Commit 1b0df11f authored by Daniel Jordan's avatar Daniel Jordan Committed by Herbert Xu

padata: fix possible padata_works_lock deadlock

syzbot reports,

  WARNING: inconsistent lock state
  5.9.0-rc2-syzkaller #0 Not tainted
  --------------------------------
  inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
  syz-executor.0/26715 takes:
  (padata_works_lock){+.?.}-{2:2}, at: padata_do_parallel kernel/padata.c:220
  {IN-SOFTIRQ-W} state was registered at:
    spin_lock include/linux/spinlock.h:354 [inline]
    padata_do_parallel kernel/padata.c:220
    ...
    __do_softirq kernel/softirq.c:298
    ...
    sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1091
    asm_sysvec_apic_timer_interrupt arch/x86/include/asm/idtentry.h:581

   Possible unsafe locking scenario:

         CPU0
         ----
    lock(padata_works_lock);
    <Interrupt>
      lock(padata_works_lock);

padata_do_parallel() takes padata_works_lock with softirqs enabled, so a
deadlock is possible if, on the same CPU, the lock is acquired in
process context and then softirq handling done in an interrupt leads to
the same path.

Fix by leaving softirqs disabled while do_parallel holds
padata_works_lock.

Reported-by: syzbot+f4b9f49e38e25eb4ef52@syzkaller.appspotmail.com
Fixes: 4611ce22 ("padata: allocate work structures for parallel jobs from a pool")
Signed-off-by: default avatarDaniel Jordan <daniel.m.jordan@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent c195d66a
...@@ -215,12 +215,13 @@ int padata_do_parallel(struct padata_shell *ps, ...@@ -215,12 +215,13 @@ int padata_do_parallel(struct padata_shell *ps,
padata->pd = pd; padata->pd = pd;
padata->cb_cpu = *cb_cpu; padata->cb_cpu = *cb_cpu;
rcu_read_unlock_bh();
spin_lock(&padata_works_lock); spin_lock(&padata_works_lock);
padata->seq_nr = ++pd->seq_nr; padata->seq_nr = ++pd->seq_nr;
pw = padata_work_alloc(); pw = padata_work_alloc();
spin_unlock(&padata_works_lock); spin_unlock(&padata_works_lock);
rcu_read_unlock_bh();
if (pw) { if (pw) {
padata_work_init(pw, padata_parallel_worker, padata, 0); padata_work_init(pw, padata_parallel_worker, padata, 0);
queue_work(pinst->parallel_wq, &pw->pw_work); queue_work(pinst->parallel_wq, &pw->pw_work);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment