iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 71685eb4ce inetpeer: fix data-race in inet_putpeer / inet_putpeer 
We need to explicitely forbid read/store tearing in inet_peer_gc()
and inet_putpeer().

The following syzbot report reminds us about inet_putpeer()
running without a lock held.

BUG: KCSAN: data-race in inet_putpeer / inet_putpeer

write to 0xffff888121fb2ed0 of 4 bytes by interrupt on cpu 0:
 inet_putpeer+0x37/0xa0 net/ipv4/inetpeer.c:240
 ip4_frag_free+0x3d/0x50 net/ipv4/ip_fragment.c:102
 inet_frag_destroy_rcu+0x58/0x80 net/ipv4/inet_fragment.c:228
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x256/0x5b0 kernel/rcu/tree.c:2157
 rcu_core+0x369/0x4d0 kernel/rcu/tree.c:2377
 rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2386
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xbb/0xe0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0xe6/0x280 arch/x86/kernel/apic/apic.c:1137
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
 native_safe_halt+0xe/0x10 arch/x86/kernel/paravirt.c:71
 arch_cpu_idle+0x1f/0x30 arch/x86/kernel/process.c:571
 default_idle_call+0x1e/0x40 kernel/sched/idle.c:94
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1af/0x280 kernel/sched/idle.c:263

write to 0xffff888121fb2ed0 of 4 bytes by interrupt on cpu 1:
 inet_putpeer+0x37/0xa0 net/ipv4/inetpeer.c:240
 ip4_frag_free+0x3d/0x50 net/ipv4/ip_fragment.c:102
 inet_frag_destroy_rcu+0x58/0x80 net/ipv4/inet_fragment.c:228
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x256/0x5b0 kernel/rcu/tree.c:2157
 rcu_core+0x369/0x4d0 kernel/rcu/tree.c:2377
 rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2386
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603
 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: 4b9d9be839fd ("inetpeer: remove unused list")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-11-07 16:15:56 -08:00
..
6lowpan
6lowpan: no need to check return value of debugfs_create functions
2019-07-06 12:50:01 +02:00
9p
9p pull request for inclusion in 5.4
2019-09-27 15:10:34 -07:00
802
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
8021q
net: remove unnecessary variables and callback
2019-10-24 14:53:49 -07:00
appletalk
appletalk: enforce CAP_NET_RAW for raw sockets
2019-09-24 16:37:18 +02:00
atm
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
ax25
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
batman-adv
batman-adv: Drop lockdep.h include for soft-interface.c
2019-11-03 08:30:58 +01:00
bluetooth
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
bpf
bpf: Allow __sk_buff tstamp in BPF_PROG_TEST_RUN
2019-10-15 16:24:26 -07:00
bpfilter
Kbuild updates for v5.3
2019-07-12 16:03:16 -07:00
bridge
net: bridge: fdb: eliminate extra port state tests from fast-path
2019-11-04 11:15:27 -08:00
caif
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
can
can: add support of SAE J1939 protocol
2019-09-04 14:22:33 +02:00
ceph
libceph: use ceph_kvmalloc() for osdmap arrays
2019-09-16 12:06:25 +02:00
core
net_sched: gen_estimator: extend packet counter to 64bit
2019-11-06 21:51:36 -08:00
dcb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
dccp
net: annotate lockless accesses to sk->sk_max_ack_backlog
2019-11-06 16:14:48 -08:00
decnet
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
dns_resolver
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
2019-07-10 18:43:43 -07:00
dsa
net: dsa: Add support for devlink resources
2019-11-05 18:09:45 -08:00
ethernet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-07 11:00:14 -07:00
hsr
hsr: switch ->dellink() to ->ndo_uninit()
2019-07-11 14:37:45 -07:00
ieee802154
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
ife
net: Fix Kconfig indentation
2019-09-26 08:56:17 +02:00
ipv4
inetpeer: fix data-race in inet_putpeer / inet_putpeer
2019-11-07 16:15:56 -08:00
ipv6
net: annotate lockless accesses to sk->sk_ack_backlog
2019-11-06 16:14:48 -08:00
iucv
net/af_iucv: mark expected switch fall-throughs
2019-07-29 10:26:14 -07:00
kcm
kcm: disable preemption in kcm_parse_func_strparser()
2019-09-27 10:27:14 +02:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-07-08 19:48:57 -07:00
l2tp
net: core: add generic lockdep keys
2019-10-24 14:53:48 -07:00
l3mdev
ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF
2019-06-23 13:24:17 -07:00
lapb
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-17 20:20:36 -07:00
llc
net: silence data-races on sk_backlog.tail
2019-11-06 21:35:34 -08:00
mac80211
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-10-20 10:43:00 -07:00
mac802154
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
mpls
ipv4: mpls: fix mpls_xmit for iptunnel
2019-08-25 14:34:08 -07:00
ncsi
net/ncsi: Disable global multicast filter
2019-09-19 18:04:40 -07:00
netfilter
icmp: remove duplicate code
2019-11-05 14:03:11 -08:00
netlabel
netlabel: remove redundant assignment to pointer iter
2019-09-01 11:45:02 -07:00
netlink
genetlink: do not parse attributes for families with zero maxattr
2019-10-13 11:20:03 -07:00
netrom
net: core: add generic lockdep keys
2019-10-24 14:53:48 -07:00
nfc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
nsh
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
openvswitch
net: openvswitch: select vport upcall portid directly
2019-11-06 21:25:19 -08:00
packet
netfilter: drop bridge nf reset from nf_reset
2019-10-01 18:42:15 +02:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
psample
net: sched: take reference to psample group in flow_action infra
2019-09-16 09:18:03 +02:00
qrtr
net: qrtr: Simplify 'qrtr_tun_release()'
2019-10-30 17:58:23 -07:00
rds
net/rds: Remove unnecessary null check
2019-10-17 15:23:03 -04:00
rfkill
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
rose
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
rxrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
sched
net: annotate lockless accesses to sk->sk_max_ack_backlog
2019-11-06 16:14:48 -08:00
sctp
net: annotate lockless accesses to sk->sk_max_ack_backlog
2019-11-06 16:14:48 -08:00
smc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
strparser
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-22 08:59:24 -04:00
sunrpc
SUNRPC: Destroy the back channel when we destroy the host transport
2019-10-30 12:04:35 -04:00
switchdev
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tipc
tipc: eliminate the dummy packet in link synching
2019-11-06 21:16:02 -08:00
tls
net/tls: store decrypted on a single bit
2019-10-07 09:58:28 -04:00
unix
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
vmw_vsock
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
wimax
wimax: no need to check return value of debugfs_create functions
2019-08-10 15:25:47 -07:00
wireless
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-11-02 13:54:56 -07:00
x25
net: use helpers to change sk_ack_backlog
2019-11-06 16:14:48 -08:00
xdp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2019-11-02 15:29:58 -07:00
xfrm
netfilter: drop bridge nf reset from nf_reset
2019-10-01 18:42:15 +02:00
compat.c
uio: make import_iovec()/compat_import_iovec() return bytes on success
2019-05-31 15:30:03 -06:00
Kconfig
devlink: Add packet trap infrastructure
2019-08-17 12:40:08 -07:00
Makefile
socket.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
sysctl_net.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00