linux/kernel/locking
Peter Zijlstra 6ddaca6b20 lockdep: Fix block chain corruption
[ Upstream commit bca4104b00 ]

Kent reported an occasional KASAN splat in lockdep. Mark then noted:

> I suspect the dodgy access is to chain_block_buckets[-1], which hits the last 4
> bytes of the redzone and gets (incorrectly/misleadingly) attributed to
> nr_large_chain_blocks.

That would mean @size == 0, at which point size_to_bucket() returns -1
and the above happens.

alloc_chain_hlocks() has 'size - req', for the first with the
precondition 'size >= rq', which allows the 0.

This code is trying to split a block, del_chain_block() takes what we
need, and add_chain_block() puts back the remainder, except in the
above case the remainder is 0 sized and things go sideways.

Fixes: 810507fe6f ("locking/lockdep: Reuse freed chain_hlocks entries")
Reported-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Kent Overstreet <kent.overstreet@linux.dev>
Link: https://lkml.kernel.org/r/20231121114126.GH8262@noisy.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-12-03 07:31:23 +01:00
..
irqflag-debug.c lockdep: Noinstr annotate warn_bogus_irq_restore() 2021-02-10 14:44:39 +01:00
lock_events_list.h locking/rwsem: Remove reader optimistic spinning 2020-12-09 17:08:48 +01:00
lock_events.c
lock_events.h locking/lock_events: Use raw_cpu_{add,inc}() for stats 2019-06-03 12:32:56 +02:00
lockdep_internals.h locking/lockdep: Iterate lock_classes directly when reading lockdep files 2022-04-08 14:23:57 +02:00
lockdep_proc.c locking/lockdep: Iterate lock_classes directly when reading lockdep files 2022-04-08 14:23:57 +02:00
lockdep_states.h
lockdep.c lockdep: Fix block chain corruption 2023-12-03 07:31:23 +01:00
locktorture.c locktorture: Count lock readers 2021-07-27 11:39:30 -07:00
Makefile locking/ww_mutex: Implement rtmutex based ww_mutex API functions 2021-08-17 19:05:26 +02:00
mcs_spinlock.h locking: Fix typos in comments 2021-03-22 02:45:52 +01:00
mutex-debug.c locking/ww_mutex: Gather mutex_waiter initialization 2021-08-17 19:04:41 +02:00
mutex.c locking/ww_mutex: Initialize waiter.ww_ctx properly 2021-08-20 12:15:54 +02:00
mutex.h locking/mutex: Move the 'struct mutex_waiter' definition from <linux/mutex.h> to the internal header 2021-08-17 18:24:31 +02:00
osq_lock.c locking: Fix typos in comments 2021-03-22 02:45:52 +01:00
percpu-rwsem.c locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count 2020-09-16 16:26:56 +02:00
qrwlock.c locking/qrwlock: Cleanup queued_write_lock_slowpath() 2021-05-06 15:33:49 +02:00
qspinlock_paravirt.h Revert "locking/pvqspinlock: Don't wait if vCPU is preempted" 2019-09-25 10:22:37 +02:00
qspinlock_stat.h
qspinlock.c x86/kvm: Add "nopvspin" parameter to disable PV spinlocks 2020-07-08 16:21:57 -04:00
rtmutex_api.c locking/rtmutex: Fix task->pi_waiters integrity 2023-08-03 10:22:45 +02:00
rtmutex_common.h locking/rtmutex: Fix task->pi_waiters integrity 2023-08-03 10:22:45 +02:00
rtmutex.c locking/rtmutex: Fix task->pi_waiters integrity 2023-08-03 10:22:45 +02:00
rwbase_rt.c locking/rwbase: Take care of ordering guarantee for fastpath reader 2021-09-15 17:49:16 +02:00
rwsem.c locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers 2023-05-17 11:50:29 +02:00
semaphore.c locking/semaphore: Add might_sleep() to down_*() family 2021-08-20 12:33:17 +02:00
spinlock_debug.c locking/rwlock: Provide RT variant 2021-08-17 17:50:51 +02:00
spinlock_rt.c locking/spinlock/rt: Prepare for RT local_lock 2021-08-17 19:06:13 +02:00
spinlock.c locking/rwlock: Provide RT variant 2021-08-17 17:50:51 +02:00
test-ww_mutex.c locking/ww_mutex/test: Fix potential workqueue corruption 2023-11-28 16:56:15 +00:00
ww_mutex.h locking/rtmutex: Fix task->pi_waiters integrity 2023-08-03 10:22:45 +02:00
ww_rt_mutex.c locking/ww_mutex: Implement rtmutex based ww_mutex API functions 2021-08-17 19:05:26 +02:00