Re: [PATCH -rc] workqueue: Reimplement UAF fix to avoid lockdep worning
From: Imre Deak
Date: Tue Jun 04 2024 - 10:22:01 EST
Hi,
I see a similar issue, a corruption in the lock_keys_hash while
alloc_workqueue()->lockdep_register_key() iterates it, see [1] for the
stacktrace.
Not sure if related or even will solve [1], but [2] will revert
commit 7e89efc6e9e4 ("PCI: Lock upstream bridge for pci_reset_function()")
which does
lockdep_register_key(&dev->cfg_access_key);
in pci_device_add() and doesn't unregister the key when the pci device is
removed (and potentially freed); so basically 7e89efc6e9e4 was missing a
lockdep_unregister_key();
in pci_destroy_dev().
Based on the above I wonder if 7e89efc6e9e4 could also lead to the
corruption of lock_keys_hash after a pci device is removed.
--Imre
[1] https://intel-gfx-ci.01.org/tree/drm-tip/IGT_7875/bat-atsm-1/dmesg0.txt
[2] https://lore.kernel.org/all/171711746402.1628941.14575335981264103013.stgit@xxxxxxxxxxxxxxxxxxxxxxxxx/