From: Jarek Poplawski Date: Sun, 16 Dec 2007 22:02:07 +0000 (-0800) Subject: [AX25]: Locking dependencies fix in ax25_disconnect(). X-Git-Tag: v2.6.24-rc6~67^2~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=215f7b08f2a142ec19f4bd3d6de263e68b877955;p=profile%2Fivi%2Fkernel-adaptation-intel-automotive.git [AX25]: Locking dependencies fix in ax25_disconnect(). Bernard Pidoux reported these lockdep warnings: [ INFO: possible irq lock inversion dependency detected ] 2.6.23.1 #1 --------------------------------------------------------- fpac/4933 just changed the state of lock: (slock-AF_AX25){--..}, at: [] ax25_disconnect+0x46/0xaf [ax25] but this lock was taken by another, soft-irq-safe lock in the past: (ax25_list_lock){-+..} and interrupts could create inverse lock ordering between them. [...] [ INFO: inconsistent lock state ] 2.6.23.1 #1 --------------------------------- inconsistent {in-softirq-W} -> {softirq-on-W} usage. ax25_call/4005 [HC0[0]:SC0[0]:HE1:SE1] takes: (slock-AF_AX25){-+..}, at: [] ax25_disconnect+0x46/0xaf [ax25] [...] This means slock-AF_AX25 could be taken both from softirq and process context with softirqs enabled, so it's endangered itself, but also makes ax25_list_lock vulnerable. It was not 100% verified if the real lockup can happen, but this fix isn't very costly and looks safe anyway. (It was tested by Bernard with 2.6.23.9 and 2.6.24-rc5 kernels.) Reported_by: Bernard Pidoux Tested_by: Bernard Pidoux Signed-off-by: Jarek Poplawski Signed-off-by: David S. Miller --- diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c index 5fe9b2a..d8f2157 100644 --- a/net/ax25/ax25_subr.c +++ b/net/ax25/ax25_subr.c @@ -279,6 +279,7 @@ void ax25_disconnect(ax25_cb *ax25, int reason) ax25_link_failed(ax25, reason); if (ax25->sk != NULL) { + local_bh_disable(); bh_lock_sock(ax25->sk); ax25->sk->sk_state = TCP_CLOSE; ax25->sk->sk_err = reason; @@ -288,5 +289,6 @@ void ax25_disconnect(ax25_cb *ax25, int reason) sock_set_flag(ax25->sk, SOCK_DEAD); } bh_unlock_sock(ax25->sk); + local_bh_enable(); } }