Re: [PATCH -rc] workqueue: Reimplement UAF fix to avoid lockdep worning

From: Imre Deak
Date: Tue Jun 04 2024 - 10:22:01 EST


Hi,

I see a similar issue, a corruption in the lock_keys_hash while
alloc_workqueue()->lockdep_register_key() iterates it, see [1] for the
stacktrace.

Not sure if related or even will solve [1], but [2] will revert

commit 7e89efc6e9e4 ("PCI: Lock upstream bridge for pci_reset_function()")

which does

lockdep_register_key(&dev->cfg_access_key);

in pci_device_add() and doesn't unregister the key when the pci device is
removed (and potentially freed); so basically 7e89efc6e9e4 was missing a

lockdep_unregister_key();

in pci_destroy_dev().

Based on the above I wonder if 7e89efc6e9e4 could also lead to the
corruption of lock_keys_hash after a pci device is removed.

--Imre

[1] https://intel-gfx-ci.01.org/tree/drm-tip/IGT_7875/bat-atsm-1/dmesg0.txt
[2] https://lore.kernel.org/all/171711746402.1628941.14575335981264103013.stgit@xxxxxxxxxxxxxxxxxxxxxxxxx/