commit: cb0333eb392976ebff5a7d56008620f7c0862790 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Fri Oct 2 12:08:15 2015 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Fri Oct 2 12:08:15 2015 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=cb0333eb
inet: Patch to fix potential deadlock in reqsk_queue_unlink() 0000_README | 4 +++ 2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch | 32 ++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/0000_README b/0000_README index 46b8cb0..348e8f5 100644 --- a/0000_README +++ b/0000_README @@ -91,6 +91,10 @@ Patch: 1600_dm-crypt-limit-max-segment-size.patch From: https://bugzilla.kernel.org/show_bug.cgi?id=104421 Desc: dm crypt: constrain crypt device's max_segment_size to PAGE_SIZE. +Patch: 2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch +From: http://git.kernel.org/ +Desc: inet: Patch to fix potential deadlock in reqsk_queue_unlink() + Patch: 2700_ThinkPad-30-brightness-control-fix.patch From: Seth Forshee <[email protected]> Desc: ACPI: Disable Windows 8 compatibility for some Lenovo ThinkPads. diff --git a/2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch b/2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch new file mode 100644 index 0000000..890f5e5 --- /dev/null +++ b/2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch @@ -0,0 +1,32 @@ +From 83fccfc3940c4a2db90fd7e7079f5b465cd8c6af Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <[email protected]> +Date: Thu, 13 Aug 2015 15:44:51 -0700 +Subject: inet: fix potential deadlock in reqsk_queue_unlink() + +When replacing del_timer() with del_timer_sync(), I introduced +a deadlock condition : + +reqsk_queue_unlink() is called from inet_csk_reqsk_queue_drop() + +inet_csk_reqsk_queue_drop() can be called from many contexts, +one being the timer handler itself (reqsk_timer_handler()). + +In this case, del_timer_sync() loops forever. + +Simple fix is to test if timer is pending. + +Fixes: 2235f2ac75fd ("inet: fix races with reqsk timers") +Signed-off-by: Eric Dumazet <[email protected]> +Signed-off-by: David S. Miller <[email protected]> + +--- a/net/ipv4/inet_connection_sock.c 2015-10-02 07:49:42.759957268 -0400 ++++ b/net/ipv4/inet_connection_sock.c 2015-10-02 07:50:12.929957111 -0400 +@@ -584,7 +584,7 @@ static bool reqsk_queue_unlink(struct re + } + + spin_unlock(&queue->syn_wait_lock); +- if (del_timer_sync(&req->rsk_timer)) ++ if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer)) + reqsk_put(req); + return found; + }
