Commits
Subash Abhinov Kasiviswanathan committed 7ded4359680
ANDROID: nf: IDLETIMER: Fix possible use before initialization in idletimer_resume
idletimer_resume() assumes that the PM_SUSPEND_PREPARE notifier is sent
before PM_POST_SUSPEND so that timer->last_suspend_time is initialized.
However, it is possible for PM_POST_SUSPEND to be sent first if there is an
error returned from another driver's PM_SUSPEND_PREPARE notifier. As a
result, structures are accessed without initialization.
The arguments to set_normalized_timespec are very large and unexpected.
timer->last_suspend_time has the value of
{.tv_sec = 0x6b6b6b6b6b6b6b6b, .tv_nsec=0x6b6b6b6b6b6b6b6b}. Since really
large iterations are required, this operation takes more than a minute
and causes the CPU to trigger a spinbug since the timestamp lock is held.
Call stack -
- set_normalized_timespec
- timespec_sub
- idletimer_resume
- notifier_call_chain
- __blocking_notifier_call_chain
- pm_notifier_call_chain
Add a flag indicating whether the current value of timer->last_suspend is
valid.
Detected with CONFIG_SLUB_DEBUG & CONFIG_DEBUG_SPINLOCK in arm64.
Bug: 140404598
Fixes: f0c2df2b1228a ("ANDROID: netfilter: xt_IDLETIMER: Add new
netlink msg type")
Change-Id: I95328b0ac85dba819ff9cef751c3d07300c232f1
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Todd Kjos <tkjos@google.com>