net:rds: Fix possible deadlock in rds_message_put (f1acf1ac) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit f1acf1ac authored Feb 08, 2024 by

Allison Henderson Committed by Paolo Abeni Feb 13, 2024

net:rds: Fix possible deadlock in rds_message_put

Functions rds_still_queued and rds_clear_recv_queue lock a given socket
in order to safely iterate over the incoming rds messages. However
calling rds_inc_put while under this lock creates a potential deadlock.
rds_inc_put may eventually call rds_message_purge, which will lock
m_rs_lock. This is the incorrect locking order since m_rs_lock is
meant to be locked before the socket. To fix this, we move the message
item to a local list or variable that wont need rs_recv_lock protection.
Then we can safely call rds_inc_put on any item stored locally after
rs_recv_lock is released.

Fixes: bdbe6fbc

 ("RDS: recv.c")
Reported-by:  <syzbot+f9db6ff27b9bfdcfeca0@syzkaller.appspotmail.com>
Reported-by:  <syzbot+dcd73ff9291e6d34b3ab@syzkaller.appspotmail.com>
Signed-off-by: Allison Henderson <allison.henderson@oracle.com>
Link: https://lore.kernel.org/r/20240209022854.200292-1-allison.henderson@oracle.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

parent 9f308313

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 6cee13d8
· Aug 23, 2024

mentioned in commit 6cee13d8

mentioned in commit 6cee13d8d4e0831bd8e89dcdc0bf6f86c92f3fc2

Toggle commit list

Please register or to comment