tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Revert "cpumask: fix checking valid cpu range".

This reverts commit 78e5a3399421 ("cpumask: fix checking valid cpu range").

syzbot is hitting WARN_ON_ONCE(cpu >= nr_cpumask_bits) warning at
cpu_max_bits_warn() [1], for commit 78e5a3399421 ("cpumask: fix checking
valid cpu range") is broken. Obviously that patch hits WARN_ON_ONCE()
when e.g. reading /proc/cpuinfo because passing "cpu + 1" instead of
"cpu" will trivially hit cpu == nr_cpumask_bits condition.

Although syzbot found this problem in linux-next.git on 2022/09/27 [2],
this problem was not fixed immediately. As a result, that patch was
sent to linux.git before the patch author recognizes this problem, and
syzbot started failing to test changes in linux.git since 2022/10/10
[3].

Andrew Jones proposed a fix for x86 and riscv architectures [4]. But
[2] and [5] indicate that affected locations are not limited to arch
code. More delay before we find and fix affected locations, less tested
kernel (and more difficult to bisect and fix) before release.

We should have inspected and fixed basically all cpumask users before
applying that patch. We should not crash kernels in order to ask
existing cpumask users to update their code, even if limited to
CONFIG_DEBUG_PER_CPU_MAPS=y case.

Link: https://syzkaller.appspot.com/bug?extid=d0fd2bf0dd6da72496dd [1]
Link: https://syzkaller.appspot.com/bug?extid=21da700f3c9f0bc40150 [2]
Link: https://syzkaller.appspot.com/bug?extid=51a652e2d24d53e75734 [3]
Link: https://lkml.kernel.org/r/20221014155845.1986223-1-ajones@ventanamicro.com [4]
Link: https://syzkaller.appspot.com/bug?extid=4d46c43d81c3bd155060 [5]
Reported-by: Andrew Jones <ajones@ventanamicro.com>
Reported-by: syzbot+d0fd2bf0dd6da72496dd@syzkaller.appspotmail.com
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Yury Norov <yury.norov@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Tetsuo Handa and committed by
Linus Torvalds 80493877 1501278b

+11 -8
+11 -8
include/linux/cpumask.h
··· 174 174 static inline 175 175 unsigned int cpumask_next(int n, const struct cpumask *srcp) 176 176 { 177 - /* n is a prior cpu */ 178 - cpumask_check(n + 1); 177 + /* -1 is a legal arg here. */ 178 + if (n != -1) 179 + cpumask_check(n); 179 180 return find_next_bit(cpumask_bits(srcp), nr_cpumask_bits, n + 1); 180 181 } 181 182 ··· 189 188 */ 190 189 static inline unsigned int cpumask_next_zero(int n, const struct cpumask *srcp) 191 190 { 192 - /* n is a prior cpu */ 193 - cpumask_check(n + 1); 191 + /* -1 is a legal arg here. */ 192 + if (n != -1) 193 + cpumask_check(n); 194 194 return find_next_zero_bit(cpumask_bits(srcp), nr_cpumask_bits, n+1); 195 195 } 196 196 ··· 231 229 unsigned int cpumask_next_and(int n, const struct cpumask *src1p, 232 230 const struct cpumask *src2p) 233 231 { 234 - /* n is a prior cpu */ 235 - cpumask_check(n + 1); 232 + /* -1 is a legal arg here. */ 233 + if (n != -1) 234 + cpumask_check(n); 236 235 return find_next_and_bit(cpumask_bits(src1p), cpumask_bits(src2p), 237 236 nr_cpumask_bits, n + 1); 238 237 } ··· 263 260 unsigned int cpumask_next_wrap(int n, const struct cpumask *mask, int start, bool wrap) 264 261 { 265 262 cpumask_check(start); 266 - /* n is a prior cpu */ 267 - cpumask_check(n + 1); 263 + if (n != -1) 264 + cpumask_check(n); 268 265 269 266 /* 270 267 * Return the first available CPU when wrapping, or when starting before cpu0,