• Daniel Jordan's avatar
    padata: add separate cpuhp node for CPUHP_PADATA_DEAD · 3c2214b6
    Daniel Jordan authored
    Removing the pcrypt module triggers this:
    
      general protection fault, probably for non-canonical
        address 0xdead000000000122
      CPU: 5 PID: 264 Comm: modprobe Not tainted 5.6.0+ #2
      Hardware name: QEMU Standard PC
      RIP: 0010:__cpuhp_state_remove_instance+0xcc/0x120
      Call Trace:
       padata_sysfs_release+0x74/0xce
       kobject_put+0x81/0xd0
       padata_free+0x12/0x20
       pcrypt_exit+0x43/0x8ee [pcrypt]
    
    padata instances wrongly use the same hlist node for the online and dead
    states, so __padata_free()'s second cpuhp remove call chokes on the node
    that the first poisoned.
    
    cpuhp multi-instance callbacks only walk forward in cpuhp_step->list and
    the same node is linked in both the online and dead lists, so the list
    corruption that results from padata_alloc() adding the node to a second
    list without removing it from the first doesn't cause problems as long
    as no instances are freed.
    
    Avoid the issue by giving each state its own node.
    
    Fixes: 894c9ef9 ("padata: validate cpumask without removed CPU during offline")
    Signed-off-by: default avatarDaniel Jordan <daniel.m.jordan@oracle.com>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Cc: Steffen Klassert <steffen.klassert@secunet.com>
    Cc: linux-crypto@vger.kernel.org
    Cc: linux-kernel@vger.kernel.org
    Cc: stable@vger.kernel.org # v5.4+
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    3c2214b6
padata.h 5.55 KB