[SRU][Jammy][OEM-6.1][PATCH 1/2] timers: Replace BUG_ON()s

Andrei Gherzan andrei.gherzan at canonical.com
Wed Mar 20 09:36:10 UTC 2024 

On 24/03/19 05:25PM, Yuxuan Luo wrote:
> From: Thomas Gleixner <tglx at linutronix.de>
> 
> The timer code still has a few BUG_ON()s left which are crashing the kernel
> in situations where it still can recover or simply refuse to take an
> action.
> 
> Remove the one in the hotplug callback which checks for the CPU being
> offline. If that happens then the whole hotplug machinery will explode in
> colourful ways.
> 
> Replace the rest with WARN_ON_ONCE() and conditional returns where
> appropriate.
> 
> Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
> Tested-by: Guenter Roeck <linux at roeck-us.net>
> Reviewed-by: Jacob Keller <jacob.e.keller at intel.com>
> Reviewed-by: Anna-Maria Behnsen <anna-maria at linutronix.de>
> Link: https://lore.kernel.org/r/20221123201624.769128888@linutronix.de
> 

NIT: There is an extra newline here.

> (cherry picked from commit 82ed6f7ef58f9634fe4462dd721902c580f01569)
> CVE-2023-6039
> Signed-off-by: Yuxuan Luo <yuxuan.luo at canonical.com>
> ---
>  kernel/time/timer.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/kernel/time/timer.c b/kernel/time/timer.c
> index ef25b242dfa2f..14913aea1fd49 100644
> --- a/kernel/time/timer.c
> +++ b/kernel/time/timer.c
> @@ -1155,7 +1155,8 @@ EXPORT_SYMBOL(timer_reduce);
>   */
>  void add_timer(struct timer_list *timer)
>  {
> -	BUG_ON(timer_pending(timer));
> +	if (WARN_ON_ONCE(timer_pending(timer)))
> +		return;
>  	__mod_timer(timer, timer->expires, MOD_TIMER_NOTPENDING);
>  }
>  EXPORT_SYMBOL(add_timer);
> @@ -1174,7 +1175,8 @@ void add_timer_on(struct timer_list *timer, int cpu)
>  	struct timer_base *new_base, *base;
>  	unsigned long flags;
>  
> -	BUG_ON(timer_pending(timer) || !timer->function);
> +	if (WARN_ON_ONCE(timer_pending(timer) || !timer->function))
> +		return;
>  
>  	new_base = get_timer_cpu_base(timer->flags, cpu);
>  
> @@ -2148,8 +2150,6 @@ int timers_dead_cpu(unsigned int cpu)
>  	struct timer_base *new_base;
>  	int b, i;
>  
> -	BUG_ON(cpu_online(cpu));
> -
>  	for (b = 0; b < NR_BASES; b++) {
>  		old_base = per_cpu_ptr(&timer_bases[b], cpu);
>  		new_base = get_cpu_ptr(&timer_bases[b]);
> @@ -2166,7 +2166,8 @@ int timers_dead_cpu(unsigned int cpu)
>  		 */
>  		forward_timer_base(new_base);
>  
> -		BUG_ON(old_base->running_timer);
> +		WARN_ON_ONCE(old_base->running_timer);
> +		old_base->running_timer = NULL;
>  
>  		for (i = 0; i < WHEEL_SIZE; i++)

-- 
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240320/3f9b6a6e/attachment.sig>

More information about the kernel-team mailing list