Re: [syzbot] [nfs?] INFO: task hung in nfsd_nl_listener_set_doit

From: Edward Adam Davis
Date: Sun Sep 01 2024 - 00:40:30 EST


#syz test

diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index 9ab49bfeae78..51c4e811c01c 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -137,6 +137,7 @@ struct genl_info {
possible_net_t _net;
void * user_ptr[2];
struct netlink_ext_ack *extack;
+ struct mutex fslock;
};

static inline struct net *genl_info_net(const struct genl_info *info)
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index feb54c63a116..abf52285e26a 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -1105,6 +1105,7 @@ static int genl_family_rcv_msg_doit(const struct genl_family *family,
info.extack = extack;
genl_info_net_set(&info, net);
memset(&info.user_ptr, 0, sizeof(info.user_ptr));
+ mutex_init(&info.fslock);

if (ops->pre_doit) {
err = ops->pre_doit(ops, skb, &info);
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 34eb2c2cbcde..8d0ac4f699bd 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1953,11 +1953,11 @@ int nfsd_nl_listener_set_doit(struct sk_buff *skb, struct genl_info *info)
struct nfsd_net *nn;
int err, rem;

- mutex_lock(&nfsd_mutex);
+ mutex_lock(&info->fslock);

err = nfsd_create_serv(net);
if (err) {
- mutex_unlock(&nfsd_mutex);
+ mutex_unlock(&info->fslock);
return err;
}

@@ -2080,7 +2080,7 @@ int nfsd_nl_listener_set_doit(struct sk_buff *skb, struct genl_info *info)
nfsd_destroy_serv(net);

out_unlock_mtx:
- mutex_unlock(&nfsd_mutex);
+ mutex_unlock(&info->fslock);

return err;
}
@@ -2110,7 +2110,7 @@ int nfsd_nl_listener_get_doit(struct sk_buff *skb, struct genl_info *info)
goto err_free_msg;
}

- mutex_lock(&nfsd_mutex);
+ mutex_lock(&info->fslock);
nn = net_generic(genl_info_net(info), nfsd_net_id);

/* no nfs server? Just send empty socket list */
@@ -2141,14 +2141,14 @@ int nfsd_nl_listener_get_doit(struct sk_buff *skb, struct genl_info *info)
}
spin_unlock_bh(&serv->sv_lock);
out_unlock_mtx:
- mutex_unlock(&nfsd_mutex);
+ mutex_unlock(&info->fslock);
genlmsg_end(skb, hdr);

return genlmsg_reply(skb, info);

err_serv_unlock:
spin_unlock_bh(&serv->sv_lock);
- mutex_unlock(&nfsd_mutex);
+ mutex_unlock(&info->fslock);
err_free_msg:
nlmsg_free(skb);