Re: [PATCH] tun: fix mismatch in mutex lock-unlock in tun_get_user()
From: Alexey KhoroshilovDate: Sat, 17 Feb 2018 01:11:55 +0300 > There is a single error path where tfile->napi_mutex is left unlocked. > It can lead to a deadlock. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Alexey Khoroshilov As Eric explained, tun_napi_frags_enabled() (and therefore 'frags') will never be true for TUN devices, which is the type handled by this code path.
Re: [PATCH] tun: fix mismatch in mutex lock-unlock in tun_get_user()
From: Alexey Khoroshilov Date: Sat, 17 Feb 2018 01:11:55 +0300 > There is a single error path where tfile->napi_mutex is left unlocked. > It can lead to a deadlock. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Alexey Khoroshilov As Eric explained, tun_napi_frags_enabled() (and therefore 'frags') will never be true for TUN devices, which is the type handled by this code path.
Re: [PATCH] tun: fix mismatch in mutex lock-unlock in tun_get_user()
On Fri, Feb 16, 2018 at 2:11 PM, Alexey Khoroshilovwrote: > There is a single error path where tfile->napi_mutex is left unlocked. > It can lead to a deadlock. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Alexey Khoroshilov > --- > drivers/net/tun.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/drivers/net/tun.c b/drivers/net/tun.c > index 81e6cc951e7f..0072a9832532 100644 > --- a/drivers/net/tun.c > +++ b/drivers/net/tun.c > @@ -1879,6 +1879,10 @@ static ssize_t tun_get_user(struct tun_struct *tun, > struct tun_file *tfile, > default: > this_cpu_inc(tun->pcpu_stats->rx_dropped); > kfree_skb(skb); > + if (frags) { > + tfile->napi.skb = NULL; > + mutex_unlock(>napi_mutex); > + } > return -EINVAL; I do not believe this can happen for IFF_TUN IFF_NAPI_FRAGS can only be set for IFF_TAP
Re: [PATCH] tun: fix mismatch in mutex lock-unlock in tun_get_user()
On Fri, Feb 16, 2018 at 2:11 PM, Alexey Khoroshilov wrote: > There is a single error path where tfile->napi_mutex is left unlocked. > It can lead to a deadlock. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Alexey Khoroshilov > --- > drivers/net/tun.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/drivers/net/tun.c b/drivers/net/tun.c > index 81e6cc951e7f..0072a9832532 100644 > --- a/drivers/net/tun.c > +++ b/drivers/net/tun.c > @@ -1879,6 +1879,10 @@ static ssize_t tun_get_user(struct tun_struct *tun, > struct tun_file *tfile, > default: > this_cpu_inc(tun->pcpu_stats->rx_dropped); > kfree_skb(skb); > + if (frags) { > + tfile->napi.skb = NULL; > + mutex_unlock(>napi_mutex); > + } > return -EINVAL; I do not believe this can happen for IFF_TUN IFF_NAPI_FRAGS can only be set for IFF_TAP