possible circular locking in kernfs_remove_by_name_ns/devinet_ioctl linux 6.0-rc3
Francesco Dolcini
francesco.dolcini at toradex.com
Thu Sep 1 12:25:27 PDT 2022
On Thu, Sep 01, 2022 at 02:21:29PM +0200, Francesco Dolcini wrote:
> [ 21.629186] ======================================================
> [ 21.635418] WARNING: possible circular locking dependency detected
> [ 21.641646] 6.0.0-rc3 #7 Not tainted
> [ 21.645256] ------------------------------------------------------
> [ 21.651480] connmand/542 is trying to acquire lock:
> [ 21.656399] c2ce1d70 (kn->active#9){++++}-{0:0}, at: kernfs_remove_by_name_ns+0x50/0xa0
> [ 21.664516]
> but task is already holding lock:
> [ 21.670394] c17af6e0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xc8/0x870
> [ 21.677441]
> which lock already depends on the new lock.
...
> [ 21.945318] Chain exists of:
> kn->active#9 --> udc_lock --> rtnl_mutex
>
> [ 21.954902] Possible unsafe locking scenario:
>
> [ 21.960865] CPU0 CPU1
> [ 21.965430] ---- ----
> [ 21.969994] lock(rtnl_mutex);
> [ 21.973174] lock(udc_lock);
> [ 21.978709] lock(rtnl_mutex);
> [ 21.984419] lock(kn->active#9);
> [ 21.987779]
> *** DEADLOCK ***
>
> [ 21.993745] 1 lock held by connmand/542:
> [ 21.997704] #0: c17af6e0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xc8/0x870
> [ 22.005191]
...
> I have not tried to bisect this yet, just probing if someone has already
> some idea on this.
Commit 2191c00855b0 ("USB: gadget: Fix use-after-free Read in usb_udc_uevent()")
introduced this, see
https://lore.kernel.org/all/20220901192204.GA2268599@francesco-nb.int.toradex.com/
Francesco
More information about the linux-arm-kernel
mailing list