mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-04 08:08:54 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Oleksij Rempel f09ce9d765 can: j1939: prevent deadlock by moving j1939_sk_errqueue() 
commit d1366b283d upstream.

This commit addresses a deadlock situation that can occur in certain
scenarios, such as when running data TP/ETP transfer and subscribing to
the error queue while receiving a net down event. The deadlock involves
locks in the following order:

3
  j1939_session_list_lock ->  active_session_list_lock
  j1939_session_activate
  ...
  j1939_sk_queue_activate_next -> sk_session_queue_lock
  ...
  j1939_xtp_rx_eoma_one

2
  j1939_sk_queue_drop_all  ->  sk_session_queue_lock
  ...
  j1939_sk_netdev_event_netdown -> j1939_socks_lock
  j1939_netdev_notify

1
  j1939_sk_errqueue -> j1939_socks_lock
  __j1939_session_cancel -> active_session_list_lock
  j1939_tp_rxtimer

       CPU0                    CPU1
       ----                    ----
  lock(&priv->active_session_list_lock);
                               lock(&jsk->sk_session_queue_lock);
                               lock(&priv->active_session_list_lock);
  lock(&priv->j1939_socks_lock);

The solution implemented in this commit is to move the
j1939_sk_errqueue() call out of the active_session_list_lock context,
thus preventing the deadlock situation.

Reported-by: syzbot+ee1cd780f69483a8616b@syzkaller.appspotmail.com
Fixes: 5b9272e93f ("can: j1939: extend UAPI to notify about RX status")
Co-developed-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/all/20230324130141.2132787-1-o.rempel@pengutronix.de
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-06 12:12:42 +02:00
..
6lowpan
9p net/9p: fix bug in client create for .L 2023-03-22 13:37:56 +01:00
802 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
8021q
appletalk
atm
ax25
batman-adv Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
bluetooth Bluetooth: Fix race condition in hci_cmd_sync_clear 2023-03-30 12:51:34 +02:00
bpf Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES" 2023-03-17 08:58:03 +01:00
bpfilter
bridge netfilter: ebtables: fix table blob use-after-free 2023-03-11 13:50:30 +01:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:57:54 +01:00
can can: j1939: prevent deadlock by moving j1939_sk_errqueue() 2023-04-06 12:12:42 +02:00
ceph Treewide: Stop corrupting socket's task_frag 2022-12-19 17:28:49 -08:00
core net: use indirect calls helpers for sk_exit_memory_pressure() 2023-03-17 08:57:53 +01:00
dcb
dccp dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. 2023-02-10 19:53:42 -08:00
dns_resolver
dsa net: dsa: sync unicast and multicast addresses for VLAN filters too 2023-04-06 12:12:39 +02:00
ethernet net: ethernet: use sysfs_emit() to instead of scnprintf() 2022-12-07 20:02:44 -08:00
ethtool Revert "Merge branch 'ethtool-mac-merge'" 2023-01-24 17:44:14 +01:00
hsr net: hsr: Don't log netdev_err message on unknown prp dst node 2023-04-06 12:12:28 +02:00
ieee802154 Merge tag 'ieee802154-for-net-next-2022-12-05' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next 2022-12-07 17:33:26 -08:00
ife
ipv4 erspan: do not use skb_mac_header() in ndo_start_xmit() 2023-03-30 12:51:20 +02:00
ipv6 erspan: do not use skb_mac_header() in ndo_start_xmit() 2023-03-30 12:51:20 +02:00
iucv net/iucv: Fix size of interrupt data 2023-03-22 13:37:53 +01:00
kcm
key af_key: Fix heap information leak 2023-02-13 09:30:14 +00:00
l2tp l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() 2023-03-10 09:28:24 +01:00
l3mdev
lapb
llc
mac80211 wifi: mac80211: check basic rates validity 2023-04-06 12:12:27 +02:00
mac802154 mac802154: Fix possible double free upon parsing error 2022-12-19 11:38:12 +01:00
mctp net: mctp: purge receive queues on sk destruction 2023-01-28 00:26:09 -08:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-15 10:26:37 +00:00
mptcp mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket() 2023-03-22 13:38:06 +01:00
ncsi net/ncsi: Silence runtime memcpy() false positive warning 2022-12-06 17:29:14 -08:00
netfilter netfilter: nft_redir: correct value of inet type .maxattrs 2023-03-22 13:37:44 +01:00
netlabel
netlink netlink: annotate data races around sk_state 2023-01-23 21:35:53 -08:00
netrom netrom: Fix use-after-free caused by accept on already connected socket 2023-01-30 07:30:47 +00:00
nfc nfc: change order inside nfc_se_io error path 2023-03-17 08:57:48 +01:00
nsh
openvswitch net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() 2023-02-13 09:38:25 +00:00
packet Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
phonet
psample
qrtr net: qrtr: free memory on error path in radix_tree_insert() 2023-01-28 00:21:32 -08:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-03-10 09:28:18 +01:00
rfkill
rose net/rose: Fix to not accept on connected socket 2023-01-28 00:19:57 -08:00
rxrpc rxrpc: Fix overwaking on call poking 2023-03-10 09:28:17 +01:00
sched act_mirred: use the backlog for nested calls to mirred ingress 2023-03-30 12:51:31 +02:00
sctp sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:50:31 +01:00
smc net/smc: fix deadlock triggered by cancel_delayed_work_syn() 2023-03-22 13:37:49 +01:00
strparser
sunrpc SUNRPC: fix shutdown of NFS TCP client socket 2023-04-06 12:12:33 +02:00
switchdev
tipc tipc: fix kernel warning when sending SYN message 2023-02-14 20:46:24 -08:00
tls net: tls: fix device-offloaded sendpage straddling records 2023-03-17 08:57:57 +01:00
unix af_unix: fix struct pid leaks in OOB support 2023-03-17 08:57:59 +01:00
vmw_vsock Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
wireless wifi: cfg80211: fix MLO connection ownership 2023-03-22 13:37:45 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-01-25 09:51:04 +00:00
xdp xsk: Add missing overflow check in xdp_umem_reg 2023-03-30 12:50:52 +02:00
xfrm xfrm: Zero padding when dumping algos and encap 2023-04-06 12:12:24 +02:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c net: avoid double iput when sock_alloc_file fails 2023-03-10 09:29:57 +01:00
sysctl_net.c