Re: [PATCH] nbd: don't warn when reclassifying a busy socket lock

Next message: Viresh Kumar: "Re: [PATCH] cpufreq: apple-soc: Add missing OPP table cleanup on init failure"
Previous message: Woradorn Laodhanadhaworn: "Re: [PATCH] tracing: Use seq_buf for string concatenation"
In reply to: Hillf Danton: "Re: [PATCH] nbd: don't warn when reclassifying a busy socket lock"
Next in thread: Hillf Danton: "Re: [PATCH] nbd: don't warn when reclassifying a busy socket lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet

Date: Mon Jun 22 2026 - 04:25:48 EST

On Sun, Jun 21, 2026 at 6:43 PM Hillf Danton <hdanton@xxxxxxxx> wrote:
>
> On Mon, 22 Jun 2026 05:22:55 +0530 Deepanshu Kartikey wrote:
> > nbd_reclassify_socket() warns via WARN_ON_ONCE() if the socket lock is
> > held at the point of reclassification. That assertion was copied from
> > nvme-tcp, where the socket is created internally by the kernel
> > (sock_create_kern()) and is never visible to user space, so the lock
> > is guaranteed to be free.
> >
> > NBD is different: the socket is looked up from a user-supplied fd in
> > nbd_get_socket(), and user space retains that fd. A concurrent syscall
> > on the same socket (or softirq processing taking bh_lock_sock() on a
> > connected TCP socket) can legitimately hold the lock at the instant
> > NBD reclassifies it. sock_allow_reclassification() then returns false
> > and the WARN_ON_ONCE() fires, which turns into a crash under
> > panic_on_warn. This is reachable by simply racing NBD_CMD_CONNECT
> > against socket activity on the same fd, as reported by syzbot.
> >
> Given the syzbot report, if you are right (I suspect) then Eric delivered
> another half-baked croissant, and feel free to cut it off instead to make
> room for correct fix.

Nobody (including you) caught this.difference between nbd and other
sock_allow_reclassification()
callers.

What was the "correct fix" you envisioned exactly?