linux-yocto

mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00

History

Kuniyuki Iwashima 1971d13ffa af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). syzbot reported a lockdep splat regarding unix_gc_lock and unix_state_lock(). One is called from recvmsg() for a connected socket, and another is called from GC for TCP_LISTEN socket. So, the splat is false-positive. Let's add a dedicated lock class for the latter to suppress the splat. Note that this change is not necessary for net-next.git as the issue is only applied to the old GC impl. [0]: WARNING: possible circular locking dependency detected 6.9.0-rc5-syzkaller-00007-g4d2008430ce8 #0 Not tainted ----------------------------------------------------- kworker/u8:1/11 is trying to acquire lock: ffff88807cea4e70 (&u->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff88807cea4e70 (&u->lock){+.+.}-{2:2}, at: __unix_gc+0x40e/0xf70 net/unix/garbage.c:302 but task is already holding lock: ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: __unix_gc+0x117/0xf70 net/unix/garbage.c:261 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (unix_gc_lock){+.+.}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] unix_notinflight+0x13d/0x390 net/unix/garbage.c:140 unix_detach_fds net/unix/af_unix.c:1819 [inline] unix_destruct_scm+0x221/0x350 net/unix/af_unix.c:1876 skb_release_head_state+0x100/0x250 net/core/skbuff.c:1188 skb_release_all net/core/skbuff.c:1200 [inline] __kfree_skb net/core/skbuff.c:1216 [inline] kfree_skb_reason+0x16d/0x3b0 net/core/skbuff.c:1252 kfree_skb include/linux/skbuff.h:1262 [inline] manage_oob net/unix/af_unix.c:2672 [inline] unix_stream_read_generic+0x1125/0x2700 net/unix/af_unix.c:2749 unix_stream_splice_read+0x239/0x320 net/unix/af_unix.c:2981 do_splice_read fs/splice.c:985 [inline] splice_file_to_pipe+0x299/0x500 fs/splice.c:1295 do_splice+0xf2d/0x1880 fs/splice.c:1379 __do_splice fs/splice.c:1436 [inline] __do_sys_splice fs/splice.c:1652 [inline] __se_sys_splice+0x331/0x4a0 fs/splice.c:1634 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&u->lock){+.+.}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __unix_gc+0x40e/0xf70 net/unix/garbage.c:302 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(unix_gc_lock); lock(&u->lock); lock(unix_gc_lock); lock(&u->lock); * DEADLOCK * 3 locks held by kworker/u8:1/11: #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x17c0 kernel/workqueue.c:3335 #1: ffffc90000107d00 (unix_gc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline] #1: ffffc90000107d00 (unix_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x17c0 kernel/workqueue.c:3335 #2: ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #2: ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: __unix_gc+0x117/0xf70 net/unix/garbage.c:261 stack backtrace: CPU: 0 PID: 11 Comm: kworker/u8:1 Not tainted 6.9.0-rc5-syzkaller-00007-g4d2008430ce8 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events_unbound __unix_gc Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187 check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __unix_gc+0x40e/0xf70 net/unix/garbage.c:302 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Fixes: `47d8ac011f` ("af_unix: Fix garbage collector racing against connect()") Reported-and-tested-by: syzbot+fa379358c28cc87cc307@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fa379358c28cc87cc307 Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://lore.kernel.org/r/20240424170443.9832-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2024-04-25 08:37:02 -07:00
..
9p
bluetooth	Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE	2024-04-24 16:26:11 -04:00
caif
iucv	s390/iucv: use new address translation helpers	2024-03-13 09:23:48 +01:00
mana	net: mana: Fix Rx DMA datasize and skb_over_panic	2024-04-03 19:32:03 -07:00
netfilter	netfilter: flowtable: validate pppoe header	2024-04-11 12:13:11 +02:00
netns	net: Namespace-ify sysctl_optmem_max	2023-12-15 11:01:27 +00:00
nfc	nfc: core: make nfc_class constant	2024-03-05 11:21:18 -08:00
page_pool	net: page_pool: fix recycle stats for system page_pool allocator	2024-02-19 12:30:27 -08:00
phonet
sctp	sctp: preserve const qualifier in sctp_sk()	2024-02-05 11:08:06 +00:00
tc_act	net/sched: Retire ipt action	2024-01-02 12:41:16 +00:00
6lowpan.h
act_api.h	net/sched: Add helper macros with module names	2024-02-02 10:57:55 -08:00
addrconf.h	ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr	2024-04-09 17:09:05 -07:00
af_ieee802154.h
af_rxrpc.h	rxrpc, afs: Allow afs to pin rxrpc_peer objects	2023-12-24 15:22:50 +00:00
af_unix.h	af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().	2024-04-25 08:37:02 -07:00
af_vsock.h	virtio/vsock: send credit update during setting SO_RCVLOWAT	2023-12-15 10:37:35 +00:00
ah.h
amt.h
arp.h
atmclip.h
ax25.h
ax88796.h
bareudp.h
bond_3ad.h	bonding: Add independent control state machine	2024-02-06 13:17:54 +01:00
bond_alb.h
bond_options.h	bonding: Add independent control state machine	2024-02-06 13:17:54 +01:00
bonding.h	bonding: Add independent control state machine	2024-02-06 13:17:54 +01:00
bpf_sk_storage.h
busy_poll.h	net: add napi_busy_loop_rcu()	2024-02-09 10:01:09 -08:00
calipso.h
cfg80211-wext.h
cfg80211.h	wifi: cfg80211: add a flag to disable wireless extensions	2024-03-25 15:23:06 +01:00
cfg802154.h	mac802154: fix llsec key resources release in mac802154_llsec_key_del	2024-03-06 21:01:26 +01:00
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h	devlink: convert most of devlink_fmsg_*() to return void	2023-10-20 11:34:51 +01:00
dropreason-core.h	tcp: introduce dropreasons in receive path	2024-02-28 10:39:21 +00:00
dropreason.h
dsa_stubs.h	net: dsa: Use conduit and user terms	2023-10-24 13:08:14 -07:00
dsa.h	ethtool: replace struct ethtool_eee with a new struct ethtool_keee on kernel side	2024-01-31 12:30:47 +00:00
dsfield.h
dst_cache.h
dst_metadata.h
dst_ops.h
dst.h	net: dst: Make dst_destroy() static and return void.	2024-02-06 11:45:53 +01:00
eee.h	net: add helpers for EEE configuration	2024-03-05 19:21:17 -08:00
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h	fib: remove unnecessary input parameters in fib_default_rule_add	2024-01-03 16:42:48 -08:00
firewire.h
flow_dissector.h
flow_offload.h	flow_offload: Annotate struct flow_action_entry with __counted_by	2023-10-06 11:37:02 +01:00
flow.h	inet: shrink struct flowi_common	2023-11-02 09:31:02 +01:00
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h
genetlink.h	genetlink: make info in GENL_REQ_ATTR_CHECK() const	2024-02-23 18:17:36 -08:00
geneve.h
gre.h
gro_cells.h
gro.h	net: gro: move two declarations to include/net/gro.h	2024-03-11 14:13:14 -07:00
gso.h
gtp.h
gue.h
handshake.h
hotdata.h	net: move rps_sock_flow_table to net_hotdata	2024-03-07 21:12:43 -08:00
hwbm.h
icmp.h
ieee80211_radiotap.h	wifi: radiotap: add bandwidth definition of EHT U-SIG	2023-10-12 15:14:27 +03:00
ieee802154_netdev.h	mac802154: Handle association requests from peers	2023-11-20 11:43:03 +01:00
if_inet6.h	ipv6: anycast: complete RCU handling of struct ifacaddr6	2024-02-26 18:40:34 -08:00
ife.h
inet_common.h
inet_connection_sock.h	tcp: properly terminate timers for kernel sockets	2024-03-25 19:51:57 -07:00
inet_dscp.h
inet_ecn.h
inet_frag.h
inet_hashtables.h	tcp: Remove dead code and fields for bhash2.	2023-12-22 22:15:35 +00:00
inet_sock.h	inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT	2024-03-06 12:37:06 +00:00
inet_timewait_sock.h	tcp: Remove dead code and fields for bhash2.	2023-12-22 22:15:35 +00:00
inet6_connection_sock.h
inet6_hashtables.h
inetpeer.h
ioam6.h	net: ioam6: multicast event	2024-02-28 11:19:41 +00:00
ip_fib.h	inet: allow ip_valid_fib_dump_req() to be called with RTNL or RCU	2024-02-26 11:46:12 +00:00
ip_tunnels.h	geneve: fix header validation in geneve[6]_xmit_skb	2024-04-08 11:51:04 +01:00
ip_vs.h
ip.h	ipmr: fix kernel panic when forwarding mcast packets	2024-01-26 21:05:26 -08:00
ip6_checksum.h
ip6_fib.h	net/ipv6: Remove expired routes with a separated list of routes.	2024-02-12 10:24:12 +00:00
ip6_route.h	ipv6: annotate data-races around cnf.mtu6	2024-03-01 08:42:31 +00:00
ip6_tunnel.h
ipcomp.h
ipconfig.h
ipv6_frag.h
ipv6_stubs.h	ipsec-next-2023-10-28	2023-10-30 14:36:57 -07:00
ipv6.h	ipv6: annotate data-races around cnf.forwarding	2024-03-01 08:42:31 +00:00
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h	llc: Drop support for ETH_P_TR_802_2.	2024-01-19 21:30:09 -08:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h	wifi: mac80211: don't use rate mask for scanning	2024-04-08 20:11:34 +02:00
mac802154.h
macsec.h	macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads	2024-04-25 08:20:54 -07:00
mctp.h	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2024-02-29 14:24:56 -08:00
mctpdevice.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mptcp.h
mrp.h
ncsi.h
ndisc.h
neighbour.h	neighbour: Fix __randomize_layout crash in struct neighbour	2023-11-28 12:18:29 +01:00
net_debug.h
net_failover.h
net_namespace.h	net: add exit_batch_rtnl() method	2024-02-07 18:55:10 -08:00
net_ratelimit.h
net_trackers.h
netdev_queues.h	netdev: add queue stat for alloc failures	2024-03-07 21:13:26 -08:00
netdev_rx_queue.h	net: Add queue and napi association	2023-12-04 18:04:05 -08:00
netevent.h
netkit.h	bpf, netkit: Add indirect call wrapper for fetching peer dev	2023-11-20 10:15:16 -08:00
netlabel.h	netlabel: cleanup struct netlbl_lsm_catmap	2024-02-07 12:38:30 +00:00
netlink.h	genetlink: introduce helpers to do filtered multicast	2023-12-19 15:31:40 +01:00
netmem.h	net: introduce abstraction for network memory	2024-02-20 09:22:58 +01:00
netprio_cgroup.h
netrom.h
nexthop.h	net: nexthop: Have all NH notifiers carry NH ID	2024-03-11 14:14:07 -07:00
nl802154.h	ieee802154: Give the user the association list	2023-11-20 11:43:45 +01:00
nsh.h
p8022.h
pie.h
ping.h
pkt_cls.h	net/sched: Add helper macros with module names	2024-02-02 10:57:55 -08:00
pkt_sched.h	net/sched: Add helper macros with module names	2024-02-02 10:57:55 -08:00
pptp.h
protocol.h	ipv6: move tcp_ipv6_hash_secret and udp_ipv6_hash_secret to net_hotdata	2024-03-07 21:12:43 -08:00
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h	wifi: cfg80211: save power spectral density(psd) of regulatory rule	2023-09-18 09:44:05 +02:00
request_sock.h	tcp: Clear req->syncookie in reqsk_alloc().	2024-03-19 19:35:59 -07:00
rose.h
route.h	ipv4: Set the routing scope properly in ip_route_output_ports().	2024-02-12 17:33:05 -08:00
rpl.h
rps.h	net: move rps_sock_flow_table to net_hotdata	2024-03-07 21:12:43 -08:00
rsi_91x.h
rtnetlink.h	rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag	2024-02-26 11:46:12 +00:00
rtnh.h
sch_generic.h	net/sched: Fix mirred deadlock on device recursion	2024-04-17 18:22:52 -07:00
scm.h	af_unix: Try to run GC async.	2024-01-26 20:34:25 -08:00
secure_seq.h
seg6_hmac.h
seg6_local.h
seg6.h
selftests.h
slhc_vj.h
smc.h	net/smc: manage system EID in SMC stack instead of ISM driver	2023-12-26 20:24:33 +00:00
snmp.h
sock_reuseport.h
sock.h	net: fix sk_memory_allocated_{add\|sub} vs softirqs	2024-04-23 19:02:24 -07:00
Space.h	net: appletalk: remove cops support	2023-10-04 11:49:20 -07:00
stp.h
strparser.h
switchdev.h	net: bridge: switchdev: Skip MDB replays of deferred events on offload	2024-02-16 09:36:37 +00:00
tc_wrapper.h	Merge branch 'x86/bugs' into x86/core, to pick up pending changes before dependent patches	2024-02-14 10:49:37 +01:00
tcp_ao.h	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2024-01-04 18:06:46 -08:00
tcp_states.h	tcp: Dump bound-only sockets in inet_diag.	2023-12-04 14:45:26 -08:00
tcp.h	tcp: make the dropreason really work when calling tcp_rcv_state_process()	2024-02-28 10:39:22 +00:00
tcx.h	bpf, tcx: Get rid of tcx_link_const	2023-10-23 15:01:53 -07:00
timewait_sock.h
tipc.h
tls_prot.h
tls_toe.h
tls.h	tls: fix lockless read of strp->msg_ready in ->poll	2024-04-25 08:32:37 -07:00
transp_v6.h
tso.h
tun_proto.h
udp_tunnel.h	ipv6: add new arguments to udp_tunnel6_dst_lookup()	2023-10-23 08:48:57 +01:00
udp.h
udplite.h	udplite: fix various data-races	2023-09-14 16:16:36 +02:00
vsock_addr.h
vxlan.h	vxlan: add support for flowlabel inherit	2023-11-16 22:33:31 +00:00
wext.h
x25.h
x25device.h
xdp_priv.h
xdp_sock_drv.h	xsk: fix usage of multi-buffer BPF helpers for ZC XDP	2024-01-24 16:24:06 -08:00
xdp_sock.h	xsk: Don't assume metadata is always requested in TX completion	2024-03-19 13:47:29 +01:00
xdp.h	net, xdp: Correct grammar	2023-12-14 16:38:59 +01:00
xfrm.h	xfrm: get global statistics from the offloaded device	2024-02-05 16:45:49 -08:00
xsk_buff_pool.h	xsk: add functions to fill control buffer	2023-12-13 16:16:40 -08:00