Patch "atm: solos-pci: Fix potential deadlock on &tx_queue_lock" has been added to the 4.14-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    atm: solos-pci: Fix potential deadlock on &tx_queue_lock

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     atm-solos-pci-fix-potential-deadlock-on-tx_queue_loc.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 506ffee3b36c8987083aa69a0155c2a9076ca7a8
Author: Chengfeng Ye <dg573847474@xxxxxxxxx>
Date:   Thu Dec 7 12:34:53 2023 +0000

    atm: solos-pci: Fix potential deadlock on &tx_queue_lock
    
    [ Upstream commit 15319a4e8ee4b098118591c6ccbd17237f841613 ]
    
    As &card->tx_queue_lock is acquired under softirq context along the
    following call chain from solos_bh(), other acquisition of the same
    lock inside process context should disable at least bh to avoid double
    lock.
    
    <deadlock #2>
    pclose()
    --> spin_lock(&card->tx_queue_lock)
    <interrupt>
       --> solos_bh()
       --> fpga_tx()
       --> spin_lock(&card->tx_queue_lock)
    
    This flaw was found by an experimental static analysis tool I am
    developing for irq-related deadlock.
    
    To prevent the potential deadlock, the patch uses spin_lock_bh()
    on &card->tx_queue_lock under process context code consistently to
    prevent the possible deadlock scenario.
    
    Fixes: 213e85d38912 ("solos-pci: clean up pclose() function")
    Signed-off-by: Chengfeng Ye <dg573847474@xxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
index 3a115c7f224fb..07a136cc20ab5 100644
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c
@@ -968,14 +968,14 @@ static void pclose(struct atm_vcc *vcc)
 	struct pkt_hdr *header;
 
 	/* Remove any yet-to-be-transmitted packets from the pending queue */
-	spin_lock(&card->tx_queue_lock);
+	spin_lock_bh(&card->tx_queue_lock);
 	skb_queue_walk_safe(&card->tx_queue[port], skb, tmpskb) {
 		if (SKB_CB(skb)->vcc == vcc) {
 			skb_unlink(skb, &card->tx_queue[port]);
 			solos_pop(vcc, skb);
 		}
 	}
-	spin_unlock(&card->tx_queue_lock);
+	spin_unlock_bh(&card->tx_queue_lock);
 
 	skb = alloc_skb(sizeof(*header), GFP_KERNEL);
 	if (!skb) {




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux