Patch "Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bluetooth-rfcomm-fix-possible-deadlock-on-socket-shu.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 52990c1855a74086aaee681f18de1562d2e18767
Author: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Date:   Tue Sep 13 16:08:13 2022 -0700

    Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
    
    [ Upstream commit 812e92b824c1db16c9519f8624d48a9901a0d38f ]
    
    Due to change to switch to use lock_sock inside rfcomm_sk_state_change
    the socket shutdown/release procedure can cause a deadlock:
    
        rfcomm_sock_shutdown():
          lock_sock();
          __rfcomm_sock_close():
            rfcomm_dlc_close():
              __rfcomm_dlc_close():
                rfcomm_dlc_lock();
                rfcomm_sk_state_change():
                  lock_sock();
    
    To fix this when the call __rfcomm_sock_close is now done without
    holding the lock_sock since rfcomm_dlc_lock exists to protect
    the dlc data there is no need to use lock_sock in that code path.
    
    Link: https://lore.kernel.org/all/CAD+dNTsbuU4w+Y_P7o+VEN7BYCAbZuwZx2+tH+OTzCdcZF82YA@xxxxxxxxxxxxxx/
    Fixes: b7ce436a5d79 ("Bluetooth: switch to lock_sock in RFCOMM")
    Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 4bf4ea6cbb5e..21e24da4847f 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -902,7 +902,10 @@ static int rfcomm_sock_shutdown(struct socket *sock, int how)
 	lock_sock(sk);
 	if (!sk->sk_shutdown) {
 		sk->sk_shutdown = SHUTDOWN_MASK;
+
+		release_sock(sk);
 		__rfcomm_sock_close(sk);
+		lock_sock(sk);
 
 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
 		    !(current->flags & PF_EXITING))



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux