Skip to content

Commit 7535b83

Browse files
keeskees
committed
exit: Use READ_ONCE() for all oops/warn limit reads
Use a temporary variable to take full advantage of READ_ONCE() behavior. Without this, the report (and even the test) might be out of sync with the initial test. Reported-by: Peter Zijlstra <[email protected]> Link: https://lore.kernel.org/lkml/[email protected] Fixes: 9fc9e27 ("panic: Introduce warn_limit") Fixes: d4ccd54 ("exit: Put an upper limit on how often we can oops") Cc: "Eric W. Biederman" <[email protected]> Cc: Jann Horn <[email protected]> Cc: Arnd Bergmann <[email protected]> Cc: Petr Mladek <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Luis Chamberlain <[email protected]> Cc: Marco Elver <[email protected]> Cc: tangmeng <[email protected]> Cc: Sebastian Andrzej Siewior <[email protected]> Cc: Tiezhu Yang <[email protected]> Signed-off-by: Kees Cook <[email protected]>
1 parent d6a9fb8 commit 7535b83

File tree

2 files changed

+9
-4
lines changed

2 files changed

+9
-4
lines changed

kernel/exit.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -931,6 +931,7 @@ void __noreturn make_task_dead(int signr)
931931
* Then do everything else.
932932
*/
933933
struct task_struct *tsk = current;
934+
unsigned int limit;
934935

935936
if (unlikely(in_interrupt()))
936937
panic("Aiee, killing interrupt handler!");
@@ -954,8 +955,9 @@ void __noreturn make_task_dead(int signr)
954955
* To make sure this can't happen, place an upper bound on how often the
955956
* kernel may oops without panic().
956957
*/
957-
if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
958-
panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
958+
limit = READ_ONCE(oops_limit);
959+
if (atomic_inc_return(&oops_count) >= limit && limit)
960+
panic("Oopsed too often (kernel.oops_limit is %d)", limit);
959961

960962
/*
961963
* We're taking recursive faults here in make_task_dead. Safest is to just

kernel/panic.c

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -231,12 +231,15 @@ static void panic_print_sys_info(bool console_flush)
231231

232232
void check_panic_on_warn(const char *origin)
233233
{
234+
unsigned int limit;
235+
234236
if (panic_on_warn)
235237
panic("%s: panic_on_warn set ...\n", origin);
236238

237-
if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit)
239+
limit = READ_ONCE(warn_limit);
240+
if (atomic_inc_return(&warn_count) >= limit && limit)
238241
panic("%s: system warned too often (kernel.warn_limit is %d)",
239-
origin, warn_limit);
242+
origin, limit);
240243
}
241244

242245
/**

0 commit comments

Comments
 (0)