diff options
| author | Chris Wilson <chris@chris-wilson.co.uk> | 2019-04-25 10:19:52 +0100 |
|---|---|---|
| committer | Jani Nikula <jani.nikula@intel.com> | 2022-05-02 14:27:21 +0300 |
| commit | d143c0054a021a5b9ee2b91f739a09a6944283b6 (patch) | |
| tree | 9244bb65be63b8b4c249ab90646e784efbf67ee8 /kernel/locking | |
| parent | c140915c00c92e3ca2a4f8e5748f0b9ef3e5a418 (diff) | |
lockdep: Swap storage for pin_count and references
As a lockmap takes a reference for every ww_mutex used together, this
can be an arbitrarily large number and under control of userspace --
easily overflowing the arbitrary limit of 4096. However, the pin_count
(used for detecting unexpected lock dropping) is a full 32b despite
nesting being extremely rare (see lockdep_pin_lock).
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Link: https://patchwork.freedesktop.org/patch/msgid/20190425092004.9995-33-chris@chris-wilson.co.uk
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Diffstat (limited to 'kernel/locking')
| -rw-r--r-- | kernel/locking/lockdep.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index c06cab6546ed..78ef9ef5a640 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -5404,11 +5404,14 @@ static struct pin_cookie __lock_pin_lock(struct lockdep_map *lock) if (match_held_lock(hlock, lock)) { /* - * Grab 16bits of randomness; this is sufficient to not - * be guessable and still allows some pin nesting in - * our u32 pin_count. + * Grab 6bits of randomness; this is barely sufficient + * to not be guessable and still allows some 32 levels + * of pin nesting in our u12 pin_count. */ - cookie.val = 1 + (prandom_u32() >> 16); + cookie.val = 1 + (prandom_u32() >> 26); + if (DEBUG_LOCKS_WARN_ON(hlock->pin_count + cookie.val >= 1 << 12)) + return NIL_COOKIE; + hlock->pin_count += cookie.val; return cookie; } |