Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/kernel
History
Tejun Heo 5bcd2cc282 timers: Use proper base migration in add_timer_on() 
commit 22b886dd1018093920c4250dee2a9a3cb7cff7b8 upstream.

Regardless of the previous CPU a timer was on, add_timer_on()
currently simply sets timer->flags to the new CPU.  As the caller must
be seeing the timer as idle, this is locally fine, but the timer
leaving the old base while unlocked can lead to race conditions as
follows.

Let's say timer was on cpu 0.

  cpu 0					cpu 1
  -----------------------------------------------------------------------------
  del_timer(timer) succeeds
					del_timer(timer)
					  lock_timer_base(timer) locks cpu_0_base
  add_timer_on(timer, 1)
    spin_lock(&cpu_1_base->lock)
    timer->flags set to cpu_1_base
    operates on @timer			  operates on @timer

This triggered with mod_delayed_work_on() which contains
"if (del_timer()) add_timer_on()" sequence eventually leading to the
following oops.

  BUG: unable to handle kernel NULL pointer dereference at           (null)
  IP: [<ffffffff810ca6e9>] detach_if_pending+0x69/0x1a0
  ...
  Workqueue: wqthrash wqthrash_workfunc [wqthrash]
  task: ffff8800172ca680 ti: ffff8800172d0000 task.ti: ffff8800172d0000
  RIP: 0010:[<ffffffff810ca6e9>]  [<ffffffff810ca6e9>] detach_if_pending+0x69/0x1a0
  ...
  Call Trace:
   [<ffffffff810cb0b4>] del_timer+0x44/0x60
   [<ffffffff8106e836>] try_to_grab_pending+0xb6/0x160
   [<ffffffff8106e913>] mod_delayed_work_on+0x33/0x80
   [<ffffffffa0000081>] wqthrash_workfunc+0x61/0x90 [wqthrash]
   [<ffffffff8106dba8>] process_one_work+0x1e8/0x650
   [<ffffffff8106e05e>] worker_thread+0x4e/0x450
   [<ffffffff810746af>] kthread+0xef/0x110
   [<ffffffff8185980f>] ret_from_fork+0x3f/0x70

Fix it by updating add_timer_on() to perform proper migration as
__mod_timer() does.

Mike: apply tglx backport

Reported-and-tested-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Chris Worley <chris.worley@primarydata.com>
Cc: bfields@fieldses.org
Cc: Michael Skralivetsky <michael.skralivetsky@primarydata.com>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Jeff Layton <jlayton@poochiereds.net>
Cc: kernel-team@fb.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20151029103113.2f893924@tlielax.poochiereds.net
Link: http://lkml.kernel.org/r/20151104171533.GI5749@mtj.duckdns.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Mike Galbraith <mgalbraith@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
 		2019-07-27 21:42:23 +02:00
..
cpu idle: add a check for need_resched() after rcu_idle_enter 2016-10-03 20:28:27 -07:00
debug This is the 3.10.73 stable release 2015-04-24 18:14:57 -07:00
events perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race 2017-04-22 23:02:59 +02:00
gcov
irq This is the 3.10.99 stable release 2017-04-18 17:17:46 +02:00
locking Import latest Samsung release 2017-04-18 03:43:52 +02:00
power Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
rcu rcu: Don't disable CPU hotplug during OOM notifiers 2016-01-06 23:11:06 -08:00
sched sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() 2019-07-27 21:42:03 +02:00
time Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
trace fix memory leaks in tracing_buffers_splice_read() 2019-07-27 21:42:14 +02:00
.gitignore
Kconfig.freezer
Kconfig.hz
Kconfig.locks Import latest Samsung release 2017-04-18 03:43:52 +02:00
Kconfig.preempt
Makefile UPSTREAM: KEYS: Separate the kernel signature checking keyring from module signing 2016-05-18 14:36:10 +05:30
acct.c
async.c
audit.c audit: Partially remove Samsung changes 2018-02-06 13:12:28 +01:00
audit.h Import latest Samsung release 2017-04-18 03:43:52 +02:00
audit_tree.c
audit_watch.c
auditfilter.c
auditsc.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
backtracetest.c
bounds.c
capability.c
cgroup.c cgroup: prefer %pK to %p 2016-12-06 09:24:09 -08:00
cgroup_freezer.c
compat.c
configs.c
context_tracking.c
cpu.c cpu: send KOBJ_ONLINE event when enabling cpus 2017-07-24 01:09:04 -07:00
cpu_pm.c
cpuset.c cpuset: Make cpusets restore on hotplug 2017-04-18 04:37:17 +02:00
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c ANDROID: exec_domains: Disable request_module() call for personalities 2016-05-18 14:34:40 +05:30
exit.c kernel: Only expose su when daemon is running 2017-05-15 14:43:52 +00:00
extable.c
fork.c Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE" 2017-08-01 03:10:11 -07:00
freezer.c This is the 3.10.67 stable release 2015-04-24 18:04:40 -07:00
futex.c This is the 3.10.98 stable release 2017-04-18 17:17:24 +02:00
futex_compat.c ptrace: use fsuid, fsgid, effective creds for fs access checks 2016-02-25 11:57:47 -08:00
groups.c
hrtimer.c time: Remove CONFIG_TIMER_STATS 2017-04-22 23:02:59 +02:00
hung_task.c
irq_work.c irq_work: Remove BUG_ON in irq_work_run() 2016-01-07 00:42:12 -08:00
itimer.c
jump_label.c
kallsyms.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
kcmp.c ptrace: use fsuid, fsgid, effective creds for fs access checks 2016-02-25 11:57:47 -08:00
kexec.c
kmod.c
kprobes.c
ksysfs.c
kthread.c kthread: Fix the race condition when kthread is parked 2015-06-04 17:43:41 -07:00
latencytop.c
modsign_pubkey.c
module-internal.h UPSTREAM: KEYS: Separate the kernel signature checking keyring from module signing 2016-05-18 14:36:10 +05:30
module.c module: Invalidate signatures on force-loaded modules 2019-07-27 21:42:00 +02:00
module_signing.c UPSTREAM: KEYS: Separate the kernel signature checking keyring from module signing 2016-05-18 14:36:10 +05:30
notifier.c
nsproxy.c
padata.c
panic.c printk: do cond_resched() between lines while outputting to consoles 2019-07-27 21:41:46 +02:00
params.c
pid.c BACKPORT: FROMLIST: pids: make task_tgid_nr_ns() safe 2018-05-26 00:39:33 +02:00
pid_namespace.c
posix-cpu-timers.c
posix-timers.c
printk.c printk: do cond_resched() between lines while outputting to consoles 2019-07-27 21:41:46 +02:00
profile.c
ptrace.c This is the 3.10.98 stable release 2017-04-18 17:17:24 +02:00
range.c
relay.c
res_counter.c
resource.c This is the 3.10.99 stable release 2017-04-18 17:17:46 +02:00
seccomp.c UPSTREAM: seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO 2016-05-18 14:36:06 +05:30
signal.c signal: remove warning about using SI_TKILL in rt_[tg]sigqueueinfo 2019-07-27 21:41:45 +02:00
smp.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
smpboot.c smpboot: use kmemleak_not_leak for smpboot_thread_data 2015-05-11 17:07:29 +05:30
smpboot.h
softirq.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
stacktrace.c
stop_machine.c
sys.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
sys_ni.c seccomp: add "seccomp" syscall 2015-03-19 14:52:50 -07:00
sysctl.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
sysctl_binary.c
system_certificates.S UPSTREAM: KEYS: Separate the kernel signature checking keyring from module signing 2016-05-18 14:36:10 +05:30
system_keyring.c UPSTREAM: KEYS: Separate the kernel signature checking keyring from module signing 2016-05-18 14:36:10 +05:30
task_work.c
taskstats.c
test_kprobes.c
time.c
timeconst.bc
timer.c timers: Use proper base migration in add_timer_on() 2019-07-27 21:42:23 +02:00
tracepoint.c
tsacct.c
uid16.c
up.c
user-return-notifier.c
user.c
user_namespace.c UPSTREAM: capabilities: ambient capabilities 2018-02-06 13:12:16 +01:00
utsname.c
utsname_sysctl.c
watchdog.c
workqueue.c time: Remove CONFIG_TIMER_STATS 2017-04-22 23:02:59 +02:00
workqueue_internal.h