lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2024112820-vehicular-unsocial-ccdf@gregkh>
Date: Thu, 28 Nov 2024 12:45:01 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: 江世昊 <sh.jiang@....edu.cn>
Cc: security@...nel.org, wenjia@...ux.ibm.com, jaka@...ux.ibm.com,
	linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
	syzkaller@...glegroups.com
Subject: Re: [bug report] smc: possible deadlock in smc_switch_to_fallback

On Thu, Nov 28, 2024 at 05:12:23PM +0800, 江世昊 wrote:
> Hi developers:
> 
> We may found a bug in smc module which can lead to deadlock recently.
> 
> HEAD commit: 819837584309 6.12.0-rc5
> git tree: upstream
> kernel config: https://drive.google.com/file/d/1-9pltE-1CMgGgNFu9o5l0BlCHk3Rnzb_/view?usp=sharing
> console output: https://drive.google.com/file/d/1uH0RDdftVIq_Boa6YWowLj3WujqVBuL7/view?usp=sharing
> syz repro: https://drive.google.com/file/d/1WUjiYSMebSZ7fR0uxrGx-kDLrf1v_Nra/view?usp=sharing
> C reproducer: https://drive.google.com/file/d/1_lB5_uacVnfDNE8VpuiY-NxEtDdzJ0Z8/view?usp=sharing
> 
> Environment:
> Ubuntu 22.04 on Linux 5.15
> QEMU emulator version 6.2.0
> qemu-system-x86_64 \
> -m 2G \
> -smp 2 \
> -kernel /home/wd/bzImage \
> -append "console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0" \
> -drive file=/home/wd/bullseye.img,format=raw \
> -net user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 \
> -net nic,model=e1000 \
> -enable-kvm \
> -nographic \
> -pidfile vm.pid \
> 2>&1 | tee vm.log
> 
> If you fix this issue, please add the following tag to the commit:
> Reported-by: Shihao Jiang<sh.jiang@....edu.cn>
> 
> ======================================================
> WARNING: possible circular locking dependency detected
> 6.12.0-rc5 #1 Tainted: G        W         
> ------------------------------------------------------
> syz-executor351/9413 is trying to acquire lock:
> ffff88804bd68aa8 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_switch_to_fallback+0x2d/0xa00 net/smc/af_smc.c:902
> 
> but task is already holding lock:
> ffff88804bd68258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1611 [inline]
> ffff88804bd68258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_setsockopt+0x323/0xc10 net/smc/af_smc.c:3077
> 
> which lock already depends on the new lock.

Please submit a fix for this issue as you have a test-case for it.  It's
just a "normal" lockdep warning, not a "security" issue.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ