lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220901192527.GA2269019@francesco-nb.int.toradex.com>
Date:   Thu, 1 Sep 2022 21:25:27 +0200
From:   Francesco Dolcini <francesco.dolcini@...adex.com>
To:     Francesco Dolcini <francesco.dolcini@...adex.com>
Cc:     netdev@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: possible circular locking in
 kernfs_remove_by_name_ns/devinet_ioctl linux 6.0-rc3

On Thu, Sep 01, 2022 at 02:21:29PM +0200, Francesco Dolcini wrote:
> [   21.629186] ======================================================
> [   21.635418] WARNING: possible circular locking dependency detected
> [   21.641646] 6.0.0-rc3 #7 Not tainted
> [   21.645256] ------------------------------------------------------
> [   21.651480] connmand/542 is trying to acquire lock:
> [   21.656399] c2ce1d70 (kn->active#9){++++}-{0:0}, at: kernfs_remove_by_name_ns+0x50/0xa0
> [   21.664516]
>                but task is already holding lock:
> [   21.670394] c17af6e0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xc8/0x870
> [   21.677441]
>                which lock already depends on the new lock.
...
> [   21.945318] Chain exists of:
>                  kn->active#9 --> udc_lock --> rtnl_mutex
> 
> [   21.954902]  Possible unsafe locking scenario:
> 
> [   21.960865]        CPU0                    CPU1
> [   21.965430]        ----                    ----
> [   21.969994]   lock(rtnl_mutex);
> [   21.973174]                                lock(udc_lock);
> [   21.978709]                                lock(rtnl_mutex);
> [   21.984419]   lock(kn->active#9);
> [   21.987779]
>                 *** DEADLOCK ***
> 
> [   21.993745] 1 lock held by connmand/542:
> [   21.997704]  #0: c17af6e0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xc8/0x870
> [   22.005191]
...
> I have not tried to bisect this yet, just probing if someone has already
> some idea on this.

Commit 2191c00855b0 ("USB: gadget: Fix use-after-free Read in usb_udc_uevent()")
introduced this, see
https://lore.kernel.org/all/20220901192204.GA2268599@francesco-nb.int.toradex.com/

Francesco

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ