[PATCH] padata: use integer wrap around to prevent deadlock on seq_nr overflow
From: VanGiang Nguyen
Date: Fri Aug 09 2024 - 02:37:12 EST
When submitting more than 2^32 padata objects to padata_do_serial, the
current sorting implementation incorrectly sorts padata objects with
overflowed seq_nr, causing them to be placed before existing objects in
the reorder list. This leads to a deadlock in the serialization process
as padata_find_next cannot match padata->seq_nr and pd->processed
because the padata instance with overflowed seq_nr will be selected
next.
To fix this, we use an unsigned integer wrap around to correctly sort
padata objects in scenarios with integer overflow.
Co-developed-by: Christian Gafert <christian.gafert@xxxxxxxxxxxxxxxxx>
Signed-off-by: Christian Gafert <christian.gafert@xxxxxxxxxxxxxxxxx>
Co-developed-by: Max Ferger <max.ferger@xxxxxxxxxxxxxxxxx>
Signed-off-by: Max Ferger <max.ferger@xxxxxxxxxxxxxxxxx>
Signed-off-by: Van Giang Nguyen <vangiang.nguyen@xxxxxxxxxxxxxxxxx>
---
kernel/padata.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/padata.c b/kernel/padata.c
index 53f4bc912712..222bccd0c96b 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -404,7 +404,8 @@ void padata_do_serial(struct padata_priv *padata)
/* Sort in ascending order of sequence number. */
list_for_each_prev(pos, &reorder->list) {
cur = list_entry(pos, struct padata_priv, list);
- if (cur->seq_nr < padata->seq_nr)
+ /* Compare by difference to consider integer wrap around */
+ if ((signed int)(cur->seq_nr - padata->seq_nr) < 0)
break;
}
list_add(&padata->list, pos);
--
2.34.1