qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/net/vmw_vsock
History
Stefano Garzarella f7c877e753 vsock: fix lock inversion in vsock_assign_transport() 
Syzbot reported a potential lock inversion deadlock between
vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called.

The issue was introduced by commit 687aa0c558 ("vsock: Fix
transport_* TOCTOU") which added vsock_register_mutex locking in
vsock_assign_transport() around the transport->release() call, that can
call vsock_linger(). vsock_assign_transport() can be called with sk_lock
held. vsock_linger() calls sk_wait_event() that temporarily releases and
re-acquires sk_lock. During this window, if another thread hold
vsock_register_mutex while trying to acquire sk_lock, a circular
dependency is created.

Fix this by releasing vsock_register_mutex before calling
transport->release() and vsock_deassign_transport(). This is safe
because we don't need to hold vsock_register_mutex while releasing the
old transport, and we ensure the new transport won't disappear by
obtaining a module reference first via try_module_get().

Reported-by: syzbot+10e35716f8e4929681fa@syzkaller.appspotmail.com
Tested-by: syzbot+10e35716f8e4929681fa@syzkaller.appspotmail.com
Fixes: 687aa0c558 ("vsock: Fix transport_* TOCTOU")
Cc: mhal@rbox.co
Cc: stable@vger.kernel.org
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://patch.msgid.link/20251021121718.137668-1-sgarzare@redhat.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 		2025-10-23 16:07:58 +02:00
..
Kconfig Drivers: hv: Add CONFIG_HYPERV_VMBUS option 2025-10-01 00:00:42 +00:00
Makefile
af_vsock.c vsock: fix lock inversion in vsock_assign_transport() 2025-10-23 16:07:58 +02:00
af_vsock_tap.c
diag.c sock_diag: add module pointer to "struct sock_diag_handler" 2024-01-23 15:13:54 +01:00
hyperv_transport.c hv_sock: Return the readable bytes in hvs_stream_has_data() 2025-07-09 19:29:52 -07:00
virtio_transport.c net: WQ_PERCPU added to alloc_workqueue users 2025-09-22 17:40:30 -07:00
virtio_transport_common.c vsock/virtio: Fix message iterator handling on transmit path 2025-08-21 17:49:19 -07:00
vmci_transport.c vsock/vmci: Clear the vmci transport packet properly when initializing it 2025-07-03 12:52:52 +02:00
vmci_transport.h vsock: Remove unused function declarations 2023-07-31 14:41:08 -07:00
vmci_transport_notify.c
vmci_transport_notify.h
vmci_transport_notify_qstate.c
vsock_addr.c
vsock_bpf.c vsock/bpf: Warn on socket without transport 2025-02-18 12:00:01 +01:00
vsock_loopback.c net: WQ_PERCPU added to alloc_workqueue users 2025-09-22 17:40:30 -07:00