diff options
author | Qianli Zhao <zhaoqianli@xiaomi.com> | 2020-08-13 23:03:14 +0800 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2020-09-24 22:12:18 +0200 |
commit | b952caf2d5ca898cc10d63be7722ae7a5daca696 (patch) | |
tree | a05437d2478cc8c8752ca41c560f01d45666b8fb | |
parent | ec02821c1d35f93b821bc9fdfa83a5f3e9d7275d (diff) | |
download | lwn-b952caf2d5ca898cc10d63be7722ae7a5daca696.tar.gz lwn-b952caf2d5ca898cc10d63be7722ae7a5daca696.zip |
timers: Mask invalid flags in do_init_timer()
do_init_timer() accepts any combination of timer flags handed in by the
caller without a sanity check, but only TIMER_DEFFERABLE, TIMER_PINNED and
TIMER_IRQSAFE are valid.
If the supplied flags have other bits set, this could result in
malfunction. If bits are set in TIMER_CPUMASK the first timer usage could
deference a cpu base which is outside the range of possible CPUs. If
TIMER_MIGRATION is set, then the switch_timer_base() will live lock.
Prevent that with a sanity check which warns when invalid flags are
supplied and masks them out.
[ tglx: Made it WARN_ON_ONCE() and added context to the changelog ]
Signed-off-by: Qianli Zhao <zhaoqianli@xiaomi.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/9d79a8aa4eb56713af7379f99f062dedabcde140.1597326756.git.zhaoqianli@xiaomi.com
-rw-r--r-- | include/linux/timer.h | 1 | ||||
-rw-r--r-- | kernel/time/timer.c | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/timer.h b/include/linux/timer.h index 07910ae5ddd9..d10bc7e73b41 100644 --- a/include/linux/timer.h +++ b/include/linux/timer.h @@ -67,6 +67,7 @@ struct timer_list { #define TIMER_DEFERRABLE 0x00080000 #define TIMER_PINNED 0x00100000 #define TIMER_IRQSAFE 0x00200000 +#define TIMER_INIT_FLAGS (TIMER_DEFERRABLE | TIMER_PINNED | TIMER_IRQSAFE) #define TIMER_ARRAYSHIFT 22 #define TIMER_ARRAYMASK 0xFFC00000 diff --git a/kernel/time/timer.c b/kernel/time/timer.c index a16764b0116e..25e048d0e660 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -794,6 +794,8 @@ static void do_init_timer(struct timer_list *timer, { timer->entry.pprev = NULL; timer->function = func; + if (WARN_ON_ONCE(flags & ~TIMER_INIT_FLAGS)) + flags &= TIMER_INIT_FLAGS; timer->flags = flags | raw_smp_processor_id(); lockdep_init_map(&timer->lockdep_map, name, key, 0); } |