summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorSebastian Andrzej Siewior <bigeasy@linutronix.de>2020-03-31 22:18:49 +0200
committerThomas Gleixner <tglx@linutronix.de>2020-04-01 13:20:14 +0200
commit73d20564e0dcae003e0d79977f044d5e57496304 (patch)
tree10e1f109985f6da880de947d076646bd33fac2e9 /include
parentMerge branch 'x86-vmware-for-linus' of git://git.kernel.org/pub/scm/linux/ker... (diff)
downloadlinux-73d20564e0dcae003e0d79977f044d5e57496304.tar.xz
linux-73d20564e0dcae003e0d79977f044d5e57496304.zip
hrtimer: Don't dereference the hrtimer pointer after the callback
A hrtimer can be released in its callback, but lockdep_hrtimer_exit() dereferences the pointer after the callback returns, i.e. a potential use after free. Retrieve the context in which the hrtimer expires before the callback is invoked and use it in lockdep_hrtimer_exit(). Fixes: 40db173965c0 ("lockdep: Add hrtimer context tracing bits") Reported-by: syzbot+62c155c276e580cfb606@syzkaller.appspotmail.com Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20200331201849.fkp2siy3vcdqvqlz@linutronix.de
Diffstat (limited to 'include')
-rw-r--r--include/linux/irqflags.h27
1 files changed, 16 insertions, 11 deletions
diff --git a/include/linux/irqflags.h b/include/linux/irqflags.h
index ceca42de4438..61a9ced3aa50 100644
--- a/include/linux/irqflags.h
+++ b/include/linux/irqflags.h
@@ -58,16 +58,21 @@ do { \
} while (0)
# define lockdep_hrtimer_enter(__hrtimer) \
- do { \
- if (!__hrtimer->is_hard) \
- current->irq_config = 1; \
- } while (0)
-
-# define lockdep_hrtimer_exit(__hrtimer) \
- do { \
- if (!__hrtimer->is_hard) \
+({ \
+ bool __expires_hardirq = true; \
+ \
+ if (!__hrtimer->is_hard) { \
+ current->irq_config = 1; \
+ __expires_hardirq = false; \
+ } \
+ __expires_hardirq; \
+})
+
+# define lockdep_hrtimer_exit(__expires_hardirq) \
+ do { \
+ if (!__expires_hardirq) \
current->irq_config = 0; \
- } while (0)
+ } while (0)
# define lockdep_posixtimer_enter() \
do { \
@@ -102,8 +107,8 @@ do { \
# define lockdep_hardirq_exit() do { } while (0)
# define lockdep_softirq_enter() do { } while (0)
# define lockdep_softirq_exit() do { } while (0)
-# define lockdep_hrtimer_enter(__hrtimer) do { } while (0)
-# define lockdep_hrtimer_exit(__hrtimer) do { } while (0)
+# define lockdep_hrtimer_enter(__hrtimer) false
+# define lockdep_hrtimer_exit(__context) do { } while (0)
# define lockdep_posixtimer_enter() do { } while (0)
# define lockdep_posixtimer_exit() do { } while (0)
# define lockdep_irq_work_enter(__work) do { } while (0)