From: Oleksij Rempel <o.rempel@pengutronix.de>
To: syzbot <syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com>
Cc: astrajoan@yahoo.com, davem@davemloft.net, edumazet@google.com,
ivan.orlov0322@gmail.com, kernel@pengutronix.de, kuba@kernel.org,
linux-can@vger.kernel.org, linux-kernel@vger.kernel.org,
linux@rempel-privat.de, mkl@pengutronix.de,
netdev@vger.kernel.org, pabeni@redhat.com, robin@protonic.nl,
skhan@linuxfoundation.org, socketcan@hartkopp.net,
syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
Date: Tue, 4 Jul 2023 09:37:35 +0200 [thread overview]
Message-ID: <20230704073735.GC15522@pengutronix.de> (raw)
In-Reply-To: <00000000000002937705ffa3a80b@google.com>
On Mon, Jul 03, 2023 at 11:47:26PM -0700, syzbot wrote:
> > The following 3 locks would race against each other, causing the
> > deadlock situation in the Syzbot bug report:
> >
> > - j1939_socks_lock
> > - active_session_list_lock
> > - sk_session_queue_lock
> >
> > A reasonable fix is to change j1939_socks_lock to an rwlock, since in
> > the rare situations where a write lock is required for the linked list
> > that j1939_socks_lock is protecting, the code does not attempt to
> > acquire any more locks. This would break the circular lock dependency,
> > where, for example, the current thread already locks j1939_socks_lock
> > and attempts to acquire sk_session_queue_lock, and at the same time,
> > another thread attempts to acquire j1939_socks_lock while holding
> > sk_session_queue_lock.
> >
> > NOTE: This patch along does not fix the unregister_netdevice bug
> > reported by Syzbot; instead, it solves a deadlock situation to prepare
> > for one or more further patches to actually fix the Syzbot bug, which
> > appears to be a reference counting problem within the j1939 codebase.
> >
> > #syz test:
>
> This crash does not have a reproducer. I cannot test it.
>
To stress this code path, the socket should be configured with err queue
enabled. For example like this:
value = 1;
setsockopt(priv->sock, SOL_CAN_J1939, SO_J1939_ERRQUEUE, &value,
sizeof(value));
sock_opt = SOF_TIMESTAMPING_SOFTWARE |
SOF_TIMESTAMPING_OPT_CMSG |
SOF_TIMESTAMPING_TX_ACK |
SOF_TIMESTAMPING_TX_SCHED |
SOF_TIMESTAMPING_OPT_STATS | SOF_TIMESTAMPING_OPT_TSONLY |
SOF_TIMESTAMPING_OPT_ID | SOF_TIMESTAMPING_RX_SOFTWARE;
setsockopt(priv->sock, SOL_SOCKET, SO_TIMESTAMPING,
(char *) &sock_opt, sizeof(sock_opt));
I hope it will help to create the reproducer
Regards,
Oleksij
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2023-07-04 7:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-04 6:19 [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-04 6:47 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
2023-07-04 6:47 ` syzbot
2023-07-04 7:37 ` Oleksij Rempel [this message]
2023-07-21 16:22 ` [Bridge] " Ziqi Zhao
2023-07-21 16:22 ` Ziqi Zhao
2023-07-23 15:41 ` [Bridge] " Oleksij Rempel
2023-07-23 15:41 ` Oleksij Rempel
2023-08-07 4:46 ` [Bridge] " Oleksij Rempel
2023-08-07 4:46 ` Oleksij Rempel
2023-11-17 8:10 ` Oleksij Rempel
2023-07-10 17:53 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-12 0:47 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
2023-07-12 1:16 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-13 22:23 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Stephen Hemminger
2023-11-15 3:54 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
[not found] <C29A816B-6E28-4A36-AE59-F446180C910B.ref@yahoo.com>
2023-07-14 5:58 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Astra Joan
[not found] <8A7EE4B2-4DCE-40FF-B971-F67F402872BB.ref@yahoo.com>
2023-07-07 4:39 ` Astra Joan
[not found] <F17EC83C-9D70-463A-9C46-FBCC53A1F13C.ref@yahoo.com>
2023-07-04 17:55 ` Astra Joan
2023-07-05 4:39 ` Oleksij Rempel
2023-07-05 4:50 ` Dmitry Vyukov
-- strict thread matches above, loose matches on Subject: below --
2023-06-21 8:46 [Bridge] [syzbot] [net?] unregister_netdevice: waiting for DEV to become free (8) Dongliang Mu
2023-06-26 5:50 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230704073735.GC15522@pengutronix.de \
--to=o.rempel@pengutronix.de \
--cc=astrajoan@yahoo.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ivan.orlov0322@gmail.com \
--cc=kernel@pengutronix.de \
--cc=kuba@kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rempel-privat.de \
--cc=mkl@pengutronix.de \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=robin@protonic.nl \
--cc=skhan@linuxfoundation.org \
--cc=socketcan@hartkopp.net \
--cc=syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.