From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Bo Wu <wubo40@huawei.com>,
Zhiqiang Liu <liuzhiqiang26@huawei.com>,
Lee Duncan <lduncan@suse.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
open-iscsi@googlegroups.com, linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 34/52] scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
Date: Fri, 20 Dec 2019 09:29:36 -0500 [thread overview]
Message-ID: <20191220142954.9500-34-sashal@kernel.org> (raw)
In-Reply-To: <20191220142954.9500-1-sashal@kernel.org>
From: Bo Wu <wubo40@huawei.com>
[ Upstream commit bba340c79bfe3644829db5c852fdfa9e33837d6d ]
In iscsi_if_rx func, after receiving one request through
iscsi_if_recv_msg func, iscsi_if_send_reply will be called to try to
reply to the request in a do-while loop. If the iscsi_if_send_reply
function keeps returning -EAGAIN, a deadlock will occur.
For example, a client only send msg without calling recvmsg func, then
it will result in the watchdog soft lockup. The details are given as
follows:
sock_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ISCSI);
retval = bind(sock_fd, (struct sock addr*) & src_addr, sizeof(src_addr);
while (1) {
state_msg = sendmsg(sock_fd, &msg, 0);
//Note: recvmsg(sock_fd, &msg, 0) is not processed here.
}
close(sock_fd);
watchdog: BUG: soft lockup - CPU#7 stuck for 22s! [netlink_test:253305] Sample time: 4000897528 ns(HZ: 250) Sample stat:
curr: user: 675503481560, nice: 321724050, sys: 448689506750, idle: 4654054240530, iowait: 40885550700, irq: 14161174020, softirq: 8104324140, st: 0
deta: user: 0, nice: 0, sys: 3998210100, idle: 0, iowait: 0, irq: 1547170, softirq: 242870, st: 0 Sample softirq:
TIMER: 992
SCHED: 8
Sample irqstat:
irq 2: delta 1003, curr: 3103802, arch_timer
CPU: 7 PID: 253305 Comm: netlink_test Kdump: loaded Tainted: G OE
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
pstate: 40400005 (nZcv daif +PAN -UAO)
pc : __alloc_skb+0x104/0x1b0
lr : __alloc_skb+0x9c/0x1b0
sp : ffff000033603a30
x29: ffff000033603a30 x28: 00000000000002dd
x27: ffff800b34ced810 x26: ffff800ba7569f00
x25: 00000000ffffffff x24: 0000000000000000
x23: ffff800f7c43f600 x22: 0000000000480020
x21: ffff0000091d9000 x20: ffff800b34eff200
x19: ffff800ba7569f00 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: 0001000101000100
x13: 0000000101010000 x12: 0101000001010100
x11: 0001010101010001 x10: 00000000000002dd
x9 : ffff000033603d58 x8 : ffff800b34eff400
x7 : ffff800ba7569200 x6 : ffff800b34eff400
x5 : 0000000000000000 x4 : 00000000ffffffff
x3 : 0000000000000000 x2 : 0000000000000001
x1 : ffff800b34eff2c0 x0 : 0000000000000300 Call trace:
__alloc_skb+0x104/0x1b0
iscsi_if_rx+0x144/0x12bc [scsi_transport_iscsi]
netlink_unicast+0x1e0/0x258
netlink_sendmsg+0x310/0x378
sock_sendmsg+0x4c/0x70
sock_write_iter+0x90/0xf0
__vfs_write+0x11c/0x190
vfs_write+0xac/0x1c0
ksys_write+0x6c/0xd8
__arm64_sys_write+0x24/0x30
el0_svc_common+0x78/0x130
el0_svc_handler+0x38/0x78
el0_svc+0x8/0xc
Link: https://lore.kernel.org/r/EDBAAA0BBBA2AC4E9C8B6B81DEEE1D6915E3D4D2@dggeml505-mbx.china.huawei.com
Signed-off-by: Bo Wu <wubo40@huawei.com>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_transport_iscsi.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index 417b868d8735e..ed8d9709b9b96 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -24,6 +24,8 @@
#define ISCSI_TRANSPORT_VERSION "2.0-870"
+#define ISCSI_SEND_MAX_ALLOWED 10
+
#define CREATE_TRACE_POINTS
#include <trace/events/iscsi.h>
@@ -3682,6 +3684,7 @@ iscsi_if_rx(struct sk_buff *skb)
struct nlmsghdr *nlh;
struct iscsi_uevent *ev;
uint32_t group;
+ int retries = ISCSI_SEND_MAX_ALLOWED;
nlh = nlmsg_hdr(skb);
if (nlh->nlmsg_len < sizeof(*nlh) + sizeof(*ev) ||
@@ -3712,6 +3715,10 @@ iscsi_if_rx(struct sk_buff *skb)
break;
err = iscsi_if_send_reply(portid, nlh->nlmsg_type,
ev, sizeof(*ev));
+ if (err == -EAGAIN && --retries < 0) {
+ printk(KERN_WARNING "Send reply failed, error %d\n", err);
+ break;
+ }
} while (err < 0 && err != -ECONNREFUSED && err != -ESRCH);
skb_pull(skb, rlen);
}
--
2.20.1
next prev parent reply other threads:[~2019-12-20 14:33 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-20 14:29 [PATCH AUTOSEL 5.4 01/52] drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 02/52] nvme_fc: add module to ops template to allow module references Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 03/52] nvme-fc: fix double-free scenarios on hw queues Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 04/52] drm/amdgpu: add check before enabling/disabling broadcast mode Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 05/52] drm/amdgpu: add header line for power profile on Arcturus Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 06/52] drm/amdgpu: add cache flush workaround to gfx8 emit_fence Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 07/52] drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are equal Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 08/52] drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 09/52] drm/amd/display: Change the delay time before enabling FEC Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 10/52] drm/amd/display: Reset steer fifo before unblanking the stream Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 11/52] drm/amd/display: update dispclk and dppclk vco frequency Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 12/52] nvme/pci: Fix write and poll queue types Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 13/52] nvme/pci: Fix read queue count Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 14/52] iio: st_accel: Fix unused variable warning Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 15/52] iio: adc: max9611: Fix too short conversion time delay Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 16/52] PM / devfreq: Fix devfreq_notifier_call returning errno Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 17/52] PM / devfreq: Set scaling_max_freq to max on OPP notifier error Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 18/52] PM / devfreq: Don't fail devfreq_dev_release if not in list Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 19/52] afs: Fix afs_find_server lookups for ipv4 peers Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 20/52] afs: Fix SELinux setting security label on /afs Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 21/52] RDMA/cma: add missed unregister_pernet_subsys in init failure Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 22/52] rxe: correctly calculate iCRC for unaligned payloads Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 23/52] scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 24/52] scsi: qla2xxx: Use explicit LOGO in target mode Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 25/52] scsi: qla2xxx: Drop superfluous INIT_WORK of del_work Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 26/52] scsi: qla2xxx: Don't call qlt_async_event twice Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 27/52] scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 28/52] scsi: qla2xxx: Configure local loop for N2N target Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 29/52] scsi: qla2xxx: Send Notify ACK after N2N PLOGI Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 30/52] scsi: qla2xxx: Don't defer relogin unconditonally Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 31/52] scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 32/52] scsi: iscsi: qla4xxx: fix double free in probe Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 33/52] scsi: libsas: stop discovering if oob mode is disconnected Sasha Levin
2019-12-20 14:29 ` Sasha Levin [this message]
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 35/52] staging/wlan-ng: add CRC32 dependency in Kconfig Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 36/52] drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 37/52] drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 38/52] drm/nouveau/kms/nv50-: fix panel scaling Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 39/52] usb: gadget: fix wrong endpoint desc Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 40/52] net: make socket read/write_iter() honor IOCB_NOWAIT Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 41/52] afs: Fix mountpoint parsing Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 42/52] afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 43/52] raid5: need to set STRIPE_HANDLE for batch head Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 44/52] md: raid1: check rdev before reference in raid1_sync_request func Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 45/52] s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 46/52] s390/cpum_sf: Avoid SBD overflow condition in irq handler Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 47/52] RDMA/counter: Prevent auto-binding a QP which are not tracked with res Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 48/52] IB/mlx4: Follow mirror sequence of device add during device removal Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 49/52] IB/mlx5: Fix steering rule of drop and count Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 50/52] xen-blkback: prevent premature module unload Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 51/52] xen/balloon: fix ballooned page accounting without hotplug enabled Sasha Levin
2019-12-20 14:29 ` [PATCH AUTOSEL 5.4 52/52] PM / hibernate: memory_bm_find_bit(): Tighten node optimisation Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191220142954.9500-34-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=lduncan@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=liuzhiqiang26@huawei.com \
--cc=martin.petersen@oracle.com \
--cc=open-iscsi@googlegroups.com \
--cc=stable@vger.kernel.org \
--cc=wubo40@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).