From: Sasha Levin <redacted>
Date: Mon, 04 Aug 2014 22:10:19 -0400

On 08/02/2014 05:47 AM, Thomas Graf wrote:

quoted

 static void *netlink_seq_start(struct seq_file *seq, loff_t *pos)
-	__acquires(nl_table_lock)
 {
-	read_lock(&nl_table_lock);
+	rcu_read_lock();
 	return *pos ? netlink_seq_socket_idx(seq, *pos - 1) : SEQ_START_TOKEN;
 }

I'm not sure how you expect this code to work. You're replacing a local lock
with a RCU critical section. Imagine you're doing spin_lock() and just going
back to userspace.

It's quite easy to trigger this issue:

I think he expected the end of the seq sequence to drop the RCU lock,
via netlink_seq_stop().