| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Jun 2023 11:49:09 +0200 From: Paolo Abeni <pabeni@...hat.com> To: Chengfeng Ye <dg573847474@...il.com>, marcelo.leitner@...il.com, lucien.xin@...il.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org Cc: linux-sctp@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] sctp: fix potential deadlock on &net->sctp.addr_wq_lock On Tue, 2023-06-27 at 12:03 +0000, Chengfeng Ye wrote: > As &net->sctp.addr_wq_lock is also acquired by the timer > sctp_addr_wq_timeout_handler() in protocal.c, the same lock acquisition > at sctp_auto_asconf_init() seems should disable irq since it is called > from sctp_accept() under process context. > > Possible deadlock scenario: > sctp_accept() > -> sctp_sock_migrate() > -> sctp_auto_asconf_init() > -> spin_lock(&net->sctp.addr_wq_lock) > <timer interrupt> > -> sctp_addr_wq_timeout_handler() > -> spin_lock_bh(&net->sctp.addr_wq_lock); (deadlock here) > > This flaw was found using an experimental static analysis tool we are > developing for irq-related deadlock. > > The tentative patch fix the potential deadlock by spin_lock_bh(). Patch LGTM. Please note that the above suggests a possible net-next follow- up/cleanup, replacing the spin_lock_bh() in sctp_addr_wq_timeout_handler() with a simple/faster spin_lock() - since sctp_addr_wq_timeout_handler() runs with BH disabled. Anyhow net-next is closed now, it will have to wait a bit ;) Cheers, Paolo
Powered by blists - more mailing lists