iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 5f45a3c012 net: add READ_ONCE() annotation in __skb_wait_for_more_packets() 
[ Upstream commit 7c422d0ce97552dde4a97e6290de70ec6efb0fc6 ]

__skb_wait_for_more_packets() can be called while other cpus
can feed packets to the socket receive queue.

KCSAN reported :

BUG: KCSAN: data-race in __skb_wait_for_more_packets / __udp_enqueue_schedule_skb

write to 0xffff888102e40b58 of 8 bytes by interrupt on cpu 0:
 __skb_insert include/linux/skbuff.h:1852 [inline]
 __skb_queue_before include/linux/skbuff.h:1958 [inline]
 __skb_queue_tail include/linux/skbuff.h:1991 [inline]
 __udp_enqueue_schedule_skb+0x2d7/0x410 net/ipv4/udp.c:1470
 __udp_queue_rcv_skb net/ipv4/udp.c:1940 [inline]
 udp_queue_rcv_one_skb+0x7bd/0xc70 net/ipv4/udp.c:2057
 udp_queue_rcv_skb+0xb5/0x400 net/ipv4/udp.c:2074
 udp_unicast_rcv_skb.isra.0+0x7e/0x1c0 net/ipv4/udp.c:2233
 __udp4_lib_rcv+0xa44/0x17c0 net/ipv4/udp.c:2300
 udp_rcv+0x2b/0x40 net/ipv4/udp.c:2470
 ip_protocol_deliver_rcu+0x4d/0x420 net/ipv4/ip_input.c:204
 ip_local_deliver_finish+0x110/0x140 net/ipv4/ip_input.c:231
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_local_deliver+0x133/0x210 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:442 [inline]
 ip_rcv_finish+0x121/0x160 net/ipv4/ip_input.c:413
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_rcv+0x18f/0x1a0 net/ipv4/ip_input.c:523
 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010
 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124
 process_backlog+0x1d3/0x420 net/core/dev.c:5955

read to 0xffff888102e40b58 of 8 bytes by task 13035 on cpu 1:
 __skb_wait_for_more_packets+0xfa/0x320 net/core/datagram.c:100
 __skb_recv_udp+0x374/0x500 net/ipv4/udp.c:1683
 udp_recvmsg+0xe1/0xb10 net/ipv4/udp.c:1712
 inet_recvmsg+0xbb/0x250 net/ipv4/af_inet.c:838
 sock_recvmsg_nosec+0x5c/0x70 net/socket.c:871
 ___sys_recvmsg+0x1a0/0x3e0 net/socket.c:2480
 do_recvmmsg+0x19a/0x5c0 net/socket.c:2601
 __sys_recvmmsg+0x1ef/0x200 net/socket.c:2680
 __do_sys_recvmmsg net/socket.c:2703 [inline]
 __se_sys_recvmmsg net/socket.c:2696 [inline]
 __x64_sys_recvmmsg+0x89/0xb0 net/socket.c:2696
 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 13035 Comm: syz-executor.3 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-11-10 11:25:29 +01:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-10-03 17:00:47 -07:00
9p
9p/virtio: Add cleanup path in p9_virtio_init
2019-07-31 07:28:39 +02:00
802
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
8021q
vlan: disable SIOCSHWTSTAMP in container
2019-05-16 19:42:34 +02:00
appletalk
appletalk: enforce CAP_NET_RAW for raw sockets
2019-10-05 12:47:43 +02:00
atm
net: atm: Fix potential Spectre v1 vulnerabilities
2019-04-27 09:35:33 +02:00
ax25
ax25: enforce CAP_NET_RAW for raw sockets
2019-10-05 12:47:43 +02:00
batman-adv
batman-adv: Only read OGM2 tvlv_len after buffer len check
2019-09-21 07:15:35 +02:00
bluetooth
Revert "Bluetooth: validate BLE connection interval updates"
2019-10-05 12:47:31 +02:00
bpf
bridge
bridge/mdb: remove wrong use of NLM_F_MULTI
2019-09-19 09:07:59 +02:00
caif
caif: reduce stack size with KASAN
2019-05-08 07:20:45 +02:00
can
can: af_can: Fix error path of can_init()
2019-07-21 09:04:22 +02:00
ceph
libceph: fix PG split vs OSD (re)connect race
2019-08-29 08:26:42 +02:00
core
net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
2019-11-10 11:25:29 +01:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:43:43 +02:00
dccp
dccp: do not leak jiffies on the wire
2019-11-10 11:25:22 +01:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:07:52 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:28:49 +02:00
dsa
net: dsa: Fix error cleanup path in dsa_init_module
2019-05-16 19:42:34 +02:00
ethernet
hsr
net/hsr: fix possible crash in add_timer()
2019-03-19 13:13:22 +01:00
ieee802154
ieee802154: enforce CAP_NET_RAW for raw sockets
2019-10-05 12:47:44 +02:00
ife
net: sched: ife: check on metadata length
2018-04-29 11:33:13 +02:00
ipv4
udp: fix data-race in udp_set_dev_scratch()
2019-11-10 11:25:29 +01:00
ipv6
net: annotate accesses to sk->sk_incoming_cpu
2019-11-10 11:25:23 +01:00
ipx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:10:41 +02:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:37:45 +02:00
key
xfrm: clean up xfrm protocol checks
2019-09-16 08:20:44 +02:00
l2tp
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
2019-08-09 17:53:35 +02:00
l3mdev
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:16:14 +02:00
llc
llc: fix sk_buff leak in llc_conn_service()
2019-11-06 12:43:36 +01:00
mac80211
mac80211: Reject malformed SSID elements
2019-10-29 09:17:35 +01:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 19:55:52 +02:00
mpls
mpls: Return error for RTA_GATEWAY attribute
2019-03-13 14:03:09 -07:00
ncsi
net/ncsi: Fix length of GVI response packet
2017-10-21 01:56:38 +01:00
netfilter
netfilter: nf_tables: allow lookups in dynamic sets
2019-10-11 18:18:39 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2019-03-13 14:03:08 -07:00
netlink
genetlink: Fix a memory leak on error path
2019-04-03 06:25:08 +02:00
netrom
netrom: hold sock when setting skb->destructor
2019-07-31 07:28:46 +02:00
nfc
NFC: fix attrs checks in netlink interface
2019-10-07 18:55:22 +02:00
nsh
nsh: set mac len based on inner packet
2018-07-22 14:28:49 +02:00
openvswitch
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
2019-10-05 12:47:41 +02:00
packet
net/packet: fix race in tpacket_snd()
2019-08-25 10:50:26 +02:00
phonet
phonet: fix building with clang
2019-03-23 14:35:16 +01:00
psample
net: sched: act_sample: fix psample group handling on overwrite
2019-09-10 10:32:21 +01:00
qrtr
net: qrtr: Stop rx_worker before freeing node
2019-10-05 12:47:40 +02:00
rds
net/rds: Fix error handling in rds_ib_add_one()
2019-10-07 18:55:20 +02:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:10:26 +02:00
rose
net/rose: fix unbound loop in rose_loopback_timer()
2019-05-02 09:40:34 +02:00
rxrpc
rxrpc: Fix call ref leak
2019-11-06 12:43:37 +01:00
sched
sch_netem: fix rcu splat in netem_enqueue()
2019-11-06 12:43:39 +01:00
sctp
sctp: not bind the socket in sctp_connect
2019-11-06 12:43:39 +01:00
smc
net/smc: make sure EPOLLOUT is raised
2019-09-06 10:20:50 +02:00
strparser
strparser: Remove early eaten to fix full tcp receive buffer stall
2018-07-22 14:28:47 +02:00
sunrpc
net :sunrpc :clnt :Fix xps refcount imbalance on the error path
2019-07-21 09:04:29 +02:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: fix unlimited bundling of small messages
2019-10-07 18:55:20 +02:00
tls
net/tls: Fixed return value when tls_complete_pending_work() fails
2018-12-05 19:41:11 +01:00
unix
missing barriers in some of unix_sock ->addr and ->path accesses
2019-03-19 13:13:24 +01:00
vmw_vsock
vsock: Fix a lockdep warning in __vsock_release()
2019-10-07 18:55:19 +02:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
nl80211: fix validation of mesh path nexthop
2019-11-06 12:43:34 +01:00
x25
net/x25: fix a race in x25_bind()
2019-03-19 13:13:23 +01:00
xfrm
xfrm: clean up xfrm protocol checks
2019-09-16 08:20:44 +02:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 17:14:46 +01:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
socket.c
bpf: get rid of pure_initcall dependency to enable jits
2019-08-25 10:50:02 +02:00
sysctl_net.c