brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 15:26:21 +09:00
Code Issues Projects Releases Wiki Activity
4.9.x+fslc
linux-brain/net/tipc
History
Ying Xue e6e8067ec3 tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe 
[ Upstream commit 557d054c01 ]

Until now, tipc_nametbl_unsubscribe() is called at subscriptions
reference count cleanup. Usually the subscriptions cleanup is
called at subscription timeout or at subscription cancel or at
subscriber delete.

We have ignored the possibility of this being called from other
locations, which causes deadlock as we try to grab the
tn->nametbl_lock while holding it already.

   CPU1:                             CPU2:
----------                     ----------------
tipc_nametbl_publish
spin_lock_bh(&tn->nametbl_lock)
tipc_nametbl_insert_publ
tipc_nameseq_insert_publ
tipc_subscrp_report_overlap
tipc_subscrp_get
tipc_subscrp_send_event
                             tipc_close_conn
                             tipc_subscrb_release_cb
                             tipc_subscrb_delete
                             tipc_subscrp_put
tipc_subscrp_put
tipc_subscrp_kref_release
tipc_nametbl_unsubscribe
spin_lock_bh(&tn->nametbl_lock)
<<grab nametbl_lock again>>

   CPU1:                              CPU2:
----------                     ----------------
tipc_nametbl_stop
spin_lock_bh(&tn->nametbl_lock)
tipc_purge_publications
tipc_nameseq_remove_publ
tipc_subscrp_report_overlap
tipc_subscrp_get
tipc_subscrp_send_event
                             tipc_close_conn
                             tipc_subscrb_release_cb
                             tipc_subscrb_delete
                             tipc_subscrp_put
tipc_subscrp_put
tipc_subscrp_kref_release
tipc_nametbl_unsubscribe
spin_lock_bh(&tn->nametbl_lock)
<<grab nametbl_lock again>>

In this commit, we advance the calling of tipc_nametbl_unsubscribe()
from the refcount cleanup to the intended callers.

Fixes: d094c4d5f5 ("tipc: add subscription refcount to avoid invalid delete")
Reported-by: John Thompson <thompa.atl@gmail.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-25 14:23:39 +01:00
..
addr.c tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
addr.h tipc: introduce constants for tipc address validation 2016-07-26 14:26:42 -07:00
bcast.c tipc: fix broadcast link synchronization problem 2016-10-29 17:21:09 -04:00
bcast.h tipc: fix broadcast link synchronization problem 2016-10-29 17:21:09 -04:00
bearer.c tipc: check minimum bearer MTU 2016-12-02 14:03:20 -05:00
bearer.h tipc: check minimum bearer MTU 2016-12-02 14:03:20 -05:00
core.c tipc: add neighbor monitoring framework 2016-06-15 14:06:28 -07:00
core.h tipc: add neighbor monitoring framework 2016-06-15 14:06:28 -07:00
discover.c tipc: allocate user memory with GFP_KERNEL flag 2017-07-05 14:40:27 +02:00
discover.h tipc: eliminate buffer leak in bearer layer 2016-04-07 17:00:13 -04:00
eth_media.c tipc: make media address offset a common define 2015-02-27 18:18:48 -05:00
ib_media.c tipc: rename media/msg related definitions 2015-02-27 18:18:48 -05:00
Kconfig tipc: add ip/udp media type 2015-03-05 22:08:42 -05:00
link.c tipc: allocate user memory with GFP_KERNEL flag 2017-07-05 14:40:27 +02:00
link.h tipc: transfer broadcast nacks in link state messages 2016-09-02 17:10:24 -07:00
Makefile tipc: add neighbor monitoring framework 2016-06-15 14:06:28 -07:00
monitor.c tipc: improve sanity check for received domain records 2016-11-25 20:06:18 -05:00
monitor.h tipc: dump monitor attributes 2016-07-26 14:26:42 -07:00
msg.c tipc: use only positive error codes in messages 2017-10-12 11:51:23 +02:00
msg.h tipc: allocate user memory with GFP_KERNEL flag 2017-07-05 14:40:27 +02:00
name_distr.c tipc: allocate user memory with GFP_KERNEL flag 2017-07-05 14:40:27 +02:00
name_distr.h tipc: reduce code dependency between binding table and node layer 2015-11-20 14:06:10 -05:00
name_table.c tipc: move netlink policies to netlink.c 2016-03-07 14:56:41 -05:00
name_table.h tipc: convert legacy nl name table dump to nl compat 2015-02-09 13:20:48 -08:00
net.c tipc: Fix tipc_sk_reinit race conditions 2017-06-17 06:41:49 +02:00
net.h tipc: add peer removal functionality 2016-08-18 23:36:07 -07:00
netlink_compat.c tipc: fix use-after-free 2017-08-30 10:21:41 +02:00
netlink.c tipc: add UDP remoteip dump to netlink API 2016-08-26 21:38:41 -07:00
netlink.h tipc: make cluster size threshold for monitoring configurable 2016-07-26 14:26:42 -07:00
node.c tipc: fix nametbl_lock soft lockup at node/link events 2017-06-17 06:41:57 +02:00
node.h tipc: transfer broadcast nacks in link state messages 2016-09-02 17:10:24 -07:00
server.c tipc: fix memory leak in tipc_accept_from_sock() 2017-12-16 16:25:45 +01:00
server.h tipc: fix a race condition leading to subscriber refcnt bug 2016-04-14 16:46:46 -04:00
socket.c tipc: Fix tipc_sk_reinit race conditions 2017-06-17 06:41:49 +02:00
socket.h tipc: redesign connection-level flow control 2016-05-03 15:51:16 -04:00
subscr.c tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe 2017-12-25 14:23:39 +01:00
subscr.h tipc: add subscription refcount to avoid invalid delete 2017-06-17 06:41:57 +02:00
sysctl.c tipc: add name distributor resiliency queue 2014-09-01 17:51:48 -07:00
udp_media.c tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() 2017-12-16 16:25:46 +01:00
udp_media.h tipc: add UDP remoteip dump to netlink API 2016-08-26 21:38:41 -07:00