ARM: Fix incorrect use of smp_processor_id() by syzbot report

BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/15841 caller is debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64 The smp_processor_id() is used in a code segment when preemption has been disabled, otherwise, when preemption is enabled this pointer is usually no longer useful since it may no longer point to per cpu data of the current processor. Reported-by: syzbot <syzbot+a7ee43e564223f195c84@syzkaller.appspotmail.com> Fixes: f5fe12b ("ARM: spectre-v2: harden user aborts in kernel space") Signed-off-by: Zqiang <qiang.zhang@windriver.com>
0day-ci · Mar 12, 2021 · b31b47976c6f81426cc00c99cc1452a60e89d972 · b31b479
1 parent a74e6a0
commit b31b47976c6f81426cc00c99cc1452a60e89d972
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h
@@ -21,8 +21,10 @@ typedef void (*harden_branch_predictor_fn_t)(void);
 DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn);
 static inline void harden_branch_predictor(void)
 {
+	preempt_disable();
 	harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn,
 						  smp_processor_id());
+	preempt_enable();
 	if (fn)
 		fn();
 }