github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 22:14:04 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
bc5fc4a609
linux/drivers
History
Eric Dumazet bc5fc4a609 net: add annotations on hh->hh_len lockless accesses 
[ Upstream commit c305c6ae79 ]

KCSAN reported a data-race [1]

While we can use READ_ONCE() on the read sides,
we need to make sure hh->hh_len is written last.

[1]

BUG: KCSAN: data-race in eth_header_cache / neigh_resolve_output

write to 0xffff8880b9dedcb8 of 4 bytes by task 29760 on cpu 0:
 eth_header_cache+0xa9/0xd0 net/ethernet/eth.c:247
 neigh_hh_init net/core/neighbour.c:1463 [inline]
 neigh_resolve_output net/core/neighbour.c:1480 [inline]
 neigh_resolve_output+0x415/0x470 net/core/neighbour.c:1470
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a2/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ndisc_send_skb+0x459/0x5f0 net/ipv6/ndisc.c:505
 ndisc_send_ns+0x207/0x430 net/ipv6/ndisc.c:647
 rt6_probe_deferred+0x98/0xf0 net/ipv6/route.c:615
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

read to 0xffff8880b9dedcb8 of 4 bytes by task 29572 on cpu 1:
 neigh_resolve_output net/core/neighbour.c:1479 [inline]
 neigh_resolve_output+0x113/0x470 net/core/neighbour.c:1470
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a2/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ndisc_send_skb+0x459/0x5f0 net/ipv6/ndisc.c:505
 ndisc_send_ns+0x207/0x430 net/ipv6/ndisc.c:647
 rt6_probe_deferred+0x98/0xf0 net/ipv6/route.c:615
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 29572 Comm: kworker/1:4 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events rt6_probe_deferred

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-01-09 10:19:09 +01:00
..
accessibility
acpi ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 2020-01-09 10:19:04 +01:00
amba
android binder: Handle start==NULL in binder_update_page_range() 2019-12-13 08:52:52 +01:00
ata libata: Fix retrieving of active qcs 2020-01-09 10:19:01 +01:00
atm atm: zatm: Fix empty body Clang warnings 2019-12-01 09:16:41 +01:00
auxdisplay auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach 2019-09-06 10:21:56 +02:00
base drivers/base/platform.c: kmemleak ignore a known leak 2019-12-05 09:21:04 +01:00
bcma
block xen-blkback: prevent premature module unload 2020-01-09 10:18:58 +01:00
bluetooth Bluetooth: btusb: fix PM leak in error case of setup 2020-01-09 10:19:04 +01:00
bus bus: ti-sysc: Fix getting optional clocks in clock_roles 2019-12-13 08:51:23 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:13:12 +01:00
char ipmi: Don't allow device module unload when in use 2019-12-31 16:35:23 +01:00
clk clk: pxa: fix one of the pxa RTC clocks 2020-01-04 19:12:57 +01:00
clocksource clocksource/drivers/timer-of: Use unique device name instead of timer 2020-01-04 19:12:45 +01:00
connector
cpufreq cpufreq: Register drivers only after CPU devices have been registered 2019-12-31 16:36:01 +01:00
cpuidle cpuidle: Do not unset the driver if it is there already 2019-12-17 20:35:00 +01:00
crypto crypto: vmx - Avoid weird build failures 2019-12-31 16:36:13 +01:00
dax mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses 2019-05-22 07:37:40 +02:00
dca
devfreq PM / devfreq: Check NULL governor in available_governors_show 2020-01-09 10:19:03 +01:00
dio
dma dmaengine: xilinx_dma: Clear desc_pendingcount in xilinx_dma_reset 2020-01-04 19:12:38 +01:00
dma-buf dma-buf: Fix memory leak in sync_file_merge() 2019-12-21 10:57:38 +01:00
edac EDAC/ghes: Fix grain calculation 2019-12-31 16:35:58 +01:00
eisa
extcon extcon: sm5502: Reset registers during initialization 2019-12-31 16:35:11 +01:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
firmware firmware: arm_scmi: Avoid double free in error flow 2019-12-17 20:35:52 +01:00
fmc
fpga fpga: altera-ps-spi: Fix getting of optional confd gpio 2019-09-21 07:16:53 +02:00
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:35:55 +01:00
gnss
gpio gpiolib: fix up emulated open drain outputs 2020-01-09 10:19:01 +01:00
gpu drm/mst: Fix MST sideband up-reply failure handling 2020-01-09 10:19:07 +01:00
hid HID: i2c-hid: Reset ALPS touchpads on resume 2020-01-09 10:19:03 +01:00
hsi
hv vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
hwmon hwmon: (npcm-750-pwm-fan) Change initial pwm target to 255 2019-11-24 08:21:01 +01:00
hwspinlock
hwtracing intel_th: pci: Add Elkhart Lake SOC support 2019-12-31 16:36:24 +01:00
i2c i2c: imx: don't print error message on probe defer 2019-12-13 08:51:57 +01:00
ide
idle x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
iio iio: adc: max9611: Fix too short conversion time delay 2020-01-09 10:18:55 +01:00
infiniband IB/mlx5: Fix steering rule of drop and count 2020-01-09 10:18:58 +01:00
input Input: atmel_mxt_ts - disable IRQ across suspend 2020-01-04 19:12:36 +01:00
iommu iommu/tegra-smmu: Fix page tables in > 4 GiB memory 2020-01-04 19:12:38 +01:00
ipack
irqchip irqchip: ingenic: Error out if IRQ domain creation failed 2020-01-04 19:12:52 +01:00
isdn staging: gigaset: add endpoint-type sanity check 2019-12-17 20:34:33 +01:00
leds leds: lm3692x: Handle failure to probe the regulator 2020-01-04 19:12:43 +01:00
lightnvm lightnvm: pblk: consider max hw sectors supported for max_write_pgs 2019-11-24 08:20:52 +01:00
macintosh macintosh/windfarm_smu_sat: Fix debug output 2019-12-01 09:16:37 +01:00
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:13:17 +01:00
mcb
md md: raid1: check rdev before reference in raid1_sync_request func 2020-01-09 10:18:57 +01:00
media media: usb: fix memory leak in af9005_identify_state 2020-01-09 10:19:06 +01:00
memory memory: omap-gpmc: Get the header of the enum 2019-12-05 09:20:29 +01:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-29 09:20:07 +01:00
message
mfd mfd: max8997: Enale irq-wakeup unconditionally 2019-12-01 09:16:57 +01:00
misc altera-stapl: check for a null key before strcasecmp'ing it 2019-12-13 08:51:56 +01:00
mmc mmc: sdhci: Add a quirk for broken command queuing 2019-12-31 16:36:36 +01:00
mtd mtd: spear_smi: Fix Write Burst mode 2019-12-17 20:34:42 +01:00
mux
net ath9k_htc: Discard undersized packets 2020-01-09 10:19:09 +01:00
nfc NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error 2019-12-13 08:51:03 +01:00
ntb ntb: intel: fix return value for ndev_vec_mask() 2019-12-01 09:17:13 +01:00
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:13:00 +01:00
nvme nvme-fc: fix double-free scenarios on hw queues 2020-01-09 10:18:54 +01:00
nvmem nvmem: imx-ocotp: reset error status on probe 2019-12-31 16:35:37 +01:00
of of: unittest: fix memory leak in attach_node_and_children 2019-12-17 20:36:04 +01:00
opp OPP: Return error on error from dev_pm_opp_get_opp_count() 2019-11-24 08:20:06 +01:00
oprofile
parisc parisc: Disable HP HSC-PCI Cards to prevent kernel crash 2019-10-05 13:10:04 +02:00
parport parport: load lowlevel driver if ports not found 2019-12-31 16:36:01 +01:00
pci PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info 2020-01-04 19:12:55 +01:00
pcmcia
perf drivers/perf: arm_pmu: Fix failure path in PM notifier 2019-08-06 19:06:55 +02:00
phy phy: qcom-usb-hs: Fix extcon double register after power cycle 2019-12-31 16:35:30 +01:00
pinctrl pinctrl: baytrail: Really serialize all register accesses 2020-01-04 19:13:45 +01:00
platform platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table 2020-01-09 10:19:04 +01:00
pnp
power power: supply: cpcap-battery: Fix signed counter sample register 2019-12-17 20:35:37 +01:00
powercap x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
pps drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl 2019-08-04 09:30:56 +02:00
ps3
ptp ptp: fix the race between the release of ptp_clock and cdev 2020-01-04 19:13:35 +01:00
pwm pwm: Clear chip_data in pwm_put() 2019-12-05 09:21:29 +01:00
rapidio drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings 2019-08-06 19:06:52 +02:00
ras RAS/CEC: Fix pfn insertion 2019-07-26 09:14:05 +02:00
regulator regulator: ab8500: Remove AB8505 USB regulator 2020-01-09 10:19:05 +01:00
remoteproc remoteproc: qcom: q6v5: Fix a race condition on fatal crash 2019-11-24 08:20:29 +01:00
reset reset: Fix memory leak in reset_control_array_put() 2019-12-05 09:19:36 +01:00
rpmsg rpmsg: glink: Free pending deferred work on remove 2019-12-21 10:57:30 +01:00
rtc rtc: disable uie before setting time and enable after 2019-12-17 20:35:43 +01:00
s390 s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR 2020-01-04 19:13:14 +01:00
sbus
scsi scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails 2020-01-09 10:19:07 +01:00
sfi
sh
siox
slimbus slimbus: ngd: Fix build error on x86 2019-12-13 08:51:54 +01:00
sn
soc soc: renesas: r8a77990-sysc: Fix initialization order of 3DG-{A,B} 2019-12-13 08:52:29 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:35:55 +01:00
spi spi: fsl: use platform_get_irq() instead of of_irq_to_resource() 2020-01-04 19:13:45 +01:00
spmi
ssb ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit 2019-05-31 06:46:04 -07:00
staging staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value 2019-12-31 16:36:26 +01:00
target scsi: target: iscsi: Wait for all commands to finish before freeing a session 2020-01-04 19:13:06 +01:00
tc
tee tee: optee: add missing of_node_put after of_device_is_available 2019-11-24 08:19:08 +01:00
thermal thermal: Fix deadlock in thermal thermal_zone_device_check 2019-12-13 08:52:50 +01:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-12-05 09:21:27 +01:00
tty powerpc/pseries/hvconsole: Fix stack overread via udbg 2020-01-09 10:19:08 +01:00
uio vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
usb usb: gadget: fix wrong endpoint desc 2020-01-09 10:18:57 +01:00
uwb
vfio vfio/pci: call irq_bypass_unregister_producer() before freeing irq 2019-12-21 10:57:37 +01:00
vhost vhost/vsock: accept only packets with the right dst_cid 2020-01-04 19:13:36 +01:00
video video/hdmi: Fix AVI bar unpack 2019-12-17 20:35:17 +01:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-11-06 13:06:04 +01:00
virtio virtio-balloon: fix managed page counts when migrating pages between zones 2019-12-17 20:34:43 +01:00
visorbus
vlynq
vme
w1 w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). 2019-12-01 09:16:22 +01:00
watchdog watchdog: Fix the race between the release of watchdog_core_data and cdev 2020-01-04 19:13:01 +01:00
xen xen/balloon: fix ballooned page accounting without hotplug enabled 2020-01-09 10:18:58 +01:00
zorro
Kconfig
Makefile