linux/net/sctp
Chengfeng Ye 1fba2510b5 sctp: fix potential deadlock on &net->sctp.addr_wq_lock
[ Upstream commit 6feb37b3b0 ]

As &net->sctp.addr_wq_lock is also acquired by the timer
sctp_addr_wq_timeout_handler() in protocal.c, the same lock acquisition
at sctp_auto_asconf_init() seems should disable irq since it is called
from sctp_accept() under process context.

Possible deadlock scenario:
sctp_accept()
    -> sctp_sock_migrate()
    -> sctp_auto_asconf_init()
    -> spin_lock(&net->sctp.addr_wq_lock)
        <timer interrupt>
        -> sctp_addr_wq_timeout_handler()
        -> spin_lock_bh(&net->sctp.addr_wq_lock); (deadlock here)

This flaw was found using an experimental static analysis tool we are
developing for irq-related deadlock.

The tentative patch fix the potential deadlock by spin_lock_bh().

Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Fixes: 34e5b01186 ("sctp: delay auto_asconf init until binding the first addr")
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/20230627120340.19432-1-dg573847474@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-07-23 13:47:27 +02:00
..
associola.c sctp: leave the err path free in sctp_stream_init to sctp_stream_free 2022-08-03 12:03:54 +02:00
auth.c sctp: handle the error returned from sctp_auth_asoc_init_active_key 2022-10-26 12:34:48 +02:00
bind_addr.c sctp: fail if no bound addresses can be used for a given scope 2023-02-01 08:27:27 +01:00
chunk.c
debug.c sctp: add the probe timer in transport for PLPMTUD 2021-06-22 11:28:52 -07:00
diag.c sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list 2023-02-22 12:57:08 +01:00
endpointola.c sctp: use call_rcu to free endpoint 2022-01-05 12:42:35 +01:00
input.c sctp: read sk->sk_bound_dev_if once in sctp_rcv() 2022-06-09 10:22:59 +02:00
inqueue.c
ipv6.c sctp: delete addr based on sin6_scope_id 2021-07-26 12:34:03 +01:00
Kconfig sctp: create udp4 sock and add its encap_rcv 2020-10-30 15:23:52 -07:00
Makefile
objcnt.c
offload.c sctp: remove the NETIF_F_SG flag before calling skb_segment 2021-01-16 19:05:59 -08:00
output.c sctp: allow IP fragmentation when PLPMTUD enters Error state 2021-11-18 19:16:43 +01:00
outqueue.c sctp: clear out_curr if all frag chunks of current msg are pruned 2022-12-02 17:40:59 +01:00
primitive.c
proc.c net: fix iteration for sctp transport seq_files 2021-02-08 10:15:49 -08:00
protocol.c ip: Fix data-races around sysctl_ip_nonlocal_bind. 2022-07-29 17:25:13 +02:00
sm_make_chunk.c sctp: account stream padding length for reconf chunk 2021-10-14 07:15:22 -07:00
sm_sideeffect.c sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2022-05-09 09:14:35 +02:00
sm_statefuns.c sctp: fix an error code in sctp_sf_eat_auth() 2023-06-21 15:59:17 +02:00
sm_statetable.c sctp: add the probe timer in transport for PLPMTUD 2021-06-22 11:28:52 -07:00
socket.c sctp: fix potential deadlock on &net->sctp.addr_wq_lock 2023-07-23 13:47:27 +02:00
stream_interleave.c sctp: fix a potential overflow in sctp_ifwdtsn_skip 2023-04-20 12:13:53 +02:00
stream_sched_prio.c sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:57:28 +01:00
stream_sched_rr.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-12-08 11:28:41 +01:00
stream_sched.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-12-08 11:28:41 +01:00
stream.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-12-08 11:28:41 +01:00
sysctl.c sctp: sysctl: make extra pointers netns aware 2022-12-31 13:14:20 +01:00
transport.c sctp: fix an issue that plpmtu can never go to complete state 2023-05-30 13:55:33 +01:00
tsnmap.c net: sctp: trivial: fix typo in comment 2021-03-04 13:48:32 -08:00
ulpevent.c
ulpqueue.c