mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-23 19:11:51 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/tipc
History
Chengfeng Ye 143e72757a tipc: fix a potential deadlock on &tx->lock 
[ Upstream commit 08e50cf071 ]

It seems that tipc_crypto_key_revoke() could be be invoked by
wokequeue tipc_crypto_work_rx() under process context and
timer/rx callback under softirq context, thus the lock acquisition
on &tx->lock seems better use spin_lock_bh() to prevent possible
deadlock.

This flaw was found by an experimental static analysis tool I am
developing for irq-related deadlock.

tipc_crypto_work_rx() <workqueue>
--> tipc_crypto_key_distr()
--> tipc_bcast_xmit()
--> tipc_bcbase_xmit()
--> tipc_bearer_bc_xmit()
--> tipc_crypto_xmit()
--> tipc_ehdr_build()
--> tipc_crypto_key_revoke()
--> spin_lock(&tx->lock)
<timer interrupt>
   --> tipc_disc_timeout()
   --> tipc_bearer_xmit_skb()
   --> tipc_crypto_xmit()
   --> tipc_ehdr_build()
   --> tipc_crypto_key_revoke()
   --> spin_lock(&tx->lock) <deadlock here>

Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Fixes: fc1b6d6de2 ("tipc: introduce TIPC encryption & authentication")
Link: https://lore.kernel.org/r/20230927181414.59928-1-dg573847474@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-10-10 22:00:43 +02:00
..
addr.c
addr.h
bcast.c
bcast.h
bearer.c net: tipc: resize nlattr array to correct size 2023-06-21 16:01:02 +02:00
bearer.h tipc: add tipc_bearer_min_mtu to calculate min mtu 2023-05-24 17:32:45 +01:00
core.c tipc: fix use-after-free Read in tipc_named_reinit 2022-06-17 11:39:10 +01:00
core.h
crypto.c tipc: fix a potential deadlock on &tx->lock 2023-10-10 22:00:43 +02:00
crypto.h
diag.c
discover.c tipc: check skb_linearize() return value in tipc_disc_rcv() 2022-11-21 20:50:24 -08:00
discover.h
eth_media.c tipc: constify dev_addr passing 2021-10-13 09:40:46 -07:00
group.c
group.h
ib_media.c tipc: constify dev_addr passing 2021-10-13 09:40:46 -07:00
Kconfig
link.c tipc: do not update mtu if msg_max is too small in mtu negotiation 2023-05-24 17:32:46 +01:00
link.h
Makefile
monitor.c tipc: fix shift wrapping bug in map_get() 2022-09-02 12:26:29 +01:00
monitor.h
msg.c net: tipc: replace align() with ALIGN in msg.c 2021-06-28 13:31:57 -07:00
msg.h net: tipc: remove unused static inlines 2022-01-27 13:53:27 +00:00
name_distr.c net/tipc: Remove unused struct distr_queue_item 2022-09-29 18:48:32 -07:00
name_distr.h
name_table.c tipc: cleanup unused function 2022-06-17 11:43:57 +01:00
name_table.h tipc: cleanup unused function 2022-06-17 11:43:57 +01:00
net.c
net.h
netlink.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netlink.h
netlink_compat.c tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header 2022-11-07 19:53:40 -08:00
node.c tipc: stop tipc crypto on failure in tipc_node_create 2023-08-03 10:24:02 +02:00
node.h
socket.c net: deal with most data-races in sk_wait_event() 2023-05-24 17:32:32 +01:00
socket.h
subscr.c
subscr.h
sysctl.c
topsrv.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
topsrv.h
trace.c
trace.h
udp_media.c tipc: add tipc_bearer_min_mtu to calculate min mtu 2023-05-24 17:32:45 +01:00
udp_media.h