[rds-devel] [PATCH v4 1/1] net:rds: Fix possible deadlock in rds_message_put
Paolo Abeni
pabeni at redhat.com
Tue Feb 13 09:28:10 UTC 2024
On Thu, 2024-02-08 at 19:28 -0700, allison.henderson at oracle.com wrote:
> From: Allison Henderson <allison.henderson at oracle.com>
>
> Functions rds_still_queued and rds_clear_recv_queue lock a given socket
> in order to safely iterate over the incoming rds messages. However
> calling rds_inc_put while under this lock creates a potential deadlock.
> rds_inc_put may eventually call rds_message_purge, which will lock
> m_rs_lock. This is the incorrect locking order since m_rs_lock is
> meant to be locked before the socket. To fix this, we move the message
> item to a local list or variable that wont need rs_recv_lock protection.
> Then we can safely call rds_inc_put on any item stored locally after
> rs_recv_lock is released.
>
> Fixes: bdbe6fbc6a2f ("RDS: recv.c")
> Reported-by: syzbot+f9db6ff27b9bfdcfeca0 at syzkaller.appspotmail.com
> Reported-by: syzbot+dcd73ff9291e6d34b3ab at syzkaller.appspotmail.com
>
Note that you must avoid empty lines in the tag area. The patch LGTM,
I'll fix this while applying it, no additional actions required.
Cheers,
Paolo
More information about the rds-devel
mailing list