summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Pagano <mpagano@gentoo.org>2015-10-02 08:08:15 -0400
committerMike Pagano <mpagano@gentoo.org>2015-10-02 08:08:15 -0400
commitcb0333eb392976ebff5a7d56008620f7c0862790 (patch)
tree80bafb86b73f42ef064ddce05e70c8d9b4e1d026
parentLinux patch 4.1.9 (diff)
downloadlinux-patches-4.1-14.tar.gz
linux-patches-4.1-14.tar.bz2
linux-patches-4.1-14.zip
inet: Patch to fix potential deadlock in reqsk_queue_unlink()4.1-14
-rw-r--r--0000_README4
-rw-r--r--2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch32
2 files changed, 36 insertions, 0 deletions
diff --git a/0000_README b/0000_README
index 46b8cb0f..348e8f55 100644
--- a/0000_README
+++ b/0000_README
@@ -91,6 +91,10 @@ Patch: 1600_dm-crypt-limit-max-segment-size.patch
From: https://bugzilla.kernel.org/show_bug.cgi?id=104421
Desc: dm crypt: constrain crypt device's max_segment_size to PAGE_SIZE.
+Patch: 2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch
+From: http://git.kernel.org/
+Desc: inet: Patch to fix potential deadlock in reqsk_queue_unlink()
+
Patch: 2700_ThinkPad-30-brightness-control-fix.patch
From: Seth Forshee <seth.forshee@canonical.com>
Desc: ACPI: Disable Windows 8 compatibility for some Lenovo ThinkPads.
diff --git a/2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch b/2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch
new file mode 100644
index 00000000..890f5e5a
--- /dev/null
+++ b/2000_inet-deadlock-in-reqsk-queue-unlink-fix.patch
@@ -0,0 +1,32 @@
+From 83fccfc3940c4a2db90fd7e7079f5b465cd8c6af Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 13 Aug 2015 15:44:51 -0700
+Subject: inet: fix potential deadlock in reqsk_queue_unlink()
+
+When replacing del_timer() with del_timer_sync(), I introduced
+a deadlock condition :
+
+reqsk_queue_unlink() is called from inet_csk_reqsk_queue_drop()
+
+inet_csk_reqsk_queue_drop() can be called from many contexts,
+one being the timer handler itself (reqsk_timer_handler()).
+
+In this case, del_timer_sync() loops forever.
+
+Simple fix is to test if timer is pending.
+
+Fixes: 2235f2ac75fd ("inet: fix races with reqsk timers")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+
+--- a/net/ipv4/inet_connection_sock.c 2015-10-02 07:49:42.759957268 -0400
++++ b/net/ipv4/inet_connection_sock.c 2015-10-02 07:50:12.929957111 -0400
+@@ -584,7 +584,7 @@ static bool reqsk_queue_unlink(struct re
+ }
+
+ spin_unlock(&queue->syn_wait_lock);
+- if (del_timer_sync(&req->rsk_timer))
++ if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer))
+ reqsk_put(req);
+ return found;
+ }