Re: [syzbot] possible deadlock in br_ioctl_call

From: Arnd Bergmann
Date: Mon Aug 02 2021 - 04:41:03 EST

Next message: Mike Galbraith: "Re: v5.14-rc3-rt1 losing wakeups?"
Previous message: Jiri Slaby: "Re: [PATCH 2/2] virtio-console: remove unnecessary kmemdup()"
In reply to: Nikolay Aleksandrov: "Re: [syzbot] possible deadlock in br_ioctl_call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 2, 2021 at 10:30 AM Nikolay Aleksandrov <nikolay@xxxxxxxxxx> wrote:
> On 01/08/2021 16:14, Hillf Danton wrote:
> > On Sun, 01 Aug 2021 03:34:24 -0700
> >> syzbot found the following issue on:
>
> Thanks, but it will need more work, the bridge ioctl calls were divided in two parts
> before: one was deviceless called by sock_ioctl and didn't expect rtnl to be held, the other was
> with a device called by dev_ifsioc() and expected rtnl to be held.
> Then ad2f99aedf8f ("net: bridge: move bridge ioctls out of .ndo_do_ioctl")
> united them in a single ioctl stub, but didn't take care of the locking expectations.
> For sock_ioctl now we acquire (1) br_ioctl_mutex, (2) rtnl and for dev_ifsioc we
> acquire (1) rtnl, (2) br_ioctl_mutex as the lockdep warning has demonstrated.

Right, sorry about causing problems here.

> That fix above can work if rtnl gets reacquired by the ioctl in the proper switch cases.
> To avoid playing even more locking games it'd probably be best to always acquire and
> release rtnl by the bridge ioctl which will need a bit more work.
>
> Arnd, should I take care of it?

That would be best I think. As you have already analyzed the problem and come
up with a possible solution, I'm sure you will get to a better fix
more quickly than
I would.

Thanks,

Arnd

Next message: Mike Galbraith: "Re: v5.14-rc3-rt1 losing wakeups?"
Previous message: Jiri Slaby: "Re: [PATCH 2/2] virtio-console: remove unnecessary kmemdup()"
In reply to: Nikolay Aleksandrov: "Re: [syzbot] possible deadlock in br_ioctl_call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]