rcu: Prevent spurious-wakeup DoS attack on rcu_gp_kthread()

[platform/adaptation/renesas_rcar/renesas_kernel.git] / kernel / rcutree.c

diff --git a/kernel/rcutree.c b/kernel/rcutree.c
index 32618b3..62b67b7 100644 (file)
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
@@ -1297,7 +1297,7 @@ static void note_gp_changes(struct rcu_state *rsp, struct rcu_data *rdp)
 }
 
 /*
- * Initialize a new grace period.
+ * Initialize a new grace period.  Return 0 if no grace period required.
  */
 static int rcu_gp_init(struct rcu_state *rsp)
 {
@@ -1306,10 +1306,18 @@ static int rcu_gp_init(struct rcu_state *rsp)
 
        rcu_bind_gp_kthread();
        raw_spin_lock_irq(&rnp->lock);
+       if (rsp->gp_flags == 0) {
+               /* Spurious wakeup, tell caller to go back to sleep.  */
+               raw_spin_unlock_irq(&rnp->lock);
+               return 0;
+       }
        rsp->gp_flags = 0; /* Clear all flags: New grace period. */
 
-       if (rcu_gp_in_progress(rsp)) {
-               /* Grace period already in progress, don't start another.  */
+       if (WARN_ON_ONCE(rcu_gp_in_progress(rsp))) {
+               /*
+                * Grace period already in progress, don't start another.
+                * Not supposed to be able to happen.
+                */
                raw_spin_unlock_irq(&rnp->lock);
                return 0;
        }
@@ -1462,6 +1470,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp)
 static int __noreturn rcu_gp_kthread(void *arg)
 {
        int fqs_state;
+       int gf;
        unsigned long j;
        int ret;
        struct rcu_state *rsp = arg;
@@ -1474,8 +1483,7 @@ static int __noreturn rcu_gp_kthread(void *arg)
                        wait_event_interruptible(rsp->gp_wq,
                                                 rsp->gp_flags &
                                                 RCU_GP_FLAG_INIT);
-                       if ((rsp->gp_flags & RCU_GP_FLAG_INIT) &&
-                           rcu_gp_init(rsp))
+                       if (rcu_gp_init(rsp))
                                break;
                        cond_resched();
                        flush_signals(current);
@@ -1488,10 +1496,13 @@ static int __noreturn rcu_gp_kthread(void *arg)
                        j = HZ;
                        jiffies_till_first_fqs = HZ;
                }
+               ret = 0;
                for (;;) {
-                       rsp->jiffies_force_qs = jiffies + j;
+                       if (!ret)
+                               rsp->jiffies_force_qs = jiffies + j;
                        ret = wait_event_interruptible_timeout(rsp->gp_wq,
-                                       (rsp->gp_flags & RCU_GP_FLAG_FQS) ||
+                                       ((gf = ACCESS_ONCE(rsp->gp_flags)) &
+                                        RCU_GP_FLAG_FQS) ||
                                        (!ACCESS_ONCE(rnp->qsmask) &&
                                         !rcu_preempt_blocked_readers_cgp(rnp)),
                                        j);
@@ -1500,7 +1511,8 @@ static int __noreturn rcu_gp_kthread(void *arg)
                            !rcu_preempt_blocked_readers_cgp(rnp))
                                break;
                        /* If time for quiescent-state forcing, do it. */
-                       if (ret == 0 || (rsp->gp_flags & RCU_GP_FLAG_FQS)) {
+                       if (ULONG_CMP_GE(jiffies, rsp->jiffies_force_qs) ||
+                           (gf & RCU_GP_FLAG_FQS)) {
                                fqs_state = rcu_gp_fqs(rsp, fqs_state);
                                cond_resched();
                        } else {