Commit c71380ff authored Sep 19, 2013 by Nikolay Aleksandrov Committed by David S. Miller Sep 19, 2013

netconsole: fix a deadlock with rtnl and netconsole's mutex



This bug was introduced by commit
7a163bfb ("netconsole: avoid a crash with
multiple sysfs writers"). In store_enabled() we have the following
sequence: acquire nt->mutex then rtnl, but in the netconsole netdev
notifier we have rtnl then nt->mutex effectively leading to a deadlock.
The NULL pointer dereference that the above commit tries to fix is
actually due to another bug in netpoll_cleanup(). This is fixed by dropping
the mutex from the netdev notifier as it's already protected by rtnl.

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent d0fe8c88

drivers/net/netconsole.c

+1 −4

Original line number	Original line	Diff line number	Diff line
	@@ -684,15 +684,12 @@ static int netconsole_netdev_event(struct notifier_block *this,
	case NETDEV_RELEASE:		case NETDEV_RELEASE:
	case NETDEV_JOIN:		case NETDEV_JOIN:
	case NETDEV_UNREGISTER:		case NETDEV_UNREGISTER:
	/*		/* rtnl_lock already held
	* rtnl_lock already held
	* we might sleep in __netpoll_cleanup()		* we might sleep in __netpoll_cleanup()
	*/		*/
	spin_unlock_irqrestore(&target_list_lock, flags);		spin_unlock_irqrestore(&target_list_lock, flags);

	mutex_lock(&nt->mutex);
	__netpoll_cleanup(&nt->np);		__netpoll_cleanup(&nt->np);
	mutex_unlock(&nt->mutex);

	spin_lock_irqsave(&target_list_lock, flags);		spin_lock_irqsave(&target_list_lock, flags);
	dev_put(nt->np.dev);		dev_put(nt->np.dev);