: Massimiliano Pellizzer --- net/ax25/ax25_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c index 4842f63821c8..fe730fad1c38 100644 --- a/net/ax25/ax25_dev.c +++ b/net/ax25/ax25_dev.c @@ -103,7 +103,7 @@ void ax25_dev_device_down(struct net_device *dev) spin_lock_bh(&ax25_dev_lock); #ifdef CONFIG_AX25_DAMA_SLAVE - ax25_ds_del_timer(ax25_dev); + timer_shutdown_sync(&ax25_dev->dama.slave_timer); #endif /*