Re: [syzbot] [bpf?] possible deadlock in trie_delete_elem

From: Hillf Danton
Date: Wed Mar 20 2024 - 06:34:55 EST

Next message: Andy Shevchenko: "Re: [PATCH V2] gpiolib: use dev_err() when gpiod_configure_flags failed"
Previous message: Xianwei Zhao: "Re: [PATCH v2 5/5] arm64: dts: add support for A5 based Amlogic AV400"
In reply to: syzbot: "[syzbot] [bpf?] possible deadlock in trie_delete_elem"
Next in thread: syzbot: "Re: [syzbot] [bpf?] possible deadlock in trie_delete_elem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 20 Mar 2024 01:42:21 -0700
> syzbot found the following issue on:
>
> HEAD commit: 32fa4366cc4d net: phy: fix phy_read_poll_timeout argument ..
> git tree: net
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1676fc6e180000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git 32fa4366cc4d

--- x/kernel/bpf/lpm_trie.c
+++ y/kernel/bpf/lpm_trie.c
@@ -321,7 +321,7 @@ static long trie_update_elem(struct bpf_
if (key->prefixlen > trie->max_prefixlen)
return -EINVAL;

- spin_lock_irqsave(&trie->lock, irq_flags);
+ spin_lock_irqsave_nested(&trie->lock, irq_flags, 1);

/* Allocate and fill a new node */

@@ -448,7 +448,7 @@ static long trie_delete_elem(struct bpf_
if (key->prefixlen > trie->max_prefixlen)
return -EINVAL;

- spin_lock_irqsave(&trie->lock, irq_flags);
+ spin_lock_irqsave_nested(&trie->lock, irq_flags, 2);

/* Walk the tree looking for an exact key/length match and keeping
* track of the path we traverse. We will need to know the node
--

Next message: Andy Shevchenko: "Re: [PATCH V2] gpiolib: use dev_err() when gpiod_configure_flags failed"
Previous message: Xianwei Zhao: "Re: [PATCH v2 5/5] arm64: dts: add support for A5 based Amlogic AV400"
In reply to: syzbot: "[syzbot] [bpf?] possible deadlock in trie_delete_elem"
Next in thread: syzbot: "Re: [syzbot] [bpf?] possible deadlock in trie_delete_elem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]