diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2026-06-23 16:05:54 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2026-06-23 16:05:54 -0700 |
| commit | 90ae888a372957765fb3523fbead3baca55264d1 (patch) | |
| tree | b4ffcf1d94333007a2df603d4cdd36480ea71daa /lib | |
| parent | b59e4cae34bfc7f6770047e4dba05faa0780c745 (diff) | |
| parent | b81dde13cc163450dcb402dcc915ef13ba241e01 (diff) | |
| download | ath-90ae888a372957765fb3523fbead3baca55264d1.tar.gz | |
Merge tag 'core-urgent-2026-06-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull misc core fixes from Ingo Molnar:
- Fix an MM-CID race that can cause an OOB write (Rik van Riel)
- Fix a debugobjects OOM handling race (Thomas Gleixner)
* tag 'core-urgent-2026-06-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
debugobjects: Plug race against a concurrent OOM disable
sched/mmcid: Fix OOB clear_bit when CID is MM_CID_UNSET in fixup path
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/debugobjects.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/debugobjects.c b/lib/debugobjects.c index 6fb00e08a4e29..877f7675ba26b 100644 --- a/lib/debugobjects.c +++ b/lib/debugobjects.c @@ -894,6 +894,14 @@ int debug_object_activate(void *addr, const struct debug_obj_descr *descr) } raw_spin_unlock_irqrestore(&db->lock, flags); + + /* + * lookup_object_or_alloc() might have raced with a concurrent + * allocation failure which disabled debug objects. + */ + if (!debug_objects_enabled) + return 0; + debug_print_object(&o, "activate"); switch (o.state) { @@ -1071,6 +1079,15 @@ void debug_object_assert_init(void *addr, const struct debug_obj_descr *descr) return; } + /* + * lookup_object_or_alloc() might have raced with a concurrent + * allocation failure which disabled debug objects. Don't run the fixup + * as it might turn a valid object useless. See for example + * hrtimer_fixup_assert_init(). + */ + if (!debug_objects_enabled) + return; + /* Object is neither tracked nor static. It's not initialized. */ debug_print_object(&o, "assert_init"); debug_object_fixup(descr->fixup_assert_init, addr, ODEBUG_STATE_NOTAVAILABLE); |
