0ad0e8b0cb
[ Upstream commit 6feb37b3b06e9049e20dcf7e23998f92c9c5be9a ]
As &net->sctp.addr_wq_lock is also acquired by the timer
sctp_addr_wq_timeout_handler() in protocal.c, the same lock acquisition
at sctp_auto_asconf_init() seems should disable irq since it is called
from sctp_accept() under process context.
Possible deadlock scenario:
sctp_accept()
-> sctp_sock_migrate()
-> sctp_auto_asconf_init()
-> spin_lock(&net->sctp.addr_wq_lock)
<timer interrupt>
-> sctp_addr_wq_timeout_handler()
-> spin_lock_bh(&net->sctp.addr_wq_lock); (deadlock here)
This flaw was found using an experimental static analysis tool we are
developing for irq-related deadlock.
The tentative patch fix the potential deadlock by spin_lock_bh().
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Fixes: 34e5b0118685 ("sctp: delay auto_asconf init until binding the first addr")
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/20230627120340.19432-1-dg573847474@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|---|---|---|
| .. | ||
| associola.c | ||
| auth.c | ||
| bind_addr.c | ||
| chunk.c | ||
| debug.c | ||
| diag.c | ||
| endpointola.c | ||
| input.c | ||
| inqueue.c | ||
| ipv6.c | ||
| Kconfig | ||
| Makefile | ||
| objcnt.c | ||
| offload.c | ||
| output.c | ||
| outqueue.c | ||
| primitive.c | ||
| proc.c | ||
| protocol.c | ||
| sm_make_chunk.c | ||
| sm_sideeffect.c | ||
| sm_statefuns.c | ||
| sm_statetable.c | ||
| socket.c | ||
| stream.c | ||
| stream_interleave.c | ||
| stream_sched.c | ||
| stream_sched_prio.c | ||
| stream_sched_rr.c | ||
| sysctl.c | ||
| transport.c | ||
| tsnmap.c | ||
| ulpevent.c | ||
| ulpqueue.c | ||