Commit b952caf2 authored Aug 13, 2020 by Qianli Zhao Committed by Thomas Gleixner Sep 24, 2020

timers: Mask invalid flags in do_init_timer()



do_init_timer() accepts any combination of timer flags handed in by the
caller without a sanity check, but only TIMER_DEFFERABLE, TIMER_PINNED and
TIMER_IRQSAFE are valid.

If the supplied flags have other bits set, this could result in
malfunction. If bits are set in TIMER_CPUMASK the first timer usage could
deference a cpu base which is outside the range of possible CPUs. If
TIMER_MIGRATION is set, then the switch_timer_base() will live lock.

Prevent that with a sanity check which warns when invalid flags are
supplied and masks them out.

[ tglx: Made it WARN_ON_ONCE() and added context to the changelog ]

Signed-off-by: Qianli Zhao <zhaoqianli@xiaomi.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/9d79a8aa4eb56713af7379f99f062dedabcde140.1597326756.git.zhaoqianli@xiaomi.com

parent ec02821c

include/linux/timer.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -67,6 +67,7 @@ struct timer_list {
		#define TIMER_DEFERRABLE 0x00080000
		#define TIMER_PINNED 0x00100000
		#define TIMER_IRQSAFE 0x00200000
		#define TIMER_INIT_FLAGS (TIMER_DEFERRABLE \| TIMER_PINNED \| TIMER_IRQSAFE)
		#define TIMER_ARRAYSHIFT 22
		#define TIMER_ARRAYMASK 0xFFC00000

kernel/time/timer.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -794,6 +794,8 @@ static void do_init_timer(struct timer_list *timer,
		{
		timer->entry.pprev = NULL;
		timer->function = func;
		if (WARN_ON_ONCE(flags & ~TIMER_INIT_FLAGS))
		flags &= TIMER_INIT_FLAGS;
		timer->flags = flags \| raw_smp_processor_id();
		lockdep_init_map(&timer->lockdep_map, name, key, 0);
		}

Admin message