lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAO9qdTHdZnD5fC-V8E2JqKiM+ijOj15GRZjfwO+aAg_CUhNDnw@mail.gmail.com>
Date: Wed, 16 Jul 2025 14:12:27 +0900
From: Jeongjun Park <aha310510@...il.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: richardcochran@...il.com, andrew+netdev@...n.ch, davem@...emloft.net, 
	edumazet@...gle.com, pabeni@...hat.com, yangbo.lu@....com, 
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org, 
	syzbot+7cfb66a237c4a5fb22ad@...kaller.appspotmail.com
Subject: Re: [PATCH net] ptp: prevent possible ABBA deadlock in ptp_clock_freerun()

Hello,

Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Sat,  5 Jul 2025 23:50:31 +0900 Jeongjun Park wrote:
> > ABBA deadlock occurs in the following scenario:
> >
> >        CPU0                           CPU1
> >        ----                           ----
> >   n_vclocks_store()
> >     lock(&ptp->n_vclocks_mux) [1]
> >                                      pc_clock_adjtime()
> >                                        lock(&clk->rwsem) [2]
> >                                        ...
> >                                        ptp_clock_freerun()
> >                                          ptp_vclock_in_use()
> >                                            lock(&ptp->n_vclocks_mux) [3]
> >     ptp_clock_unregister()
> >       posix_clock_unregister()
> >         lock(&clk->rwsem) [4]
> >
> > To solve this with minimal patches, we should change ptp_clock_freerun()
> > to briefly release the read lock before calling ptp_vclock_in_use() and
> > then re-lock it when we're done.
>
> Dropping locks randomly is very rarely the correct fix.

Of course, we can change it to lock clk->rwsem before calling
ptp_clock_unregister(), but it would require a lot of code modifications,
and posix_clock_unregister() would also have to be modified, so I don't
think it's very appropriate.

That's why I suggested a way to briefly release the lock in
ptp_clock_freerun().

>
> Either way - you forgot to CC Vladimir, again.

No need to reference Vladimir, as this bug is a structural issue that has
been around since the n_vclocks feature was added, as indicated in the
Fixes tag.

> --
> pw-bot: cr

Regards,

Jeongjun Park

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ