From: Sasha Levin Date: Fri, 18 Aug 2023 00:44:39 +0000 (-0400) Subject: Drop can-raw-fix-lockdep-issue-in-raw_release.patch X-Git-Tag: v6.4.12~93 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=28c1ff105df251f2659f16d6933ebfaea176f2d3;p=thirdparty%2Fkernel%2Fstable-queue.git Drop can-raw-fix-lockdep-issue-in-raw_release.patch Signed-off-by: Sasha Levin --- diff --git a/queue-5.15/can-raw-fix-lockdep-issue-in-raw_release.patch b/queue-5.15/can-raw-fix-lockdep-issue-in-raw_release.patch deleted file mode 100644 index 23d23ebc955..00000000000 --- a/queue-5.15/can-raw-fix-lockdep-issue-in-raw_release.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 59958781417319b55ca679bedf951efb6cf1d8d7 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 20 Jul 2023 11:44:38 +0000 -Subject: can: raw: fix lockdep issue in raw_release() - -From: Eric Dumazet - -[ Upstream commit 11c9027c983e9e4b408ee5613b6504d24ebd85be ] - -syzbot complained about a lockdep issue [1] - -Since raw_bind() and raw_setsockopt() first get RTNL -before locking the socket, we must adopt the same order in raw_release() - -[1] -WARNING: possible circular locking dependency detected -6.5.0-rc1-syzkaller-00192-g78adb4bcf99e #0 Not tainted ------------------------------------------------------- -syz-executor.0/14110 is trying to acquire lock: -ffff88804e4b6130 (sk_lock-AF_CAN){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1708 [inline] -ffff88804e4b6130 (sk_lock-AF_CAN){+.+.}-{0:0}, at: raw_bind+0xb1/0xab0 net/can/raw.c:435 - -but task is already holding lock: -ffffffff8e3df368 (rtnl_mutex){+.+.}-{3:3}, at: raw_bind+0xa7/0xab0 net/can/raw.c:434 - -which lock already depends on the new lock. - -the existing dependency chain (in reverse order) is: - --> #1 (rtnl_mutex){+.+.}-{3:3}: -__mutex_lock_common kernel/locking/mutex.c:603 [inline] -__mutex_lock+0x181/0x1340 kernel/locking/mutex.c:747 -raw_release+0x1c6/0x9b0 net/can/raw.c:391 -__sock_release+0xcd/0x290 net/socket.c:654 -sock_close+0x1c/0x20 net/socket.c:1386 -__fput+0x3fd/0xac0 fs/file_table.c:384 -task_work_run+0x14d/0x240 kernel/task_work.c:179 -resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] -exit_to_user_mode_loop kernel/entry/common.c:171 [inline] -exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 -__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] -syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297 -do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 -entry_SYSCALL_64_after_hwframe+0x63/0xcd - --> #0 (sk_lock-AF_CAN){+.+.}-{0:0}: -check_prev_add kernel/locking/lockdep.c:3142 [inline] -check_prevs_add kernel/locking/lockdep.c:3261 [inline] -validate_chain kernel/locking/lockdep.c:3876 [inline] -__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 -lock_acquire kernel/locking/lockdep.c:5761 [inline] -lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 -lock_sock_nested+0x3a/0xf0 net/core/sock.c:3492 -lock_sock include/net/sock.h:1708 [inline] -raw_bind+0xb1/0xab0 net/can/raw.c:435 -__sys_bind+0x1ec/0x220 net/socket.c:1792 -__do_sys_bind net/socket.c:1803 [inline] -__se_sys_bind net/socket.c:1801 [inline] -__x64_sys_bind+0x72/0xb0 net/socket.c:1801 -do_syscall_x64 arch/x86/entry/common.c:50 [inline] -do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 -entry_SYSCALL_64_after_hwframe+0x63/0xcd - -other info that might help us debug this: - -Possible unsafe locking scenario: - -CPU0 CPU1 ----- ---- -lock(rtnl_mutex); - lock(sk_lock-AF_CAN); - lock(rtnl_mutex); -lock(sk_lock-AF_CAN); - -*** DEADLOCK *** - -1 lock held by syz-executor.0/14110: - -stack backtrace: -CPU: 0 PID: 14110 Comm: syz-executor.0 Not tainted 6.5.0-rc1-syzkaller-00192-g78adb4bcf99e #0 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 -Call Trace: - -__dump_stack lib/dump_stack.c:88 [inline] -dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 -check_noncircular+0x311/0x3f0 kernel/locking/lockdep.c:2195 -check_prev_add kernel/locking/lockdep.c:3142 [inline] -check_prevs_add kernel/locking/lockdep.c:3261 [inline] -validate_chain kernel/locking/lockdep.c:3876 [inline] -__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 -lock_acquire kernel/locking/lockdep.c:5761 [inline] -lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 -lock_sock_nested+0x3a/0xf0 net/core/sock.c:3492 -lock_sock include/net/sock.h:1708 [inline] -raw_bind+0xb1/0xab0 net/can/raw.c:435 -__sys_bind+0x1ec/0x220 net/socket.c:1792 -__do_sys_bind net/socket.c:1803 [inline] -__se_sys_bind net/socket.c:1801 [inline] -__x64_sys_bind+0x72/0xb0 net/socket.c:1801 -do_syscall_x64 arch/x86/entry/common.c:50 [inline] -do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 -entry_SYSCALL_64_after_hwframe+0x63/0xcd -RIP: 0033:0x7fd89007cb29 -Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 -RSP: 002b:00007fd890d2a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 -RAX: ffffffffffffffda RBX: 00007fd89019bf80 RCX: 00007fd89007cb29 -RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 -RBP: 00007fd8900c847a R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 -R13: 000000000000000b R14: 00007fd89019bf80 R15: 00007ffebf8124f8 - - -Fixes: ee8b94c8510c ("can: raw: fix receiver memory leak") -Reported-by: syzbot -Signed-off-by: Eric Dumazet -Cc: Ziyang Xuan -Cc: Oliver Hartkopp -Cc: stable@vger.kernel.org -Cc: Marc Kleine-Budde -Link: https://lore.kernel.org/all/20230720114438.172434-1-edumazet@google.com -Signed-off-by: Marc Kleine-Budde -Signed-off-by: Sasha Levin ---- - net/can/raw.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/net/can/raw.c b/net/can/raw.c -index afa76ce0bf608..c02df37894ff9 100644 ---- a/net/can/raw.c -+++ b/net/can/raw.c -@@ -383,9 +383,9 @@ static int raw_release(struct socket *sock) - list_del(&ro->notifier); - spin_unlock(&raw_notifier_lock); - -+ rtnl_lock(); - lock_sock(sk); - -- rtnl_lock(); - /* remove current filters & unregister */ - if (ro->bound) { - if (ro->dev) -@@ -402,12 +402,13 @@ static int raw_release(struct socket *sock) - ro->dev = NULL; - ro->count = 0; - free_percpu(ro->uniq); -- rtnl_unlock(); - - sock_orphan(sk); - sock->sk = NULL; - - release_sock(sk); -+ rtnl_unlock(); -+ - sock_put(sk); - - return 0; --- -2.40.1 - diff --git a/queue-5.15/series b/queue-5.15/series index 9b16ea83b22..78cd7813e43 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -68,4 +68,3 @@ net-ncsi-change-from-ndo_set_mac_address-to-dev_set_.patch arm-dts-imx6sll-fixup-of-operating-points.patch arm-dts-nxp-imx6sll-fix-wrong-property-name-in-usbph.patch btrfs-move-out-now-unused-bg-from-the-reclaim-list.patch -can-raw-fix-lockdep-issue-in-raw_release.patch diff --git a/queue-6.1/can-raw-fix-lockdep-issue-in-raw_release.patch b/queue-6.1/can-raw-fix-lockdep-issue-in-raw_release.patch deleted file mode 100644 index ffef302721e..00000000000 --- a/queue-6.1/can-raw-fix-lockdep-issue-in-raw_release.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 755aef2f45a6a450aec81f91b280fadb16e65695 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 20 Jul 2023 11:44:38 +0000 -Subject: can: raw: fix lockdep issue in raw_release() - -From: Eric Dumazet - -[ Upstream commit 11c9027c983e9e4b408ee5613b6504d24ebd85be ] - -syzbot complained about a lockdep issue [1] - -Since raw_bind() and raw_setsockopt() first get RTNL -before locking the socket, we must adopt the same order in raw_release() - -[1] -WARNING: possible circular locking dependency detected -6.5.0-rc1-syzkaller-00192-g78adb4bcf99e #0 Not tainted ------------------------------------------------------- -syz-executor.0/14110 is trying to acquire lock: -ffff88804e4b6130 (sk_lock-AF_CAN){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1708 [inline] -ffff88804e4b6130 (sk_lock-AF_CAN){+.+.}-{0:0}, at: raw_bind+0xb1/0xab0 net/can/raw.c:435 - -but task is already holding lock: -ffffffff8e3df368 (rtnl_mutex){+.+.}-{3:3}, at: raw_bind+0xa7/0xab0 net/can/raw.c:434 - -which lock already depends on the new lock. - -the existing dependency chain (in reverse order) is: - --> #1 (rtnl_mutex){+.+.}-{3:3}: -__mutex_lock_common kernel/locking/mutex.c:603 [inline] -__mutex_lock+0x181/0x1340 kernel/locking/mutex.c:747 -raw_release+0x1c6/0x9b0 net/can/raw.c:391 -__sock_release+0xcd/0x290 net/socket.c:654 -sock_close+0x1c/0x20 net/socket.c:1386 -__fput+0x3fd/0xac0 fs/file_table.c:384 -task_work_run+0x14d/0x240 kernel/task_work.c:179 -resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] -exit_to_user_mode_loop kernel/entry/common.c:171 [inline] -exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 -__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] -syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297 -do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 -entry_SYSCALL_64_after_hwframe+0x63/0xcd - --> #0 (sk_lock-AF_CAN){+.+.}-{0:0}: -check_prev_add kernel/locking/lockdep.c:3142 [inline] -check_prevs_add kernel/locking/lockdep.c:3261 [inline] -validate_chain kernel/locking/lockdep.c:3876 [inline] -__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 -lock_acquire kernel/locking/lockdep.c:5761 [inline] -lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 -lock_sock_nested+0x3a/0xf0 net/core/sock.c:3492 -lock_sock include/net/sock.h:1708 [inline] -raw_bind+0xb1/0xab0 net/can/raw.c:435 -__sys_bind+0x1ec/0x220 net/socket.c:1792 -__do_sys_bind net/socket.c:1803 [inline] -__se_sys_bind net/socket.c:1801 [inline] -__x64_sys_bind+0x72/0xb0 net/socket.c:1801 -do_syscall_x64 arch/x86/entry/common.c:50 [inline] -do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 -entry_SYSCALL_64_after_hwframe+0x63/0xcd - -other info that might help us debug this: - -Possible unsafe locking scenario: - -CPU0 CPU1 ----- ---- -lock(rtnl_mutex); - lock(sk_lock-AF_CAN); - lock(rtnl_mutex); -lock(sk_lock-AF_CAN); - -*** DEADLOCK *** - -1 lock held by syz-executor.0/14110: - -stack backtrace: -CPU: 0 PID: 14110 Comm: syz-executor.0 Not tainted 6.5.0-rc1-syzkaller-00192-g78adb4bcf99e #0 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 -Call Trace: - -__dump_stack lib/dump_stack.c:88 [inline] -dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 -check_noncircular+0x311/0x3f0 kernel/locking/lockdep.c:2195 -check_prev_add kernel/locking/lockdep.c:3142 [inline] -check_prevs_add kernel/locking/lockdep.c:3261 [inline] -validate_chain kernel/locking/lockdep.c:3876 [inline] -__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 -lock_acquire kernel/locking/lockdep.c:5761 [inline] -lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 -lock_sock_nested+0x3a/0xf0 net/core/sock.c:3492 -lock_sock include/net/sock.h:1708 [inline] -raw_bind+0xb1/0xab0 net/can/raw.c:435 -__sys_bind+0x1ec/0x220 net/socket.c:1792 -__do_sys_bind net/socket.c:1803 [inline] -__se_sys_bind net/socket.c:1801 [inline] -__x64_sys_bind+0x72/0xb0 net/socket.c:1801 -do_syscall_x64 arch/x86/entry/common.c:50 [inline] -do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 -entry_SYSCALL_64_after_hwframe+0x63/0xcd -RIP: 0033:0x7fd89007cb29 -Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 -RSP: 002b:00007fd890d2a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 -RAX: ffffffffffffffda RBX: 00007fd89019bf80 RCX: 00007fd89007cb29 -RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 -RBP: 00007fd8900c847a R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 -R13: 000000000000000b R14: 00007fd89019bf80 R15: 00007ffebf8124f8 - - -Fixes: ee8b94c8510c ("can: raw: fix receiver memory leak") -Reported-by: syzbot -Signed-off-by: Eric Dumazet -Cc: Ziyang Xuan -Cc: Oliver Hartkopp -Cc: stable@vger.kernel.org -Cc: Marc Kleine-Budde -Link: https://lore.kernel.org/all/20230720114438.172434-1-edumazet@google.com -Signed-off-by: Marc Kleine-Budde -Signed-off-by: Sasha Levin ---- - net/can/raw.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/net/can/raw.c b/net/can/raw.c -index 1cd2c8748c26a..0dd3259357a35 100644 ---- a/net/can/raw.c -+++ b/net/can/raw.c -@@ -386,9 +386,9 @@ static int raw_release(struct socket *sock) - list_del(&ro->notifier); - spin_unlock(&raw_notifier_lock); - -+ rtnl_lock(); - lock_sock(sk); - -- rtnl_lock(); - /* remove current filters & unregister */ - if (ro->bound) { - if (ro->dev) -@@ -405,12 +405,13 @@ static int raw_release(struct socket *sock) - ro->dev = NULL; - ro->count = 0; - free_percpu(ro->uniq); -- rtnl_unlock(); - - sock_orphan(sk); - sock->sk = NULL; - - release_sock(sk); -+ rtnl_unlock(); -+ - sock_put(sk); - - return 0; --- -2.40.1 - diff --git a/queue-6.1/series b/queue-6.1/series index 21c4fc199e3..c774ad73c3b 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -82,4 +82,3 @@ btrfs-move-out-now-unused-bg-from-the-reclaim-list.patch btrfs-convert-btrfs_block_group-needs_free_space-to-.patch btrfs-convert-btrfs_block_group-seq_zone-to-runtime-.patch btrfs-fix-use-after-free-of-new-block-group-that-bec.patch -can-raw-fix-lockdep-issue-in-raw_release.patch diff --git a/queue-6.4/can-raw-fix-lockdep-issue-in-raw_release.patch b/queue-6.4/can-raw-fix-lockdep-issue-in-raw_release.patch deleted file mode 100644 index fc0a4c04528..00000000000 --- a/queue-6.4/can-raw-fix-lockdep-issue-in-raw_release.patch +++ /dev/null @@ -1,159 +0,0 @@ -From e20eca62d5271222be770e64b7b19c512a2a2d86 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 20 Jul 2023 11:44:38 +0000 -Subject: can: raw: fix lockdep issue in raw_release() - -From: Eric Dumazet - -[ Upstream commit 11c9027c983e9e4b408ee5613b6504d24ebd85be ] - -syzbot complained about a lockdep issue [1] - -Since raw_bind() and raw_setsockopt() first get RTNL -before locking the socket, we must adopt the same order in raw_release() - -[1] -WARNING: possible circular locking dependency detected -6.5.0-rc1-syzkaller-00192-g78adb4bcf99e #0 Not tainted ------------------------------------------------------- -syz-executor.0/14110 is trying to acquire lock: -ffff88804e4b6130 (sk_lock-AF_CAN){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1708 [inline] -ffff88804e4b6130 (sk_lock-AF_CAN){+.+.}-{0:0}, at: raw_bind+0xb1/0xab0 net/can/raw.c:435 - -but task is already holding lock: -ffffffff8e3df368 (rtnl_mutex){+.+.}-{3:3}, at: raw_bind+0xa7/0xab0 net/can/raw.c:434 - -which lock already depends on the new lock. - -the existing dependency chain (in reverse order) is: - --> #1 (rtnl_mutex){+.+.}-{3:3}: -__mutex_lock_common kernel/locking/mutex.c:603 [inline] -__mutex_lock+0x181/0x1340 kernel/locking/mutex.c:747 -raw_release+0x1c6/0x9b0 net/can/raw.c:391 -__sock_release+0xcd/0x290 net/socket.c:654 -sock_close+0x1c/0x20 net/socket.c:1386 -__fput+0x3fd/0xac0 fs/file_table.c:384 -task_work_run+0x14d/0x240 kernel/task_work.c:179 -resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] -exit_to_user_mode_loop kernel/entry/common.c:171 [inline] -exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 -__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] -syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297 -do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 -entry_SYSCALL_64_after_hwframe+0x63/0xcd - --> #0 (sk_lock-AF_CAN){+.+.}-{0:0}: -check_prev_add kernel/locking/lockdep.c:3142 [inline] -check_prevs_add kernel/locking/lockdep.c:3261 [inline] -validate_chain kernel/locking/lockdep.c:3876 [inline] -__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 -lock_acquire kernel/locking/lockdep.c:5761 [inline] -lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 -lock_sock_nested+0x3a/0xf0 net/core/sock.c:3492 -lock_sock include/net/sock.h:1708 [inline] -raw_bind+0xb1/0xab0 net/can/raw.c:435 -__sys_bind+0x1ec/0x220 net/socket.c:1792 -__do_sys_bind net/socket.c:1803 [inline] -__se_sys_bind net/socket.c:1801 [inline] -__x64_sys_bind+0x72/0xb0 net/socket.c:1801 -do_syscall_x64 arch/x86/entry/common.c:50 [inline] -do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 -entry_SYSCALL_64_after_hwframe+0x63/0xcd - -other info that might help us debug this: - -Possible unsafe locking scenario: - -CPU0 CPU1 ----- ---- -lock(rtnl_mutex); - lock(sk_lock-AF_CAN); - lock(rtnl_mutex); -lock(sk_lock-AF_CAN); - -*** DEADLOCK *** - -1 lock held by syz-executor.0/14110: - -stack backtrace: -CPU: 0 PID: 14110 Comm: syz-executor.0 Not tainted 6.5.0-rc1-syzkaller-00192-g78adb4bcf99e #0 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 -Call Trace: - -__dump_stack lib/dump_stack.c:88 [inline] -dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 -check_noncircular+0x311/0x3f0 kernel/locking/lockdep.c:2195 -check_prev_add kernel/locking/lockdep.c:3142 [inline] -check_prevs_add kernel/locking/lockdep.c:3261 [inline] -validate_chain kernel/locking/lockdep.c:3876 [inline] -__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 -lock_acquire kernel/locking/lockdep.c:5761 [inline] -lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 -lock_sock_nested+0x3a/0xf0 net/core/sock.c:3492 -lock_sock include/net/sock.h:1708 [inline] -raw_bind+0xb1/0xab0 net/can/raw.c:435 -__sys_bind+0x1ec/0x220 net/socket.c:1792 -__do_sys_bind net/socket.c:1803 [inline] -__se_sys_bind net/socket.c:1801 [inline] -__x64_sys_bind+0x72/0xb0 net/socket.c:1801 -do_syscall_x64 arch/x86/entry/common.c:50 [inline] -do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 -entry_SYSCALL_64_after_hwframe+0x63/0xcd -RIP: 0033:0x7fd89007cb29 -Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 -RSP: 002b:00007fd890d2a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 -RAX: ffffffffffffffda RBX: 00007fd89019bf80 RCX: 00007fd89007cb29 -RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 -RBP: 00007fd8900c847a R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 -R13: 000000000000000b R14: 00007fd89019bf80 R15: 00007ffebf8124f8 - - -Fixes: ee8b94c8510c ("can: raw: fix receiver memory leak") -Reported-by: syzbot -Signed-off-by: Eric Dumazet -Cc: Ziyang Xuan -Cc: Oliver Hartkopp -Cc: stable@vger.kernel.org -Cc: Marc Kleine-Budde -Link: https://lore.kernel.org/all/20230720114438.172434-1-edumazet@google.com -Signed-off-by: Marc Kleine-Budde -Signed-off-by: Sasha Levin ---- - net/can/raw.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/net/can/raw.c b/net/can/raw.c -index 9fdad12d16325..9fbbf6e00287f 100644 ---- a/net/can/raw.c -+++ b/net/can/raw.c -@@ -386,9 +386,9 @@ static int raw_release(struct socket *sock) - list_del(&ro->notifier); - spin_unlock(&raw_notifier_lock); - -+ rtnl_lock(); - lock_sock(sk); - -- rtnl_lock(); - /* remove current filters & unregister */ - if (ro->bound) { - if (ro->dev) -@@ -405,12 +405,13 @@ static int raw_release(struct socket *sock) - ro->dev = NULL; - ro->count = 0; - free_percpu(ro->uniq); -- rtnl_unlock(); - - sock_orphan(sk); - sock->sk = NULL; - - release_sock(sk); -+ rtnl_unlock(); -+ - sock_put(sk); - - return 0; --- -2.40.1 - diff --git a/queue-6.4/series b/queue-6.4/series index 827806a74c9..5a381d184bf 100644 --- a/queue-6.4/series +++ b/queue-6.4/series @@ -87,4 +87,3 @@ bluetooth-mgmt-use-correct-address-for-memcpy.patch ring-buffer-do-not-swap-cpu_buffer-during-resize-pro.patch btrfs-move-out-now-unused-bg-from-the-reclaim-list.patch btrfs-fix-use-after-free-of-new-block-group-that-bec.patch -can-raw-fix-lockdep-issue-in-raw_release.patch