From: "Paul E. McKenney" paulmck@kernel.org
mainline inclusion from mainline-v5.11-rc1 commit 50edb988534c621a56ca103c0c16ac59e7399f01 category: bugfix bugzilla: NA CVE: NA
-------------------------------------------------------------------------
It turns out that init_srcu_struct() can be invoked from usermode tasks, and that fatal signals received by these tasks can cause memory-allocation failures. These failures are not handled well by init_srcu_struct(), so much so that NULL pointer dereferences can result. This commit therefore causes init_srcu_struct() to take an early exit upon detection of memory-allocation failure.
Link: https://lore.kernel.org/lkml/20200908144306.33355-1-aik@ozlabs.ru/ Reported-by: Alexey Kardashevskiy aik@ozlabs.ru Tested-by: Alexey Kardashevskiy aik@ozlabs.ru Signed-off-by: Paul E. McKenney paulmck@kernel.org Signed-off-by: Zhen Lei thunder.leizhen@huawei.com Reviewed-by: Jian Cheng cj.chengjian@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- kernel/rcu/srcutree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c index 7bd02047b63ef..a276bbe90ee34 100644 --- a/kernel/rcu/srcutree.c +++ b/kernel/rcu/srcutree.c @@ -184,11 +184,13 @@ static int init_srcu_struct_fields(struct srcu_struct *sp, bool is_static) INIT_DELAYED_WORK(&sp->work, process_srcu); if (!is_static) sp->sda = alloc_percpu(struct srcu_data); + if (!sp->sda) + return -ENOMEM; init_srcu_struct_nodes(sp, is_static); sp->srcu_gp_seq_needed_exp = 0; sp->srcu_last_gp_end = ktime_get_mono_fast_ns(); smp_store_release(&sp->srcu_gp_seq_needed, 0); /* Init done. */ - return sp->sda ? 0 : -ENOMEM; + return 0; }
#ifdef CONFIG_DEBUG_LOCK_ALLOC