OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers
History
Eric Dumazet f0a1380de7 6pack,mkiss: fix possible deadlock 
commit 5c9934b676 upstream.

We got another syzbot report [1] that tells us we must use
write_lock_irq()/write_unlock_irq() to avoid possible deadlock.

[1]

WARNING: inconsistent lock state
5.5.0-rc1-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-R} usage.
syz-executor826/9605 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffffff8a128718 (disc_data_lock){+-..}, at: sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
  __raw_write_lock_bh include/linux/rwlock_api_smp.h:203 [inline]
  _raw_write_lock_bh+0x33/0x50 kernel/locking/spinlock.c:319
  sixpack_close+0x1d/0x250 drivers/net/hamradio/6pack.c:657
  tty_ldisc_close.isra.0+0x119/0x1a0 drivers/tty/tty_ldisc.c:489
  tty_set_ldisc+0x230/0x6b0 drivers/tty/tty_ldisc.c:585
  tiocsetd drivers/tty/tty_io.c:2337 [inline]
  tty_ioctl+0xe8d/0x14f0 drivers/tty/tty_io.c:2597
  vfs_ioctl fs/ioctl.c:47 [inline]
  file_ioctl fs/ioctl.c:545 [inline]
  do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732
  ksys_ioctl+0xab/0xd0 fs/ioctl.c:749
  __do_sys_ioctl fs/ioctl.c:756 [inline]
  __se_sys_ioctl fs/ioctl.c:754 [inline]
  __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754
  do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 3946
hardirqs last  enabled at (3945): [<ffffffff87c86e43>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (3945): [<ffffffff87c86e43>] _raw_spin_unlock_irq+0x23/0x80 kernel/locking/spinlock.c:199
hardirqs last disabled at (3946): [<ffffffff8100675f>] trace_hardirqs_off_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:42
softirqs last  enabled at (2658): [<ffffffff86a8b4df>] spin_unlock_bh include/linux/spinlock.h:383 [inline]
softirqs last  enabled at (2658): [<ffffffff86a8b4df>] clusterip_netdev_event+0x46f/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:222
softirqs last disabled at (2656): [<ffffffff86a8b22b>] spin_lock_bh include/linux/spinlock.h:343 [inline]
softirqs last disabled at (2656): [<ffffffff86a8b22b>] clusterip_netdev_event+0x1bb/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:196

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(disc_data_lock);
  <Interrupt>
    lock(disc_data_lock);

 *** DEADLOCK ***

5 locks held by syz-executor826/9605:
 #0: ffff8880a905e198 (&tty->legacy_mutex){+.+.}, at: tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
 #1: ffffffff899a56c0 (rcu_read_lock){....}, at: mutex_spin_on_owner+0x0/0x330 kernel/locking/mutex.c:413
 #2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
 #2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x2d/0x1a0 drivers/tty/serial/8250/8250_core.c:116
 #3: ffffffff8c104048 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x24/0x330 drivers/tty/serial/8250/8250_port.c:1823
 #4: ffff8880a905e090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x22/0x90 drivers/tty/tty_ldisc.c:288

stack backtrace:
CPU: 1 PID: 9605 Comm: syz-executor826 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_usage_bug.cold+0x327/0x378 kernel/locking/lockdep.c:3101
 valid_state kernel/locking/lockdep.c:3112 [inline]
 mark_lock_irq kernel/locking/lockdep.c:3309 [inline]
 mark_lock+0xbb4/0x1220 kernel/locking/lockdep.c:3666
 mark_usage kernel/locking/lockdep.c:3554 [inline]
 __lock_acquire+0x1e55/0x4a00 kernel/locking/lockdep.c:3909
 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
 _raw_read_lock+0x32/0x50 kernel/locking/spinlock.c:223
 sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
 sixpack_write_wakeup+0x25/0x340 drivers/net/hamradio/6pack.c:402
 tty_wakeup+0xe9/0x120 drivers/tty/tty_io.c:536
 tty_port_default_wakeup+0x2b/0x40 drivers/tty/tty_port.c:50
 tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:387
 uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:104
 serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1761
 serial8250_handle_irq.part.0+0x2a2/0x330 drivers/tty/serial/8250/8250_port.c:1834
 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1820 [inline]
 serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1850
 serial8250_interrupt+0xf1/0x1a0 drivers/tty/serial/8250/8250_core.c:126
 __handle_irq_event_percpu+0x15d/0x970 kernel/irq/handle.c:149
 handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
 handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
 handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:830
 generic_handle_irq_desc include/linux/irqdesc.h:156 [inline]
 do_IRQ+0xde/0x280 arch/x86/kernel/irq.c:250
 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:607
 </IRQ>
RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:685 [inline]
RIP: 0010:mutex_spin_on_owner+0x247/0x330 kernel/locking/mutex.c:579
Code: c3 be 08 00 00 00 4c 89 e7 e8 e5 06 59 00 4c 89 e0 48 c1 e8 03 42 80 3c 38 00 0f 85 e1 00 00 00 49 8b 04 24 a8 01 75 96 f3 90 <e9> 2f fe ff ff 0f 0b e8 0d 19 09 00 84 c0 0f 85 ff fd ff ff 48 c7
RSP: 0018:ffffc90001eafa20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffd7
RAX: 0000000000000000 RBX: ffff88809fd9e0c0 RCX: 1ffffffff13266dd
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
RBP: ffffc90001eafa60 R08: 1ffff11013d22898 R09: ffffed1013d22899
R10: ffffed1013d22898 R11: ffff88809e9144c7 R12: ffff8880a905e138
R13: ffff88809e9144c0 R14: 0000000000000000 R15: dffffc0000000000
 mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
 __mutex_lock_common kernel/locking/mutex.c:962 [inline]
 __mutex_lock+0x32b/0x13c0 kernel/locking/mutex.c:1106
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1121
 tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
 tty_release+0xb5/0xe90 drivers/tty/tty_io.c:1665
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x8e7/0x2ef0 kernel/exit.c:797
 do_group_exit+0x135/0x360 kernel/exit.c:895
 __do_sys_exit_group kernel/exit.c:906 [inline]
 __se_sys_exit_group kernel/exit.c:904 [inline]
 __x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43fef8
Code: Bad RIP value.
RSP: 002b:00007ffdb07d2338 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043fef8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004bf730 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000

Fixes: 6e4e2f811b ("6pack,mkiss: fix lock inconsistency")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-01-04 19:18:36 +01:00
..
accessibility
acpi ACPI: button: Add DMI quirk for Medion Akoya E2215T 2019-12-31 16:44:26 +01:00
amba ARM updates for 5.4-rc: 2019-10-23 06:26:33 -04:00
android binder: fix incorrect calculation for num_valid 2019-12-17 19:55:33 +01:00
ata libata: Ensure ata_port probe has completed before detach 2019-12-31 16:44:31 +01:00
atm atm: he: clean up an indentation issue 2019-09-25 13:54:45 +02:00
auxdisplay It's a somewhat calmer cycle for docs this time, as the churn of the mass 2019-09-17 16:22:26 -07:00
base firmware_loader: Fix labels with comma for builtin firmware 2019-12-31 16:45:39 +01:00
bcma bcma: make arrays pwr_info_offset and sprom_sizes static const, shrinks object size 2019-09-13 16:44:49 +03:00
block nbd: fix shutdown and recv work deadlock v2 2019-12-31 16:46:34 +01:00
bluetooth Bluetooth: btusb: avoid unused function warning 2019-12-31 16:44:08 +01:00
bus bus: ti-sysc: Fix watchdog quirk handling 2019-10-18 08:45:32 -07:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:18:25 +01:00
char tpm: fix invalid locking in NONBLOCKING mode 2019-12-31 16:45:52 +01:00
clk clk: pxa: fix one of the pxa RTC clocks 2020-01-04 19:18:11 +01:00
clocksource clocksource/drivers/timer-of: Use unique device name instead of timer 2020-01-04 19:17:08 +01:00
connector
counter
cpufreq cpufreq: Register drivers only after CPU devices have been registered 2019-12-31 16:45:26 +01:00
cpuidle cpuidle: use first valid target residency as poll time 2019-12-17 19:56:23 +01:00
crypto crypto: vmx - Avoid weird build failures 2019-12-31 16:45:45 +01:00
dax
dca
devfreq PM / devfreq: Lock devfreq in trans_stat_show 2019-12-17 19:56:26 +01:00
dio
dma dmaengine: fsl-qdma: Handle invalid qdma-queue0 IRQ 2020-01-04 19:17:01 +01:00
dma-buf dma-buf: Fix memory leak in sync_file_merge() 2019-12-21 11:04:48 +01:00
edac EDAC/ghes: Fix grain calculation 2019-12-31 16:45:16 +01:00
eisa
extcon extcon: sm5502: Reset registers during initialization 2019-12-31 16:44:04 +01:00
firewire
firmware efi/memreserve: Register reservations as 'reserved' in /proc/iomem 2019-12-31 16:46:06 +01:00
fpga Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:45:09 +01:00
gnss
gpio gpio: lynxpoint: Setup correct IRQ handlers 2020-01-04 19:18:20 +01:00
gpu drm/amdgpu: Call find_vma under mmap_sem 2020-01-04 19:18:22 +01:00
greybus staging: greybus: move es2 to drivers/greybus/ 2019-08-27 19:03:08 +02:00
hid HID: rmi: Check that the RMI_STARTED bit is set before unregistering the RMI transport device 2020-01-04 19:18:13 +01:00
hsi HSI changes for the 5.4 series 2019-09-22 12:02:21 -07:00
hv Drivers: hv: vmbus: Fix crash handler reset of Hyper-V synic 2020-01-04 19:18:21 +01:00
hwmon hwmon: (ina3221) Fix read timeout issue 2019-10-28 18:46:55 -07:00
hwspinlock
hwtracing intel_th: msu: Fix window switching without windows 2019-12-31 16:46:09 +01:00
i2c i2c: stm32f7: fix & reorder remove & probe error handling 2020-01-04 19:17:27 +01:00
i3c i3c: master: Use dev_to_i3cmaster() 2019-08-27 09:43:59 +02:00
ide
idle x86/intel: Aggregate microserver naming 2019-08-28 11:29:32 +02:00
iio iio: dac: ad5446: Add support for new AD5600 DAC 2019-12-31 16:45:19 +01:00
infiniband RDMA/siw: Fix post_recv QP state locking 2019-12-31 16:46:01 +01:00
input Input: ili210x - handle errors from input_mt_init_slots() 2020-01-04 19:17:34 +01:00
interconnect interconnect: qcom: qcs404: Walk the list safely on node removal 2019-12-17 19:55:39 +01:00
iommu iommu/arm-smmu-v3: Don't display an error when IRQ lines are missing 2020-01-04 19:17:25 +01:00
ipack
irqchip irqchip: ingenic: Error out if IRQ domain creation failed 2020-01-04 19:17:22 +01:00
isdn net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
leds leds: trigger: netdev: fix handling on interface rename 2020-01-04 19:17:05 +01:00
lightnvm lightnvm: print error when target is not found 2019-09-05 13:17:01 -06:00
macintosh cpufreq: Use per-policy frequency QoS 2019-10-21 02:05:21 +02:00
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:18:30 +01:00
mcb
md md: make sure desc_nr less than MD_SB_DISKS 2020-01-04 19:18:34 +01:00
media media: vim2m: media_device_cleanup was called too early 2019-12-31 16:45:17 +01:00
memory iommu/mediatek: Clean up struct mtk_smi_iommu 2019-08-30 15:57:27 +02:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-09 11:08:03 +02:00
message
mfd mfd: mt6397: Fix probe after changing mt6397-core 2019-10-24 08:49:25 +01:00
misc habanalabs: skip VA block list update in reset flow 2020-01-04 19:18:18 +01:00
mmc mmc: sdhci: Add a quirk for broken command queuing 2019-12-31 16:46:33 +01:00
mtd mtd: rawnand: Change calculating of position page containing BBM 2019-12-17 19:55:54 +01:00
mux
net 6pack,mkiss: fix possible deadlock 2020-01-04 19:18:36 +01:00
nfc NFC: nxp-nci: Fix probing without ACPI 2019-12-31 16:41:49 +01:00
ntb NTB: fix IDT Kconfig typos/spellos 2019-09-23 17:20:40 -04:00
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:18:12 +01:00
nvme nvme: Discard workaround for non-conformant devices 2019-12-31 16:45:24 +01:00
nvmem nvmem: imx-ocotp: reset error status on probe 2019-12-31 16:44:42 +01:00
of of: unittest: fix memory leak in attach_node_and_children 2020-01-04 19:18:25 +01:00
opp opp: Reinitialize the list_kref before adding the static OPPs again 2019-10-23 10:58:44 +05:30
oprofile
parisc parisc: Remove 32-bit DMA enforcement from sba_iommu 2019-10-14 21:44:26 +02:00
parport parport: load lowlevel driver if ports not found 2019-12-31 16:45:25 +01:00
pci PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info 2020-01-04 19:18:00 +01:00
pcmcia Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
perf Merge branches 'for-next/52-bit-kva', 'for-next/cpu-topology', 'for-next/error-injection', 'for-next/perf', 'for-next/psci-cpuidle', 'for-next/rng', 'for-next/smpboot', 'for-next/tbi' and 'for-next/tlbi' into for-next/core 2019-08-30 12:46:12 +01:00
phy phy: qcom-usb-hs: Fix extcon double register after power cycle 2019-12-31 16:44:29 +01:00
pinctrl pinctrl: baytrail: Really serialize all register accesses 2019-12-31 16:46:12 +01:00
platform platform/x86: intel_pmc_core: Add Comet Lake (CML) platform support to intel_pmc_core driver 2020-01-04 19:18:19 +01:00
pnp
power power: supply: cpcap-battery: Check voltage before orderly_poweroff 2019-12-31 16:44:12 +01:00
powercap Power management updates for 5.4-rc1 2019-09-17 19:15:14 -07:00
pps
ps3
ptp ptp: Introduce strict checking of external time stamp options. 2019-11-15 12:48:32 -08:00
pwm pwm: bcm-iproc: Prevent unloading the driver module while in use 2019-11-08 18:38:06 +01:00
rapidio
ras
regulator regulator: core: Let boot-on regulators be powered off 2019-12-31 16:45:32 +01:00
remoteproc remoteproc updates for v5.4 2019-09-22 10:55:08 -07:00
reset reset: fix of_reset_control_get_count kerneldoc comment 2019-10-24 10:26:33 +02:00
rpmsg rpmsg: glink: Free pending deferred work on remove 2019-12-21 11:04:41 +01:00
rtc rtc: disable uie before setting time and enable after 2019-12-17 19:56:52 +01:00
s390 s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR 2020-01-04 19:18:27 +01:00
sbus
scsi scsi: iscsi: Don't send data to unbound connection 2020-01-04 19:18:17 +01:00
sfi
sh
siox
slimbus
soc soc: mediatek: cmdq: fixup wrong input order of write api 2019-12-13 08:42:40 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:45:11 +01:00
spi spi: fsl: use platform_get_irq() instead of of_irq_to_resource() 2019-12-31 16:46:06 +01:00
spmi
ssb ssb: make array pwr_info_offset static const, makes object smaller 2019-09-13 17:23:18 +03:00
staging staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value 2019-12-31 16:46:10 +01:00
target scsi: target: iscsi: Wait for all commands to finish before freeing a session 2020-01-04 19:18:17 +01:00
tc
tee tee/shm: untag user pointers in tee_shm_register 2019-09-25 17:51:41 -07:00
thermal thermal: Fix deadlock in thermal thermal_zone_device_check 2019-12-13 08:43:21 +01:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-12-04 22:30:50 +01:00
tty serial: sprd: Add clearing break interrupt operation 2019-12-31 16:46:11 +01:00
uio Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
usb USB: EHCI: Do not return -EPIPE when hub is disconnected 2019-12-31 16:46:07 +01:00
vfio vfio/pci: call irq_bypass_unregister_producer() before freeing irq 2019-12-21 11:04:48 +01:00
vhost vringh: fix copy direction of vringh_iov_push_kern() 2019-10-28 04:25:04 -04:00
video video/hdmi: Fix AVI bar unpack 2019-12-17 19:56:42 +01:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-10-10 14:50:32 +02:00
virtio virtio-balloon: fix managed page counts when migrating pages between zones 2019-12-17 19:55:56 +01:00
visorbus
vlynq
vme
w1 w1: ds250x: Fix build error without CRC16 2019-10-10 15:35:41 +02:00
watchdog watchdog: Fix the race between the release of watchdog_core_data and cdev 2020-01-04 19:18:14 +01:00
xen xen/gntdev: Use select for DMA_SHARED_BUFFER 2019-12-31 16:45:01 +01:00
zorro
Kconfig Staging/IIO driver patches for 5.4-rc1 2019-09-18 11:05:34 -07:00
Makefile Staging/IIO driver patches for 5.4-rc1 2019-09-18 11:05:34 -07:00