iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv4
History
Eric Dumazet 250cd610f8 ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr 
commit 195374d893681da43a39796e53b30ac4f20400c4 upstream.

syzbot reported a data-race while accessing nh->nh_saddr_genid [1]

Add annotations, but leave the code lazy as intended.

[1]
BUG: KCSAN: data-race in fib_select_path / fib_select_path

write to 0xffff8881387166f0 of 4 bytes by task 6778 on cpu 1:
fib_info_update_nhc_saddr net/ipv4/fib_semantics.c:1334 [inline]
fib_result_prefsrc net/ipv4/fib_semantics.c:1354 [inline]
fib_select_path+0x292/0x330 net/ipv4/fib_semantics.c:2269
ip_route_output_key_hash_rcu+0x659/0x12c0 net/ipv4/route.c:2810
ip_route_output_key_hash net/ipv4/route.c:2644 [inline]
__ip_route_output_key include/net/route.h:134 [inline]
ip_route_output_flow+0xa6/0x150 net/ipv4/route.c:2872
send4+0x1f5/0x520 drivers/net/wireguard/socket.c:61
wg_socket_send_skb_to_peer+0x94/0x130 drivers/net/wireguard/socket.c:175
wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
worker_thread+0x525/0x730 kernel/workqueue.c:2784
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

read to 0xffff8881387166f0 of 4 bytes by task 6759 on cpu 0:
fib_result_prefsrc net/ipv4/fib_semantics.c:1350 [inline]
fib_select_path+0x1cb/0x330 net/ipv4/fib_semantics.c:2269
ip_route_output_key_hash_rcu+0x659/0x12c0 net/ipv4/route.c:2810
ip_route_output_key_hash net/ipv4/route.c:2644 [inline]
__ip_route_output_key include/net/route.h:134 [inline]
ip_route_output_flow+0xa6/0x150 net/ipv4/route.c:2872
send4+0x1f5/0x520 drivers/net/wireguard/socket.c:61
wg_socket_send_skb_to_peer+0x94/0x130 drivers/net/wireguard/socket.c:175
wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
worker_thread+0x525/0x730 kernel/workqueue.c:2784
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

value changed: 0x959d3217 -> 0x959d3218

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6759 Comm: kworker/u4:15 Not tainted 6.6.0-rc4-syzkaller-00029-gcbf3a2cb156a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker

Fixes: 436c3b66ec98 ("ipv4: Invalidate nexthop cache nh_saddr more correctly.")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20231017192304.82626-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-10-25 11:54:20 +02:00
..
bpfilter
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
2020-08-10 12:06:44 -07:00
netfilter
netfilter: nf_tables: add and use nft_sk helper
2023-10-10 21:53:29 +02:00
af_inet.c
tcp: deny tcp_disconnect() when threads are waiting
2023-06-09 10:30:05 +02:00
ah4.c
xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume
2021-04-14 08:42:05 +02:00
arp.c
ipv4: Invalidate neighbour for broadcast address upon address addition
2022-04-13 21:00:57 +02:00
bpf_tcp_ca.c
bpf: Change bpf_sk_storage_*() to accept ARG_PTR_TO_BTF_ID_SOCK_COMMON
2020-09-25 13:58:01 -07:00
cipso_ipv4.c
cipso: Fix data-races around sysctl.
2022-07-21 21:20:08 +02:00
datagram.c
udp: Update reuse->has_conns under reuseport_lock.
2022-10-30 09:41:19 +01:00
devinet.c
net: ipv4: fix one memleak in __inet_del_ifa()
2023-09-19 12:20:29 +02:00
esp4_offload.c
xfrm: Linearize the skb after offloading if needed.
2023-06-28 10:28:11 +02:00
esp4.c
net: ipv4: fix return value check in esp_remove_trailer
2023-10-25 11:54:19 +02:00
fib_frontend.c
ipv4: Fix incorrect table ID in IOCTL path
2023-03-22 13:30:00 +01:00
fib_lookup.h
fib_notifier.c
fib_rules.c
ipv4: convert fib_num_tclassid_users to atomic_t
2021-12-08 09:03:26 +01:00
fib_semantics.c
ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
2023-10-25 11:54:20 +02:00
fib_trie.c
ipv4: annotate data-races around fi->fib_dead
2023-09-19 12:20:26 +02:00
fou.c
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
gre_demux.c
erspan: fix version 1 check in gre_parse_header()
2021-01-12 20:18:12 +01:00
gre_offload.c
net: gre: recompute gre csum for sctp over gre tunnels
2020-08-03 15:29:44 -07:00
icmp.c
icmp: guard against too small mtu
2023-04-20 12:10:21 +02:00
igmp.c
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
2023-09-19 12:20:20 +02:00
inet_connection_sock.c
tcp: annotate data-races around icsk->icsk_syn_retries
2023-07-27 08:44:42 +02:00
inet_diag.c
inet_diag: fix kernel-infoleak for UDP sockets
2021-12-22 09:30:53 +01:00
inet_fragment.c
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 10:54:33 +01:00
inet_hashtables.c
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
2023-07-27 08:44:40 +02:00
inet_timewait_sock.c
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
2023-07-27 08:44:40 +02:00
inetpeer.c
inetpeer: Fix data-races around sysctl.
2022-07-21 21:20:07 +02:00
ip_forward.c
ip: Fix data-races around sysctl_ip_fwd_update_priority.
2022-07-29 17:19:12 +02:00
ip_fragment.c
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 10:54:33 +01:00
ip_gre.c
erspan: do not use skb_mac_header() in ndo_start_xmit()
2023-04-05 11:23:35 +02:00
ip_input.c
ipv4: ignore dst hint for multipath routes
2023-09-19 12:20:26 +02:00
ip_options.c
net: clean up codestyle for net/ipv4
2020-08-25 06:28:02 -07:00
ip_output.c
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
2023-09-19 12:20:09 +02:00
ip_sockglue.c
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
2023-06-05 09:07:04 +02:00
ip_tunnel_core.c
tunnels: fix kasan splat when generating ipv4 pmtu error
2023-08-16 18:21:01 +02:00
ip_tunnel.c
net: tunnels: annotate lockless accesses to dev->needed_headroom
2023-03-22 13:29:58 +01:00
ip_vti.c
ip_vti: fix potential slab-use-after-free in decode_session6
2023-08-26 15:26:52 +02:00
ipcomp.c
ipcomp: assign if_id to child tunnel from parent tunnel
2020-07-09 12:55:37 +02:00
ipconfig.c
net: ipconfig: Don't override command-line hostnames or domains
2021-06-18 10:00:05 +02:00
ipip.c
net: ipip: implement header_ops->parse_protocol for AF_PACKET
2020-06-30 12:29:39 -07:00
ipmr_base.c
ipmr.c
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
2022-02-16 12:54:25 +01:00
Kconfig
tcp: configurable source port perturb table size
2022-12-02 17:40:05 +01:00
Makefile
udp_tunnel: add central NIC RX port offload infrastructure
2020-07-10 13:54:00 -07:00
metrics.c
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
2023-02-01 08:23:24 +01:00
netfilter.c
netfilter: use actual socket sk rather than skb sk when routing harder
2020-10-30 12:57:39 +01:00
netlink.c
nexthop.c
nh: fix scope used to find saddr when adding non gw nh
2022-11-03 23:57:54 +09:00
ping.c
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2022-06-09 10:21:09 +02:00
proc.c
tcp: switch orphan_count to bare per-cpu counters
2021-11-18 14:04:08 +01:00
protocol.c
raw_diag.c
raw.c
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
2023-06-05 09:07:04 +02:00
route.c
ipv4: fix null-deref in ipv4_link_failure
2023-10-10 21:53:27 +02:00
syncookies.c
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
2023-01-14 10:16:51 +01:00
sysctl_net_ipv4.c
net: Introduce net.ipv4.tcp_migrate_req.
2023-07-27 08:44:42 +02:00
tcp_bbr.c
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
2021-08-18 08:59:13 +02:00
tcp_bic.c
tcp_bpf.c
net: deal with most data-races in sk_wait_event()
2023-05-30 12:57:46 +01:00
tcp_cdg.c
tcp: cdg: allow tcp_cdg_release() to be called multiple times
2022-11-25 17:45:55 +01:00
tcp_cong.c
net: Only allow init netns to set default tcp cong to a restricted algo
2021-05-14 09:50:46 +02:00
tcp_cubic.c
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
2021-12-01 09:19:06 +01:00
tcp_dctcp.c
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c
tcp: annotate data-races around fastopenq.max_qlen
2023-07-27 08:44:43 +02:00
tcp_highspeed.c
Replace HTTP links with HTTPS ones: IPv*
2020-07-06 13:23:03 -07:00
tcp_htcp.c
Replace HTTP links with HTTPS ones: IPv*
2020-07-06 13:23:03 -07:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c
tcp: fix delayed ACKs for MSS boundary condition
2023-10-10 21:53:39 +02:00
tcp_ipv4.c
tcp: check mptcp-level constraints for backlog coalescing
2023-10-25 11:54:19 +02:00
tcp_lp.c
tcp_metrics.c
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
2023-08-11 11:57:51 +02:00
tcp_minisocks.c
tcp: annotate data-races around tcp_rsk(req)->ts_recent
2023-07-27 08:44:40 +02:00
tcp_nv.c
tcp_offload.c
net, gro: Set inner transport header offset in tcp/udp GRO hook
2021-08-12 13:22:05 +02:00
tcp_output.c
tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
2023-10-25 11:54:20 +02:00
tcp_rate.c
tcp: ensure to use the most recently sent skb when filling the rate sample
2022-05-09 09:05:03 +02:00
tcp_recovery.c
tcp: fix excessive TLP and RACK timeouts from HZ rounding
2023-10-25 11:54:20 +02:00
tcp_scalable.c
net: ipv4: delete repeated words
2020-08-24 17:31:20 -07:00
tcp_timer.c
net: tcp: fix unexcepted socket die when snd_wnd is 0
2023-09-19 12:20:08 +02:00
tcp_ulp.c
net/ulp: use consistent error code when blocking ULP
2023-01-24 07:20:01 +01:00
tcp_vegas.c
tcp: use semicolons rather than commas to separate statements
2020-10-13 17:11:52 -07:00
tcp_vegas.h
tcp_veno.c
Replace HTTP links with HTTPS ones: IPv*
2020-07-06 13:23:03 -07:00
tcp_westwood.c
tcp_yeah.c
tcp.c
tcp: annotate data-races around fastopenq.max_qlen
2023-07-27 08:44:43 +02:00
tunnel4.c
tunnel4: add cb_handler to struct xfrm_tunnel
2020-07-09 12:51:36 +02:00
udp_bpf.c
bpf, sockmap, udp: sk_prot needs inuse_idx set for proc stats
2021-07-28 14:35:37 +02:00
udp_diag.c
udp_impl.h
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
udp_offload.c
net, gro: Set inner transport header offset in tcp/udp GRO hook
2021-08-12 13:22:05 +02:00
udp_tunnel_core.c
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
2023-01-14 10:15:43 +01:00
udp_tunnel_nic.c
udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
2022-03-02 11:42:51 +01:00
udp_tunnel_stub.c
udp_tunnel: add central NIC RX port offload infrastructure
2020-07-10 13:54:00 -07:00
udp.c
udp: re-score reuseport groups when connected sockets are present
2023-09-19 12:20:08 +02:00
udplite.c
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
2023-05-30 12:57:57 +01:00
xfrm4_input.c
xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
2023-06-28 10:28:10 +02:00
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
2022-06-14 18:32:40 +02:00
xfrm4_state.c
xfrm4_tunnel.c
xfrm: interface: fix the priorities for ipip and ipv6 tunnels
2020-10-09 12:29:48 +02:00