• Amerigo Wang's avatar
    ipv6,mcast: always hold idev->lock before mca_lock · 36bddbad
    Amerigo Wang authored
    [ Upstream commit 8965779d, with
      some bits from commit b7b1bfce
      ("ipv6: split duplicate address detection and router solicitation timer")
      to get the __ipv6_get_lladdr() used by this patch. ]
    
    dingtianhong reported the following deadlock detected by lockdep:
    
     ======================================================
     [ INFO: possible circular locking dependency detected ]
     3.4.24.05-0.1-default #1 Not tainted
     -------------------------------------------------------
     ksoftirqd/0/3 is trying to acquire lock:
      (&ndev->lock){+.+...}, at: [<ffffffff8147f804>] ipv6_get_lladdr+0x74/0x120
    
     but task is already holding lock:
      (&mc->mca_lock){+.+...}, at: [<ffffffff8149d130>] mld_send_report+0x40/0x150
    
     which lock already depends on the new lock.
    
     the existing dependency chain (in reverse order) is:
    
     -> #1 (&mc->mca_lock){+.+...}:
            [<ffffffff810a8027>] validate_chain+0x637/0x730
            [<ffffffff810a8417>] __lock_acquire+0x2f7/0x500
            [<ffffffff810a8734>] lock_acquire+0x114/0x150
            [<ffffffff814f691a>] rt_spin_lock+0x4a/0x60
            [<ffffffff8149e4bb>] igmp6_group_added+0x3b/0x120
            [<ffffffff8149e5d8>] ipv6_mc_up+0x38/0x60
            [<ffffffff81480a4d>] ipv6_find_idev+0x3d/0x80
            [<ffffffff81483175>] addrconf_notify+0x3d5/0x4b0
            [<ffffffff814fae3f>] notifier_call_chain+0x3f/0x80
            [<ffffffff81073471>] raw_notifier_call_chain+0x11/0x20
            [<ffffffff813d8722>] call_netdevice_notifiers+0x32/0x60
            [<ffffffff813d92d4>] __dev_notify_flags+0x34/0x80
            [<ffffffff813d9360>] dev_change_flags+0x40/0x70
            [<ffffffff813ea627>] do_setlink+0x237/0x8a0
            [<ffffffff813ebb6c>] rtnl_newlink+0x3ec/0x600
            [<ffffffff813eb4d0>] rtnetlink_rcv_msg+0x160/0x310
            [<ffffffff814040b9>] netlink_rcv_skb+0x89/0xb0
            [<ffffffff813eb357>] rtnetlink_rcv+0x27/0x40
            [<ffffffff81403e20>] netlink_unicast+0x140/0x180
            [<ffffffff81404a9e>] netlink_sendmsg+0x33e/0x380
            [<ffffffff813c4252>] sock_sendmsg+0x112/0x130
            [<ffffffff813c537e>] __sys_sendmsg+0x44e/0x460
            [<ffffffff813c5544>] sys_sendmsg+0x44/0x70
            [<ffffffff814feab9>] system_call_fastpath+0x16/0x1b
    
     -> #0 (&ndev->lock){+.+...}:
            [<ffffffff810a798e>] check_prev_add+0x3de/0x440
            [<ffffffff810a8027>] validate_chain+0x637/0x730
            [<ffffffff810a8417>] __lock_acquire+0x2f7/0x500
            [<ffffffff810a8734>] lock_acquire+0x114/0x150
            [<ffffffff814f6c82>] rt_read_lock+0x42/0x60
            [<ffffffff8147f804>] ipv6_get_lladdr+0x74/0x120
            [<ffffffff8149b036>] mld_newpack+0xb6/0x160
            [<ffffffff8149b18b>] add_grhead+0xab/0xc0
            [<ffffffff8149d03b>] add_grec+0x3ab/0x460
            [<ffffffff8149d14a>] mld_send_report+0x5a/0x150
            [<ffffffff8149f99e>] igmp6_timer_handler+0x4e/0xb0
            [<ffffffff8105705a>] call_timer_fn+0xca/0x1d0
            [<ffffffff81057b9f>] run_timer_softirq+0x1df/0x2e0
            [<ffffffff8104e8c7>] handle_pending_softirqs+0xf7/0x1f0
            [<ffffffff8104ea3b>] __do_softirq_common+0x7b/0xf0
            [<ffffffff8104f07f>] __thread_do_softirq+0x1af/0x210
            [<ffffffff8104f1c1>] run_ksoftirqd+0xe1/0x1f0
            [<ffffffff8106c7de>] kthread+0xae/0xc0
            [<ffffffff814fff74>] kernel_thread_helper+0x4/0x10
    
    actually we can just hold idev->lock before taking pmc->mca_lock,
    and avoid taking idev->lock again when iterating idev->addr_list,
    since the upper callers of mld_newpack() already take
    read_lock_bh(&idev->lock).
    Reported-by: default avatardingtianhong <dingtianhong@huawei.com>
    Cc: dingtianhong <dingtianhong@huawei.com>
    Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
    Tested-by: default avatarDing Tianhong <dingtianhong@huawei.com>
    Tested-by: default avatarChen Weilong <chenweilong@huawei.com>
    Signed-off-by: default avatarCong Wang <amwang@redhat.com>
    Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    36bddbad
addrconf.h 9.55 KB