Commit d7d2fcf
netconsole: Acquire su_mutex before navigating configs hierarchy
There is a race between operations that iterate over the userdata
cg_children list and concurrent add/remove of userdata items through
configfs. The update_userdata() function iterates over the
nt->userdata_group.cg_children list, and count_extradata_entries() also
iterates over this same list to count nodes.
Quoting from Documentation/filesystems/configfs.rst:
> A subsystem can navigate the cg_children list and the ci_parent pointer
> to see the tree created by the subsystem. This can race with configfs'
> management of the hierarchy, so configfs uses the subsystem mutex to
> protect modifications. Whenever a subsystem wants to navigate the
> hierarchy, it must do so under the protection of the subsystem
> mutex.
Without proper locking, if a userdata item is added or removed
concurrently while these functions are iterating, the list can be
accessed in an inconsistent state. For example, the list_for_each() loop
can reach a node that is being removed from the list by list_del_init()
which sets the nodes' .next pointer to point to itself, so the loop will
never end (or reach the WARN_ON_ONCE in update_userdata() ).
Fix this by holding the configfs subsystem mutex (su_mutex) during all
operations that iterate over cg_children.
This includes:
- userdatum_value_store() which calls update_userdata() to iterate over
cg_children
- All sysdata_*_enabled_store() functions which call
count_extradata_entries() to iterate over cg_children
The su_mutex must be acquired before dynamic_netconsole_mutex to avoid
potential lock ordering issues, as configfs operations may already hold
su_mutex when calling into our code.
Fixes: df03f83 ("net: netconsole: cache userdata formatted string in netconsole_target")
Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com>
Link: https://patch.msgid.link/20251029-netconsole-fix-warn-v1-1-0d0dd4622f48@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>1 parent c211f5d commit d7d2fcf
1 file changed
Lines changed: 10 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
936 | 936 | | |
937 | 937 | | |
938 | 938 | | |
| 939 | + | |
939 | 940 | | |
940 | 941 | | |
941 | 942 | | |
| |||
949 | 950 | | |
950 | 951 | | |
951 | 952 | | |
| 953 | + | |
952 | 954 | | |
953 | 955 | | |
954 | 956 | | |
| |||
974 | 976 | | |
975 | 977 | | |
976 | 978 | | |
| 979 | + | |
977 | 980 | | |
978 | 981 | | |
979 | 982 | | |
| |||
994 | 997 | | |
995 | 998 | | |
996 | 999 | | |
| 1000 | + | |
997 | 1001 | | |
998 | 1002 | | |
999 | 1003 | | |
| |||
1008 | 1012 | | |
1009 | 1013 | | |
1010 | 1014 | | |
| 1015 | + | |
1011 | 1016 | | |
1012 | 1017 | | |
1013 | 1018 | | |
| |||
1028 | 1033 | | |
1029 | 1034 | | |
1030 | 1035 | | |
| 1036 | + | |
1031 | 1037 | | |
1032 | 1038 | | |
1033 | 1039 | | |
| |||
1042 | 1048 | | |
1043 | 1049 | | |
1044 | 1050 | | |
| 1051 | + | |
1045 | 1052 | | |
1046 | 1053 | | |
1047 | 1054 | | |
| |||
1062 | 1069 | | |
1063 | 1070 | | |
1064 | 1071 | | |
| 1072 | + | |
1065 | 1073 | | |
1066 | 1074 | | |
1067 | 1075 | | |
| |||
1077 | 1085 | | |
1078 | 1086 | | |
1079 | 1087 | | |
| 1088 | + | |
1080 | 1089 | | |
1081 | 1090 | | |
1082 | 1091 | | |
| |||
1105 | 1114 | | |
1106 | 1115 | | |
1107 | 1116 | | |
| 1117 | + | |
1108 | 1118 | | |
1109 | 1119 | | |
1110 | 1120 | | |
| |||
0 commit comments