nbd: Reclassify sockets to avoid lockdep circular dependency

syzbot reported a possible circular locking dependency in udp_sendmsg()
where fs_reclaim can be triggered while holding sk_lock, and fs_reclaim
can eventually depend on another sk_lock (e.g., if NBD is used for swap
or writeback and NBD uses TLS/TCP which acquires sk_lock).

Since the UDP socket and the NBD TCP/TLS socket are different, this is a
false positive. Fix this by reclassifying NBD sockets to a separate lock
class when they are added to the NBD device.

This is similar to what nvme-tcp and other network block devices do.

Fixes: ffa1e7ada456 ("block: Make request_queue lockdep splats show up earlier")
Reported-by: syzbot+607cdcf978b3e79da878@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6a2cdafe.428ffe26.258b27.0161.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260613042619.1108126-1-edumazet@google.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index e2fe9e3308fc71ee27b1c855550e6137e167b0d1..3a585a0c882a28c79c61ffd11d185ae114510b33 100644 (file)
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1238,6 +1238,42 @@ static struct socket *nbd_get_socket(struct nbd_device *nbd, unsigned long fd,
        return sock;
 }
 
+#ifdef CONFIG_DEBUG_LOCK_ALLOC
+static struct lock_class_key nbd_key[3];
+static struct lock_class_key nbd_slock_key[3];
+
+static void nbd_reclassify_socket(struct socket *sock)
+{
+       struct sock *sk = sock->sk;
+
+       if (WARN_ON_ONCE(!sock_allow_reclassification(sk)))
+               return;
+
+       switch (sk->sk_family) {
+       case AF_INET:
+               sock_lock_init_class_and_name(sk, "slock-AF_INET-NBD",
+                                             &nbd_slock_key[0],
+                                             "sk_lock-AF_INET-NBD",
+                                             &nbd_key[0]);
+               break;
+       case AF_INET6:
+               sock_lock_init_class_and_name(sk, "slock-AF_INET6-NBD",
+                                             &nbd_slock_key[1],
+                                             "sk_lock-AF_INET6-NBD",
+                                             &nbd_key[1]);
+               break;
+       case AF_UNIX:
+               sock_lock_init_class_and_name(sk, "slock-AF_UNIX-NBD",
+                                             &nbd_slock_key[2],
+                                             "sk_lock-AF_UNIX-NBD",
+                                             &nbd_key[2]);
+               break;
+       }
+}
+#else
+static inline void nbd_reclassify_socket(struct socket *sock) {}
+#endif
+
 static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
                          bool netlink)
 {
@@ -1254,6 +1290,7 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
        sock = nbd_get_socket(nbd, arg, &err);
        if (!sock)
                return err;
+       nbd_reclassify_socket(sock);
 
        /*
         * We need to make sure we don't get any errant requests while we're