From: Stephen Hemminger <stephen@networkplumber.org>
To: Ziqi Zhao <astrajoan@yahoo.com>
Cc: syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com,
davem@davemloft.net, dvyukov@google.com, edumazet@google.com,
ivan.orlov0322@gmail.com, kernel@pengutronix.de, kuba@kernel.org,
linux-can@vger.kernel.org, linux-kernel@vger.kernel.org,
linux@rempel-privat.de, mkl@pengutronix.de,
netdev@vger.kernel.org, o.rempel@pengutronix.de,
pabeni@redhat.com, robin@protonic.nl, skhan@linuxfoundation.org,
socketcan@hartkopp.net, syzkaller-bugs@googlegroups.com,
syzkaller@googlegroups.com
Subject: Re: [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
Date: Thu, 13 Jul 2023 15:23:05 -0700 [thread overview]
Message-ID: <20230713152305.153e7aba@hermes.local> (raw)
In-Reply-To: <20230712004750.2476-1-astrajoan@yahoo.com>
On Tue, 11 Jul 2023 17:47:50 -0700
Ziqi Zhao <astrajoan@yahoo.com> wrote:
> The following 3 locks would race against each other, causing the
> deadlock situation in the Syzbot bug report:
>
> - j1939_socks_lock
> - active_session_list_lock
> - sk_session_queue_lock
>
> A reasonable fix is to change j1939_socks_lock to an rwlock, since in
> the rare situations where a write lock is required for the linked list
> that j1939_socks_lock is protecting, the code does not attempt to
> acquire any more locks. This would break the circular lock dependency,
> where, for example, the current thread already locks j1939_socks_lock
> and attempts to acquire sk_session_queue_lock, and at the same time,
> another thread attempts to acquire j1939_socks_lock while holding
> sk_session_queue_lock.
>
> NOTE: This patch along does not fix the unregister_netdevice bug
> reported by Syzbot; instead, it solves a deadlock situation to prepare
> for one or more further patches to actually fix the Syzbot bug, which
> appears to be a reference counting problem within the j1939 codebase.
>
> #syz test:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>
> Signed-off-by: Ziqi Zhao <astrajoan@yahoo.com>
> ---
Reader-writer locks are not the best way to fix a lock hierarchy problem.
Instead either fix the lock ordering, or use RCU.
Other devices don't have this problem, so perhaps the unique locking
in this device is the problem.
next prev parent reply other threads:[~2023-07-13 22:23 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-04 6:19 [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-04 6:47 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
2023-07-04 6:47 ` syzbot
2023-07-04 7:37 ` Oleksij Rempel
2023-07-21 16:22 ` Ziqi Zhao
2023-07-23 15:41 ` Oleksij Rempel
2023-08-07 4:46 ` Oleksij Rempel
2023-11-17 8:10 ` Oleksij Rempel
2023-07-10 17:53 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-12 0:47 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
2023-07-12 1:16 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-13 22:23 ` Stephen Hemminger [this message]
2023-11-15 3:54 ` syzbot
[not found] <C29A816B-6E28-4A36-AE59-F446180C910B.ref@yahoo.com>
2023-07-14 5:58 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Astra Joan
[not found] <8A7EE4B2-4DCE-40FF-B971-F67F402872BB.ref@yahoo.com>
2023-07-07 4:39 ` Astra Joan
[not found] <F17EC83C-9D70-463A-9C46-FBCC53A1F13C.ref@yahoo.com>
2023-07-04 17:55 ` Astra Joan
2023-07-05 4:39 ` Oleksij Rempel
2023-07-05 4:50 ` Dmitry Vyukov
-- strict thread matches above, loose matches on Subject: below --
2023-06-21 8:46 [syzbot] [net?] unregister_netdevice: waiting for DEV to become free (8) Dongliang Mu
2023-06-26 5:50 ` [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230713152305.153e7aba@hermes.local \
--to=stephen@networkplumber.org \
--cc=astrajoan@yahoo.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=ivan.orlov0322@gmail.com \
--cc=kernel@pengutronix.de \
--cc=kuba@kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rempel-privat.de \
--cc=mkl@pengutronix.de \
--cc=netdev@vger.kernel.org \
--cc=o.rempel@pengutronix.de \
--cc=pabeni@redhat.com \
--cc=robin@protonic.nl \
--cc=skhan@linuxfoundation.org \
--cc=socketcan@hartkopp.net \
--cc=syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).