On Thu, 2024-02-08 at 19:28 -0700, allison.henderson@xxxxxxxxxx wrote:
> From: Allison Henderson <allison.henderson@xxxxxxxxxx>
>
> Functions rds_still_queued and rds_clear_recv_queue lock a given socket
> in order to safely iterate over the incoming rds messages. However
> calling rds_inc_put while under this lock creates a potential deadlock.
> rds_inc_put may eventually call rds_message_purge, which will lock
> m_rs_lock. This is the incorrect locking order since m_rs_lock is
> meant to be locked before the socket. To fix this, we move the message
> item to a local list or variable that wont need rs_recv_lock protection.
> Then we can safely call rds_inc_put on any item stored locally after
> rs_recv_lock is released.
>
> Fixes: bdbe6fbc6a2f ("RDS: recv.c")
> Reported-by: syzbot+f9db6ff27b9bfdcfeca0@xxxxxxxxxxxxxxxxxxxxxxxxx
> Reported-by: syzbot+dcd73ff9291e6d34b3ab@xxxxxxxxxxxxxxxxxxxxxxxxx
>
Note that you must avoid empty lines in the tag area. The patch LGTM,
I'll fix this while applying it, no additional actions required.
Cheers,
Paolo
