Commit c50ba0cf authored by Roland Xu's avatar Roland Xu Committed by Xiongfeng Wang
Browse files

rtmutex: Drop rt_mutex::wait_lock before scheduling 

stable inclusion
from stable-v6.6.51
commit 85f03ca98e07cd0786738b56ae73740bce0ac27f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAU9M4
CVE: CVE-2024-46829

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=85f03ca98e07cd0786738b56ae73740bce0ac27f



--------------------------------

commit d33d26036a0274b472299d7dcdaa5fb34329f91b upstream.

rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the
good case it returns with the lock held and in the deadlock case it emits a
warning and goes into an endless scheduling loop with the lock held, which
triggers the 'scheduling in atomic' warning.

Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning
and dropping into the schedule for ever loop.

[ tglx: Moved unlock before the WARN(), removed the pointless comment,
  	massaged changelog, added Fixes tag ]

Fixes: 3d5c9340 ("rtmutex: Handle deadlock detection smarter")
Signed-off-by: default avatarRoland Xu <mu001999@outlook.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/ME0P300MB063599BEF0743B8FA339C2CECC802@ME0P300MB0635.AUSP300.PROD.OUTLOOK.COM


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarXiongfeng Wang <wangxiongfeng2@huawei.com>
parent 1f027a60

kernel/locking/rtmutex.c

+5 −4
Original line number Diff line number Diff line
@@ -1624,6 +1624,7 @@ static int __sched rt_mutex_slowlock_block(struct rt_mutex_base *lock, 
}



static void __sched rt_mutex_handle_deadlock(int res, int detect_deadlock,

					     struct rt_mutex_base *lock,

					     struct rt_mutex_waiter *w)

{

	/*
@@ -1636,10 +1637,10 @@ static void __sched rt_mutex_handle_deadlock(int res, int detect_deadlock, 
	if (build_ww_mutex() && w->ww_ctx)

		return;



	/*

	 * Yell loudly and stop the task right here.

	 */

	raw_spin_unlock_irq(&lock->wait_lock);



	WARN(1, "rtmutex deadlock detected\n");



	while (1) {

		set_current_state(TASK_INTERRUPTIBLE);

		schedule();
@@ -1693,7 +1694,7 @@ static int __sched __rt_mutex_slowlock(struct rt_mutex_base *lock, 
	} else {

		__set_current_state(TASK_RUNNING);

		remove_waiter(lock, waiter);

		rt_mutex_handle_deadlock(ret, chwalk, waiter);

		rt_mutex_handle_deadlock(ret, chwalk, lock, waiter);

	}



	/*