Message ID | a16995232eda4d39812f4bd94d9fb846@rohde-schwarz.com |
---|---|
State | Superseded |
Headers | show |
Series | padata: use integer wrap around to prevent deadlock on seq_nr overflow | expand |
Hello Van Giang, On Fri, Aug 09, 2024 at 06:21:42AM GMT, VanGiang Nguyen wrote: > When submitting more than 2^32 padata objects to padata_do_serial, the > current sorting implementation incorrectly sorts padata objects with > overflowed seq_nr, causing them to be placed before existing objects in > the reorder list. This leads to a deadlock in the serialization process > as padata_find_next cannot match padata->seq_nr and pd->processed > because the padata instance with overflowed seq_nr will be selected > next. > > To fix this, we use an unsigned integer wrap around to correctly sort > padata objects in scenarios with integer overflow. > Could use a Fixes tag like this one: Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs") Otherwise looks good, thanks. Acked-by: Daniel Jordan <daniel.m.jordan@oracle.com> > Co-developed-by: Christian Gafert <christian.gafert@rohde-schwarz.com> > Signed-off-by: Christian Gafert <christian.gafert@rohde-schwarz.com> > Co-developed-by: Max Ferger <max.ferger@rohde-schwarz.com> > Signed-off-by: Max Ferger <max.ferger@rohde-schwarz.com> > Signed-off-by: Van Giang Nguyen <vangiang.nguyen@rohde-schwarz.com> > --- > kernel/padata.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/kernel/padata.c b/kernel/padata.c > index 53f4bc912712..222bccd0c96b 100644 > --- a/kernel/padata.c > +++ b/kernel/padata.c > @@ -404,7 +404,8 @@ void padata_do_serial(struct padata_priv *padata) > /* Sort in ascending order of sequence number. */ > list_for_each_prev(pos, &reorder->list) { > cur = list_entry(pos, struct padata_priv, list); > - if (cur->seq_nr < padata->seq_nr) > + /* Compare by difference to consider integer wrap around */ > + if ((signed int)(cur->seq_nr - padata->seq_nr) < 0) > break; > } > list_add(&padata->list, pos); > -- > 2.34.1 >
VanGiang Nguyen <vangiang.nguyen@rohde-schwarz.com> wrote: > When submitting more than 2^32 padata objects to padata_do_serial, the > current sorting implementation incorrectly sorts padata objects with > overflowed seq_nr, causing them to be placed before existing objects in > the reorder list. This leads to a deadlock in the serialization process > as padata_find_next cannot match padata->seq_nr and pd->processed > because the padata instance with overflowed seq_nr will be selected > next. > > To fix this, we use an unsigned integer wrap around to correctly sort > padata objects in scenarios with integer overflow. > > Co-developed-by: Christian Gafert <christian.gafert@rohde-schwarz.com> > Signed-off-by: Christian Gafert <christian.gafert@rohde-schwarz.com> > Co-developed-by: Max Ferger <max.ferger@rohde-schwarz.com> > Signed-off-by: Max Ferger <max.ferger@rohde-schwarz.com> > Signed-off-by: Van Giang Nguyen <vangiang.nguyen@rohde-schwarz.com> > --- > kernel/padata.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Patch applied. Thanks.
diff --git a/kernel/padata.c b/kernel/padata.c index 53f4bc912712..222bccd0c96b 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -404,7 +404,8 @@ void padata_do_serial(struct padata_priv *padata) /* Sort in ascending order of sequence number. */ list_for_each_prev(pos, &reorder->list) { cur = list_entry(pos, struct padata_priv, list); - if (cur->seq_nr < padata->seq_nr) + /* Compare by difference to consider integer wrap around */ + if ((signed int)(cur->seq_nr - padata->seq_nr) < 0) break; } list_add(&padata->list, pos);