www.infradead.org Git - nvme.git/commit

author	Allison Henderson <allison.henderson@oracle.com>
	Fri, 9 Feb 2024 02:28:54 +0000 (19:28 -0700)
committer	Paolo Abeni <pabeni@redhat.com>
	Tue, 13 Feb 2024 09:25:30 +0000 (10:25 +0100)
commit	f1acf1ac84d2ae97b7889b87223c1064df850069
tree	494b780f4ed692eccf50eb7e9a136bb3e31f02a6	tree
parent	9f30831390ede02d9fcd54fd9ea5a585ab649f4a	commit \| diff

net:rds: Fix possible deadlock in rds_message_put

Functions rds_still_queued and rds_clear_recv_queue lock a given socket
in order to safely iterate over the incoming rds messages. However
calling rds_inc_put while under this lock creates a potential deadlock.
rds_inc_put may eventually call rds_message_purge, which will lock
m_rs_lock. This is the incorrect locking order since m_rs_lock is
meant to be locked before the socket. To fix this, we move the message
item to a local list or variable that wont need rs_recv_lock protection.
Then we can safely call rds_inc_put on any item stored locally after
rs_recv_lock is released.

Fixes: bdbe6fbc6a2f ("RDS: recv.c")
Reported-by: syzbot+f9db6ff27b9bfdcfeca0@syzkaller.appspotmail.com
Reported-by: syzbot+dcd73ff9291e6d34b3ab@syzkaller.appspotmail.com
Signed-off-by: Allison Henderson <allison.henderson@oracle.com>
Link: https://lore.kernel.org/r/20240209022854.200292-1-allison.henderson@oracle.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>