github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 13:37:36 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
90073aecc3
linux/include/net
History
Eric Dumazet 9707960ecf inet: annotate date races around sk->sk_txhash 
[ Upstream commit b71eaed8c0 ]

UDP sendmsg() path can be lockless, it is possible for another
thread to re-connect an change sk->sk_txhash under us.

There is no serious impact, but we can use READ_ONCE()/WRITE_ONCE()
pair to document the race.

BUG: KCSAN: data-race in __ip4_datagram_connect / skb_set_owner_w

write to 0xffff88813397920c of 4 bytes by task 30997 on cpu 1:
 sk_set_txhash include/net/sock.h:1937 [inline]
 __ip4_datagram_connect+0x69e/0x710 net/ipv4/datagram.c:75
 __ip6_datagram_connect+0x551/0x840 net/ipv6/datagram.c:189
 ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272
 inet_dgram_connect+0xfd/0x180 net/ipv4/af_inet.c:580
 __sys_connect_file net/socket.c:1837 [inline]
 __sys_connect+0x245/0x280 net/socket.c:1854
 __do_sys_connect net/socket.c:1864 [inline]
 __se_sys_connect net/socket.c:1861 [inline]
 __x64_sys_connect+0x3d/0x50 net/socket.c:1861
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88813397920c of 4 bytes by task 31039 on cpu 0:
 skb_set_hash_from_sk include/net/sock.h:2211 [inline]
 skb_set_owner_w+0x118/0x220 net/core/sock.c:2101
 sock_alloc_send_pskb+0x452/0x4e0 net/core/sock.c:2359
 sock_alloc_send_skb+0x2d/0x40 net/core/sock.c:2373
 __ip6_append_data+0x1743/0x21a0 net/ipv6/ip6_output.c:1621
 ip6_make_skb+0x258/0x420 net/ipv6/ip6_output.c:1983
 udpv6_sendmsg+0x160a/0x16b0 net/ipv6/udp.c:1527
 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:642
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg net/socket.c:674 [inline]
 ____sys_sendmsg+0x360/0x4d0 net/socket.c:2350
 ___sys_sendmsg net/socket.c:2404 [inline]
 __sys_sendmmsg+0x315/0x4b0 net/socket.c:2490
 __do_sys_sendmmsg net/socket.c:2519 [inline]
 __se_sys_sendmmsg net/socket.c:2516 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2516
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0xbca3c43d -> 0xfdb309e0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 31039 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-06-30 08:47:21 -04:00
..
9p
bluetooth Bluetooth: verify AMP hci_chan before amp_destroy 2021-05-14 09:49:55 +02:00
caif net: caif: add proper error handling 2021-06-10 13:39:24 +02:00
iucv
netfilter netfilter: flowtable: Remove redundant hw refresh bit 2021-06-03 09:00:37 +02:00
netns net: xfrm: Localize sequence counter per network namespace 2021-04-14 08:42:05 +02:00
nfc NFC: nci: fix memory leak in nci_allocate_device 2021-05-28 13:17:43 +02:00
phonet
sctp
tc_act Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-15 12:43:21 -07:00
6lowpan.h
act_api.h net: sched: fix err handler in tcf_action_init() 2021-04-14 08:42:05 +02:00
addrconf.h net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-05-14 09:50:44 +02:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bareudp.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h bonding: fix feature flag setting at init time 2020-12-08 11:26:08 -08:00
bpf_sk_storage.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h mac80211: properly handle A-MSDUs that start with an RFC 1042 header 2021-06-03 09:00:29 +02:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h
dsfield.h
dst_cache.h
dst_metadata.h
dst_ops.h
dst.h net: Consolidate common blackhole dst ops 2021-03-30 14:32:05 +02:00
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow_dissector.h
flow_offload.h
flow.h
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 11:38:46 +01:00
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet_common.h
inet_connection_sock.h tcp: relookup sock for RST+ACK packets handled by obsolete req sock 2021-03-30 14:31:59 +02:00
inet_ecn.h inet_ecn: Fix endianness of checksum update when setting ECT(1) 2020-12-01 17:16:54 -08:00
inet_frag.h
inet_hashtables.h tcp: fix race condition when creating child sockets from syncookies 2020-11-23 16:32:33 -08:00
inet_sock.h
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h
inetpeer.h
ip_fib.h
ip_tunnels.h ip_tunnels: Set tunnel option flag when tunnel metadata is present 2020-11-13 16:58:10 -08:00
ip_vs.h
ip.h
ip6_checksum.h
ip6_fib.h
ip6_route.h
ip6_tunnel.h
ipcomp.h
ipconfig.h
ipv6_frag.h ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module 2020-11-19 10:49:50 -08:00
ipv6_stubs.h
ipv6.h ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module 2020-11-19 10:49:50 -08:00
ipx.h
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h mac80211: Fix NULL ptr deref for injected rate info 2021-06-23 14:42:52 +02:00
mac802154.h
macsec.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mptcp.h
mrp.h
ncsi.h
ndisc.h
neighbour.h net: Exempt multicast addresses from five-second neighbor lifetime 2020-11-13 14:24:39 -08:00
net_failover.h
net_namespace.h net: make get_net_ns return error if NET_NS is disabled 2021-06-23 14:42:44 +02:00
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h ipv6: fix suspecious RCU usage warning 2021-03-30 14:31:57 +02:00
nl802154.h
nsh.h
p8022.h
page_pool.h mm: fix struct page layout on 32-bit systems 2021-05-19 10:13:17 +02:00
pie.h
ping.h
pkt_cls.h net: zero-initialize tc skb extension on allocation 2021-06-03 09:00:51 +02:00
pkt_sched.h net: sched: fix tx action rescheduling issue during deactivation 2021-06-03 09:00:47 +02:00
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h sch_red: fix off-by-one checks in red_check_params() 2021-04-14 08:42:07 +02:00
regulatory.h
request_sock.h
rose.h
route.h
rpl.h
rsi_91x.h
rtnetlink.h can: dev: Move device back to init netns on owning netns delete 2021-03-30 14:32:08 +02:00
rtnh.h
sch_generic.h net: sched: fix packet stuck problem for lockless qdisc 2021-06-03 09:00:47 +02:00
scm.h
secure_seq.h
seg6_hmac.h
seg6_local.h
seg6.h
slhc_vj.h
smc.h
snmp.h
sock_reuseport.h
sock.h inet: annotate date races around sk->sk_txhash 2021-06-30 08:47:21 -04:00
Space.h
stp.h
strparser.h
switchdev.h switchdev: mrp: Remove SWITCHDEV_ATTR_ID_MRP_PORT_STAT 2021-02-17 11:02:29 +01:00
tcp_states.h
tcp.h tcp: fix SO_RCVLOWAT related hangs under mem pressure 2021-03-04 11:37:33 +01:00
timewait_sock.h
tipc.h
tls_toe.h
tls.h net/tls: Fix use-after-free after the TLS device goes down and up 2021-06-10 13:39:18 +02:00
transp_v6.h
tso.h
tun_proto.h
udp_tunnel.h
udp.h udp: ipv4: manipulate network header of NATed UDP GRO fraglist 2021-02-10 09:29:23 +01:00
udplite.h
vsock_addr.h
vxlan.h
wext.h
wimax.h
x25.h
x25device.h
xdp_priv.h
xdp_sock_drv.h
xdp_sock.h xsk: Fix race in SKB mode transmit with shared cq 2021-01-17 14:17:05 +01:00
xdp.h xdp: Remove the xdp_attachment_flags_ok() callback 2020-12-09 16:27:42 +01:00
xfrm.h xfrm: Fix NULL pointer dereference on policy lookup 2021-04-14 08:42:06 +02:00
xsk_buff_pool.h xsk: Fix race in SKB mode transmit with shared cq 2021-01-17 14:17:05 +01:00