From: George Stark gnstark@salutedevices.com
mainline inclusion from mainline-v6.10-rc1 commit 4cd47222e435dec8e3787614924174f53fcfb5ae category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGS4V CVE: CVE-2024-42129
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Using of devm API leads to a certain order of releasing resources. So all dependent resources which are not devm-wrapped should be deleted with respect to devm-release order. Mutex is one of such objects that often is bound to other resources and has no own devm wrapping. Since mutex_destroy() actually does nothing in non-debug builds frequently calling mutex_destroy() is just ignored which is safe for now but wrong formally and can lead to a problem if mutex_destroy() will be extended so introduce devm_mutex_init().
Suggested-by: Christophe Leroy christophe.leroy@csgroup.eu Signed-off-by: George Stark gnstark@salutedevices.com Reviewed-by: Christophe Leroy christophe.leroy@csgroup.eu Reviewed-by: Andy Shevchenko andy.shevchenko@gmail.com Reviewed-by: Marek BehĂșn kabel@kernel.org Acked-by: Waiman Long longman@redhat.com Link: https://lore.kernel.org/r/20240411161032.609544-2-gnstark@salutedevices.com Signed-off-by: Lee Jones lee@kernel.org
Conflicts: include/linux/mutex.h [The commit bb630f9f7a7d ("locking/rtmutex: Add mutex variant for RT") has nothing to do with this patch, so skip backporting] Signed-off-by: Tengda Wu wutengda2@huawei.com --- include/linux/mutex.h | 27 +++++++++++++++++++++++++++ kernel/locking/mutex-debug.c | 12 ++++++++++++ 2 files changed, 39 insertions(+)
diff --git a/include/linux/mutex.h b/include/linux/mutex.h index 4d671fba3cab..a8f1516ee51c 100644 --- a/include/linux/mutex.h +++ b/include/linux/mutex.h @@ -20,6 +20,8 @@ #include <linux/osq_lock.h> #include <linux/debug_locks.h>
+struct device; + struct ww_acquire_ctx;
/* @@ -150,6 +152,31 @@ extern void __mutex_init(struct mutex *lock, const char *name, */ extern bool mutex_is_locked(struct mutex *lock);
+#ifdef CONFIG_DEBUG_MUTEXES + +int __devm_mutex_init(struct device *dev, struct mutex *lock); + +#else + +static inline int __devm_mutex_init(struct device *dev, struct mutex *lock) +{ + /* + * When CONFIG_DEBUG_MUTEXES is off mutex_destroy() is just a nop so + * no really need to register it in the devm subsystem. + */ + return 0; +} + +#endif + +#define devm_mutex_init(dev, mutex) \ +({ \ + typeof(mutex) mutex_ = (mutex); \ + \ + mutex_init(mutex_); \ + __devm_mutex_init(dev, mutex_); \ +}) + /* * See kernel/locking/mutex.c for detailed documentation of these APIs. * Also see Documentation/locking/mutex-design.rst. diff --git a/kernel/locking/mutex-debug.c b/kernel/locking/mutex-debug.c index db9301591e3f..6e83bdd3998d 100644 --- a/kernel/locking/mutex-debug.c +++ b/kernel/locking/mutex-debug.c @@ -14,6 +14,7 @@ */ #include <linux/mutex.h> #include <linux/delay.h> +#include <linux/device.h> #include <linux/export.h> #include <linux/poison.h> #include <linux/sched.h> @@ -90,6 +91,17 @@ void debug_mutex_init(struct mutex *lock, const char *name, lock->magic = lock; }
+static void devm_mutex_release(void *res) +{ + mutex_destroy(res); +} + +int __devm_mutex_init(struct device *dev, struct mutex *lock) +{ + return devm_add_action_or_reset(dev, devm_mutex_release, lock); +} +EXPORT_SYMBOL_GPL(__devm_mutex_init); + /*** * mutex_destroy - mark a mutex unusable * @lock: the mutex to be destroyed