tplink_xx230v/kernel
2
0
Fork 0
Code Issues 3 Pull Requests 1 Projects 1 Activity
Files
airoha_en7523_eth
kernel/include/linux/once.h
Qi Xi c8f9b7cd3b once: fix race by moving DO_ONCE to separate section 
[ Upstream commit edcc8a38b5ac1a3dbd05e113a38a25b937ebefe5 ]

The commit c2c60ea37e ("once: use __section(".data.once")") moved
DO_ONCE's ___done variable to .data.once section, which conflicts with
DO_ONCE_LITE() that also uses the same section.

This creates a race condition when clear_warn_once is used:

Thread 1 (DO_ONCE)             Thread 2 (DO_ONCE)
__do_once_start
    read ___done (false)
    acquire once_lock
execute func
__do_once_done
    write ___done (true)      __do_once_start
    release once_lock             // Thread 3 clear_warn_once reset ___done
                                  read ___done (false)
                                  acquire once_lock
                              execute func
schedule once_work            __do_once_done
once_deferred: OK             write ___done (true)
static_branch_disable         release once_lock
                              schedule once_work
                              once_deferred:
                                  BUG_ON(!static_key_enabled)

DO_ONCE_LITE() in once_lite.h is used by WARN_ON_ONCE() and other warning
macros. Keep its ___done flag in the .data..once section and allow resetting
by clear_warn_once, as originally intended.

In contrast, DO_ONCE() is used for functions like get_random_once() and
relies on its ___done flag for internal synchronization. We should not reset
DO_ONCE() by clear_warn_once.

Fix it by isolating DO_ONCE's ___done into a separate .data..do_once section,
shielding it from clear_warn_once.

Fixes: c2c60ea37e ("once: use __section(".data.once")")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qi Xi <xiqi2@huawei.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-10-15 12:00:03 +02:00

87 lines
2.7 KiB
C
Raw Permalink Blame History

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _LINUX_ONCE_H
#define _LINUX_ONCE_H
#include <linux/types.h>
#include <linux/jump_label.h>
/* Helpers used from arbitrary contexts.
* Hard irqs are blocked, be cautious.
*/
bool __do_once_start(bool *done, unsigned long *flags);
void __do_once_done(bool *done, struct static_key_true *once_key,
unsigned long *flags, struct module *mod);
/* Variant for process contexts only. */
bool __do_once_sleepable_start(bool *done);
void __do_once_sleepable_done(bool *done, struct static_key_true *once_key,
struct module *mod);
/* Call a function exactly once. The idea of DO_ONCE() is to perform
* a function call such as initialization of random seeds, etc, only
* once, where DO_ONCE() can live in the fast-path. After @func has
* been called with the passed arguments, the static key will patch
* out the condition into a nop. DO_ONCE() guarantees type safety of
* arguments!
*
* Note that the following is not equivalent ...
*
* DO_ONCE(func, arg);
* DO_ONCE(func, arg);
*
* ... to this version:
*
* void foo(void)
* {
* DO_ONCE(func, arg);
* }
*
* foo();
* foo();
*
* In case the one-time invocation could be triggered from multiple
* places, then a common helper function must be defined, so that only
* a single static key will be placed there!
*/
#define DO_ONCE(func, ...) \
({ \
bool ___ret = false; \
static bool __section(".data..do_once") ___done = false; \
static DEFINE_STATIC_KEY_TRUE(___once_key); \
if (static_branch_unlikely(&___once_key)) { \
unsigned long ___flags; \
___ret = __do_once_start(&___done, &___flags); \
if (unlikely(___ret)) { \
func(__VA_ARGS__); \
__do_once_done(&___done, &___once_key, \
&___flags, THIS_MODULE); \
} \
} \
___ret; \
})
/* Variant of DO_ONCE() for process/sleepable contexts. */
#define DO_ONCE_SLEEPABLE(func, ...) \
({ \
bool ___ret = false; \
static bool __section(".data..do_once") ___done = false; \
static DEFINE_STATIC_KEY_TRUE(___once_key); \
if (static_branch_unlikely(&___once_key)) { \
___ret = __do_once_sleepable_start(&___done); \
if (unlikely(___ret)) { \
func(__VA_ARGS__); \
__do_once_sleepable_done(&___done, &___once_key,\
THIS_MODULE); \
} \
} \
___ret; \
})
#define get_random_once(buf, nbytes) \
DO_ONCE(get_random_bytes, (buf), (nbytes))
#define get_random_sleepable_once(buf, nbytes) \
DO_ONCE_SLEEPABLE(get_random_bytes, (buf), (nbytes))
#endif /* _LINUX_ONCE_H */
Reference in New Issue View Git Blame Copy Permalink