leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5c9934b676
linux/drivers
History
Eric Dumazet 5c9934b676 6pack,mkiss: fix possible deadlock 
We got another syzbot report [1] that tells us we must use
write_lock_irq()/write_unlock_irq() to avoid possible deadlock.

[1]

WARNING: inconsistent lock state
5.5.0-rc1-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-R} usage.
syz-executor826/9605 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffffff8a128718 (disc_data_lock){+-..}, at: sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
  __raw_write_lock_bh include/linux/rwlock_api_smp.h:203 [inline]
  _raw_write_lock_bh+0x33/0x50 kernel/locking/spinlock.c:319
  sixpack_close+0x1d/0x250 drivers/net/hamradio/6pack.c:657
  tty_ldisc_close.isra.0+0x119/0x1a0 drivers/tty/tty_ldisc.c:489
  tty_set_ldisc+0x230/0x6b0 drivers/tty/tty_ldisc.c:585
  tiocsetd drivers/tty/tty_io.c:2337 [inline]
  tty_ioctl+0xe8d/0x14f0 drivers/tty/tty_io.c:2597
  vfs_ioctl fs/ioctl.c:47 [inline]
  file_ioctl fs/ioctl.c:545 [inline]
  do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732
  ksys_ioctl+0xab/0xd0 fs/ioctl.c:749
  __do_sys_ioctl fs/ioctl.c:756 [inline]
  __se_sys_ioctl fs/ioctl.c:754 [inline]
  __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754
  do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 3946
hardirqs last  enabled at (3945): [<ffffffff87c86e43>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (3945): [<ffffffff87c86e43>] _raw_spin_unlock_irq+0x23/0x80 kernel/locking/spinlock.c:199
hardirqs last disabled at (3946): [<ffffffff8100675f>] trace_hardirqs_off_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:42
softirqs last  enabled at (2658): [<ffffffff86a8b4df>] spin_unlock_bh include/linux/spinlock.h:383 [inline]
softirqs last  enabled at (2658): [<ffffffff86a8b4df>] clusterip_netdev_event+0x46f/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:222
softirqs last disabled at (2656): [<ffffffff86a8b22b>] spin_lock_bh include/linux/spinlock.h:343 [inline]
softirqs last disabled at (2656): [<ffffffff86a8b22b>] clusterip_netdev_event+0x1bb/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:196

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(disc_data_lock);
  <Interrupt>
    lock(disc_data_lock);

 *** DEADLOCK ***

5 locks held by syz-executor826/9605:
 #0: ffff8880a905e198 (&tty->legacy_mutex){+.+.}, at: tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
 #1: ffffffff899a56c0 (rcu_read_lock){....}, at: mutex_spin_on_owner+0x0/0x330 kernel/locking/mutex.c:413
 #2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
 #2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x2d/0x1a0 drivers/tty/serial/8250/8250_core.c:116
 #3: ffffffff8c104048 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x24/0x330 drivers/tty/serial/8250/8250_port.c:1823
 #4: ffff8880a905e090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x22/0x90 drivers/tty/tty_ldisc.c:288

stack backtrace:
CPU: 1 PID: 9605 Comm: syz-executor826 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_usage_bug.cold+0x327/0x378 kernel/locking/lockdep.c:3101
 valid_state kernel/locking/lockdep.c:3112 [inline]
 mark_lock_irq kernel/locking/lockdep.c:3309 [inline]
 mark_lock+0xbb4/0x1220 kernel/locking/lockdep.c:3666
 mark_usage kernel/locking/lockdep.c:3554 [inline]
 __lock_acquire+0x1e55/0x4a00 kernel/locking/lockdep.c:3909
 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
 _raw_read_lock+0x32/0x50 kernel/locking/spinlock.c:223
 sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
 sixpack_write_wakeup+0x25/0x340 drivers/net/hamradio/6pack.c:402
 tty_wakeup+0xe9/0x120 drivers/tty/tty_io.c:536
 tty_port_default_wakeup+0x2b/0x40 drivers/tty/tty_port.c:50
 tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:387
 uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:104
 serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1761
 serial8250_handle_irq.part.0+0x2a2/0x330 drivers/tty/serial/8250/8250_port.c:1834
 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1820 [inline]
 serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1850
 serial8250_interrupt+0xf1/0x1a0 drivers/tty/serial/8250/8250_core.c:126
 __handle_irq_event_percpu+0x15d/0x970 kernel/irq/handle.c:149
 handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
 handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
 handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:830
 generic_handle_irq_desc include/linux/irqdesc.h:156 [inline]
 do_IRQ+0xde/0x280 arch/x86/kernel/irq.c:250
 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:607
 </IRQ>
RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:685 [inline]
RIP: 0010:mutex_spin_on_owner+0x247/0x330 kernel/locking/mutex.c:579
Code: c3 be 08 00 00 00 4c 89 e7 e8 e5 06 59 00 4c 89 e0 48 c1 e8 03 42 80 3c 38 00 0f 85 e1 00 00 00 49 8b 04 24 a8 01 75 96 f3 90 <e9> 2f fe ff ff 0f 0b e8 0d 19 09 00 84 c0 0f 85 ff fd ff ff 48 c7
RSP: 0018:ffffc90001eafa20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffd7
RAX: 0000000000000000 RBX: ffff88809fd9e0c0 RCX: 1ffffffff13266dd
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
RBP: ffffc90001eafa60 R08: 1ffff11013d22898 R09: ffffed1013d22899
R10: ffffed1013d22898 R11: ffff88809e9144c7 R12: ffff8880a905e138
R13: ffff88809e9144c0 R14: 0000000000000000 R15: dffffc0000000000
 mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
 __mutex_lock_common kernel/locking/mutex.c:962 [inline]
 __mutex_lock+0x32b/0x13c0 kernel/locking/mutex.c:1106
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1121
 tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
 tty_release+0xb5/0xe90 drivers/tty/tty_io.c:1665
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x8e7/0x2ef0 kernel/exit.c:797
 do_group_exit+0x135/0x360 kernel/exit.c:895
 __do_sys_exit_group kernel/exit.c:906 [inline]
 __se_sys_exit_group kernel/exit.c:904 [inline]
 __x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43fef8
Code: Bad RIP value.
RSP: 002b:00007ffdb07d2338 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043fef8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004bf730 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000

Fixes: 6e4e2f811b ("6pack,mkiss: fix lock inconsistency")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
2019-12-13 21:49:29 -08:00
..
accessibility
acpi Additional ACPI updates for 5.5-rc1 2019-12-04 10:56:35 -08:00
amba
android compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
ata pci-v5.5-changes 2019-12-03 13:58:22 -08:00
atm
auxdisplay auxdisplay: charlcd: deduplicate simple_strtoul() 2019-12-04 19:44:12 -08:00
base ARM: SoC-related driver updates 2019-12-05 11:43:31 -08:00
bcma
block xen: branch for v5.5-rc1 2019-12-07 14:49:20 -08:00
bluetooth Bluetooth: btbcm: Use the BDADDR_PROPERTY quirk 2019-11-22 13:35:20 +01:00
bus Few ti-sysc related fixes for v5.5 merge window 2019-12-06 08:26:50 -08:00
cdrom cdrom: respect device capabilities during opening action 2019-11-26 13:02:24 -07:00
char drm msm + fixes for 5.5-rc1 2019-12-06 10:28:09 -08:00
clk ARM: SoC platform updates 2019-12-05 11:38:40 -08:00
clocksource Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-12-03 12:20:25 -08:00
connector
counter
cpufreq cpufreq: tegra: Changes for v5.5-rc1 2019-12-06 08:28:13 -08:00
cpuidle cpuidle: minor Kconfig help text fixes 2019-11-29 11:49:32 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-12-02 17:23:21 -08:00
dax libnvdimm for 5.5 2019-12-01 18:43:25 -08:00
dca
devfreq PM / devfreq: Add missing locking while setting suspend_freq 2019-11-29 12:50:34 +01:00
dio
dma dmaengine: Fix Kconfig indentation 2019-11-22 11:16:26 +05:30
dma-buf compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
edac EDAC/altera: Use the Altera System Manager driver 2019-11-22 10:18:29 +01:00
eisa
extcon Char/Misc driver patches for 5.5-rc1 2019-11-27 10:53:50 -08:00
firewire FireWire (IEEE 1394) subsystem updates: 2019-12-02 14:13:00 -08:00
firmware ARM: SoC fixes 2019-12-06 14:19:37 -08:00
fpga
fsi
gnss
gpio gpio: pca953x: tighten up indentation 2019-12-04 19:44:14 -08:00
gpu drm msm + fixes for 5.5-rc1 2019-12-06 10:28:09 -08:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2019-12-01 18:20:54 -08:00
hsi
hv Merge branch 'akpm' (patches from Andrew) 2019-12-01 20:36:41 -08:00
hwmon compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
hwspinlock
hwtracing compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
i2c Merge branch 'i2c/for-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2019-12-01 18:29:36 -08:00
i3c
ide compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
idle cpuidle: Drop disabled field from struct cpuidle_state 2019-11-29 11:48:39 +01:00
iio chrome platform changes for v5.5 2019-12-03 14:37:12 -08:00
infiniband net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-04 12:27:13 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-12-07 18:33:01 -08:00
interconnect
iommu pci-v5.5-changes 2019-12-03 13:58:22 -08:00
ipack
irqchip pci-v5.5-changes 2019-12-03 13:58:22 -08:00
isdn compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
leds Merge tag 'leds-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds 2019-12-01 16:09:28 -08:00
lightnvm
macintosh powerpc updates for 5.5 2019-11-30 14:35:43 -08:00
mailbox mailbox changes for v5.5 2019-12-01 18:42:02 -08:00
mcb
md block: don't handle bio based drivers in blk_revalidate_disk_zones 2019-12-03 08:51:25 -07:00
media compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
memory memory: tegra: Fixes for v5.5-rc1 2019-12-06 08:28:51 -08:00
memstick pci-v5.5-changes 2019-12-03 13:58:22 -08:00
message
mfd chrome platform changes for v5.5 2019-12-03 14:37:12 -08:00
misc lib/genalloc.c: rename addr_in_gen_pool to gen_pool_has_addr 2019-12-04 19:44:13 -08:00
mmc Driver core patches for 5.5-rc1 2019-11-27 11:06:20 -08:00
mtd TTY/Serial patches for 5.5-rc1 2019-12-03 14:09:14 -08:00
mux
net 6pack,mkiss: fix possible deadlock 2019-12-13 21:49:29 -08:00
nfc NFC: nxp-nci: Fix probing without ACPI 2019-12-09 20:15:17 -08:00
ntb Add Hygon Device ID to the AMD NTB device driver 2019-12-07 18:38:17 -08:00
nubus
nvdimm libnvdimm for 5.5 2019-12-01 18:43:25 -08:00
nvme pci-v5.5-changes 2019-12-03 13:58:22 -08:00
nvmem ARM: SoC-related driver updates 2019-12-05 11:43:31 -08:00
of Devicetree updates for v5.5: 2019-12-02 11:41:35 -08:00
opp
oprofile Printk changes for 5.5 2019-11-25 19:40:40 -08:00
parisc
parport
pci pci-v5.5-changes 2019-12-03 13:58:22 -08:00
pcmcia pcmcia: remove unused dprintk definition 2019-11-22 07:03:45 +01:00
perf
phy ARM: SoC-related driver updates 2019-12-05 11:43:31 -08:00
pinctrl Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-12-03 09:29:50 -08:00
platform chrome platform changes for v5.5 2019-12-03 14:37:12 -08:00
pnp
power Additional power management updates for 5.5-rc1 2019-12-04 10:48:09 -08:00
powercap
pps
ps3
ptp ptp: clockmatrix: add I2C dependency 2019-12-13 15:42:09 -08:00
pwm pwm: Changes for v5.5-rc1 2019-12-05 11:28:14 -08:00
rapidio drivers/rapidio/rio-access.c: fix missing include of <linux/rio_drv.h> 2019-12-04 19:44:13 -08:00
ras
regulator Merge branch 'regulator-5.5' into regulator-next 2019-11-22 19:56:20 +00:00
remoteproc
reset ARM: SoC-related driver updates 2019-12-05 11:43:31 -08:00
rpmsg rpmsg updates for v5.5 2019-12-01 18:39:24 -08:00
rtc RTC for 5.5 2019-12-03 13:31:08 -08:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-08 13:28:11 -08:00
sbus
scsi SCSI misc on 20191207 2019-12-08 12:23:42 -08:00
sfi
sh
siox
slimbus
soc ARM: SoC fixes 2019-12-06 14:19:37 -08:00
soundwire
spi Merge branch 'spi-5.5' into spi-next 2019-11-22 19:56:35 +00:00
spmi
ssb
staging pci-v5.5-changes 2019-12-03 13:58:22 -08:00
target SCSI misc on 20191130 2019-12-02 13:37:02 -08:00
tc
tee Merge mainline/master into arm/fixes 2019-12-05 13:18:54 -08:00
thermal Merge branch 'thermal/next' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux 2019-12-05 11:21:24 -08:00
thunderbolt
tty TTY/Serial patches for 5.5-rc1 2019-12-03 14:09:14 -08:00
uio
usb usb, kcov: collect coverage from hub_event 2019-12-04 19:44:14 -08:00
vfio VFIO updates for v5.5-rc1 2019-12-07 14:51:04 -08:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-08 13:28:11 -08:00
video pci-v5.5-changes 2019-12-03 13:58:22 -08:00
virt compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
virtio
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.5-rc1 tag 2019-12-01 18:01:03 -08:00
xen xen: branch for v5.5-rc1 2019-12-07 14:49:20 -08:00
zorro
Kconfig
Makefile