mirror of
https://github.com/armbian/linux-cix.git
synced 2026-01-06 12:30:45 -08:00
12c81b0e3d
Mainline: bca4104b00fec60be330cd32818dd5c70db3d469 From: v6.7-rc3 Severity: Moderate task: 188294 [ Upstream commit bca4104b00fec60be330cd32818dd5c70db3d469 ] Kent reported an occasional KASAN splat in lockdep. Mark then noted: > I suspect the dodgy access is to chain_block_buckets[-1], which hits the last 4 > bytes of the redzone and gets (incorrectly/misleadingly) attributed to > nr_large_chain_blocks. That would mean @size == 0, at which point size_to_bucket() returns -1 and the above happens. alloc_chain_hlocks() has 'size - req', for the first with the precondition 'size >= rq', which allows the 0. This code is trying to split a block, del_chain_block() takes what we need, and add_chain_block() puts back the remainder, except in the above case the remainder is 0 sized and things go sideways. Fixes:810507fe6f("locking/lockdep: Reuse freed chain_hlocks entries") Reported-by: Kent Overstreet <kent.overstreet@linux.dev> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Kent Overstreet <kent.overstreet@linux.dev> Link: https://lkml.kernel.org/r/20231121114126.GH8262@noisy.programming.kicks-ass.net Signed-off-by: Sasha Levin <sashal@kernel.org> (backported from commit328854deec) K2CI-Arch: None Signed-off-by: k2ci <kernel-bot@kylinos.cn> Change-Id: I0ccb2fb06df7fe5c4d7d4c2a8a3ac0ea97ec0615 Reviewed-on: http://gerrit.kylin.com/c/klinux/+/87380 Reviewed-by: Jackie Liu <liuyun01@kylinos.cn>