diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch new file mode 100644 index 000000000..d58a046fc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch @@ -0,0 +1,51 @@ +From 2192d905df0d540f6f3240046bcb06c53bcf5016 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Fri, 6 Nov 2020 11:52:05 +0300 +Subject: [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state() + +commit 1e106aa3509b86738769775969822ffc1ec21bf4 upstream. + +The exit_pi_state_list() function calls put_pi_state() with IRQs disabled +and is not expecting that IRQs will be enabled inside the function. + +Use the _irqsave() variant so that IRQs are restored to the original state +instead of being enabled unconditionally. + +Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races") +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20201106085205.GA1159983@mwanda +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + kernel/futex.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 9c4f9b868a49..b6dec5f79370 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -880,8 +880,9 @@ static void put_pi_state(struct futex_pi_state *pi_state) + */ + if (pi_state->owner) { + struct task_struct *owner; ++ unsigned long flags; + +- raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); ++ raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags); + owner = pi_state->owner; + if (owner) { + raw_spin_lock(&owner->pi_lock); +@@ -889,7 +890,7 @@ static void put_pi_state(struct futex_pi_state *pi_state) + raw_spin_unlock(&owner->pi_lock); + } + rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner); +- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); ++ raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags); + } + + if (current->pi_state_cache) { +-- +2.17.1 + |