linux

iv/linux

History

Eric Dumazet bbab7ef235 net: icmp: fix data-race in cmp_global_allow()

This code reads two global variables without protection
of a lock. We need READ_ONCE()/WRITE_ONCE() pairs to
avoid load/store-tearing and better document the intent.

KCSAN reported :
BUG: KCSAN: data-race in icmp_global_allow / icmp_global_allow

read to 0xffffffff861a8014 of 4 bytes by task 11201 on cpu 0:
 icmp_global_allow+0x36/0x1b0 net/ipv4/icmp.c:254
 icmpv6_global_allow net/ipv6/icmp.c:184 [inline]
 icmpv6_global_allow net/ipv6/icmp.c:179 [inline]
 icmp6_send+0x493/0x1140 net/ipv6/icmp.c:514
 icmpv6_send+0x71/0xb0 net/ipv6/ip6_icmp.c:43
 ip6_link_failure+0x43/0x180 net/ipv6/route.c:2640
 dst_link_failure include/net/dst.h:419 [inline]
 vti_xmit net/ipv4/ip_vti.c:243 [inline]
 vti_tunnel_xmit+0x27f/0xa50 net/ipv4/ip_vti.c:279
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 ip6_local_out+0x74/0x90 net/ipv6/output_core.c:179

write to 0xffffffff861a8014 of 4 bytes by task 11183 on cpu 1:
 icmp_global_allow+0x174/0x1b0 net/ipv4/icmp.c:272
 icmpv6_global_allow net/ipv6/icmp.c:184 [inline]
 icmpv6_global_allow net/ipv6/icmp.c:179 [inline]
 icmp6_send+0x493/0x1140 net/ipv6/icmp.c:514
 icmpv6_send+0x71/0xb0 net/ipv6/ip6_icmp.c:43
 ip6_link_failure+0x43/0x180 net/ipv6/route.c:2640
 dst_link_failure include/net/dst.h:419 [inline]
 vti_xmit net/ipv4/ip_vti.c:243 [inline]
 vti_tunnel_xmit+0x27f/0xa50 net/ipv4/ip_vti.c:279
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 11183 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: 4cdf507d5452 ("icmp: add a global rate limitation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2019-11-08 12:32:43 -08:00

bpfilter

SPDX update for 5.2-rc2, round 1

2019-05-21 12:33:38 -07:00

netfilter

icmp: remove duplicate code

2019-11-05 14:03:11 -08:00

af_inet.c

net: annotate lockless accesses to sk->sk_max_ack_backlog

2019-11-06 16:14:48 -08:00

ah4.c

xfrm: remove type and offload_type map from xfrm_state_afinfo

2019-06-06 08:34:50 +02:00

arp.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

cipso_ipv4.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13

2019-05-21 11:28:45 +02:00

datagram.c

inet: stop leaking jiffies on the wire

2019-11-01 14:57:52 -07:00

devinet.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-07-08 19:48:57 -07:00

esp4_offload.c

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

2019-07-05 15:01:15 -07:00

esp4.c

xfrm: remove get_mtu indirection from xfrm_type

2019-07-01 06:16:40 +02:00

fib_frontend.c

ipv4: fix route update on metric change.

2019-10-26 11:25:53 -07:00

fib_lookup.h

ipv4: Use accessors for fib_info nexthop data

2019-06-04 19:26:49 -07:00

fib_notifier.c

net: fib_notifier: propagate extack down to the notifier block callback

2019-10-04 11:10:56 -07:00

fib_rules.c

net: fib_notifier: propagate extack down to the notifier block callback

2019-10-04 11:10:56 -07:00

fib_semantics.c

net: Properly update v4 routes with v6 nexthop

2019-09-05 12:35:58 +02:00

fib_trie.c

net: fib_notifier: propagate extack down to the notifier block callback

2019-10-04 11:10:56 -07:00

fou.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

gre_demux.c

net: remove unused parameter from skb_checksum_try_convert

2019-07-05 15:30:36 -07:00

gre_offload.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

icmp.c

net: icmp: fix data-race in cmp_global_allow()

2019-11-08 12:32:43 -08:00

igmp.c

igmp: uninline ip_mc_validate_checksum()

2019-10-04 14:26:46 -07:00

inet_connection_sock.c

net: annotate lockless accesses to sk->sk_max_ack_backlog

2019-11-06 16:14:48 -08:00

inet_diag.c

inet_diag: use jiffies_delta_to_msecs()

2019-11-06 16:14:48 -08:00

inet_fragment.c

inet: frags: re-introduce skb coalescing for local delivery

2019-08-08 15:55:10 -07:00

inet_hashtables.c

net: annotate accesses to sk->sk_incoming_cpu

2019-10-30 13:24:25 -07:00

inet_timewait_sock.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

inetpeer.c

inetpeer: fix data-race in inet_putpeer / inet_putpeer

2019-11-07 16:15:56 -08:00

ip_forward.c

ipv4: Revert removal of rt_uses_gateway

2019-09-20 18:23:33 -07:00

ip_fragment.c

inet: frags: re-introduce skb coalescing for local delivery

2019-08-08 15:55:10 -07:00

ip_gre.c

erspan: fix the tun_info options_len check for erspan

2019-10-29 17:36:42 -07:00

ip_input.c

inet: do not call sublist_rcv on empty list

2019-10-29 17:54:29 -07:00

ip_options.c

netfilter: nf_tables: add support for matching IPv4 options

2019-06-21 18:35:51 +02:00

ip_output.c

ipv4: fix IPSKB_FRAG_PMTU handling with fragmentation

2019-10-21 10:46:42 -07:00

ip_sockglue.c

ip_sockglue: Fix missing-check bug in ip_ra_control()

2019-05-25 11:00:50 -07:00

ip_tunnel_core.c

lwtunnel: add options setting and dumping for erspan

2019-11-06 21:14:22 -08:00

ip_tunnel.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 269

2019-06-05 17:30:29 +02:00

ip_vti.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

ipcomp.c

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

2019-07-05 15:01:15 -07:00

ipconfig.c

ipconfig: Handle CONFIG_CIFS_ROOT option

2019-10-02 12:15:15 -04:00

ipip.c

ipip: validate header length in ipip_tunnel_xmit

2019-07-25 17:23:40 -07:00

ipmr_base.c

net: fib_notifier: propagate extack down to the notifier block callback

2019-10-04 11:10:56 -07:00

ipmr.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2019-10-05 13:37:23 -07:00

Kconfig

net: Fix Kconfig indentation

2019-09-26 08:56:17 +02:00

Makefile

net: Initial nexthop code

2019-05-28 21:37:30 -07:00

metrics.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

netfilter.c

netfilter: ipv4: remove useless export_symbol

2019-01-28 11:32:58 +01:00

netlink.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

nexthop.c

nexthops: remove redundant assignment to variable err

2019-08-22 12:14:05 -07:00

ping.c

ip: support SO_MARK cmsg

2019-09-13 21:44:19 +02:00

proc.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-17 20:20:36 -07:00

protocol.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

raw_diag.c

net: don't warn in inet diag when IPV6 is disabled

2019-07-03 11:26:35 -07:00

raw.c

netfilter: drop bridge nf reset from nf_reset

2019-10-01 18:42:15 +02:00

route.c

icmp: remove duplicate code

2019-11-05 14:03:11 -08:00

syncookies.c

tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp

2019-11-07 16:17:52 -08:00

sysctl_net_ipv4.c

tcp: add new tcp_mtu_probe_floor sysctl

2019-08-09 13:03:30 -07:00

tcp_bbr.c

tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth

2019-09-27 20:37:50 +02:00

tcp_bic.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_bpf.c

net/tls: prevent skb_orphan() from leaking TLS plain text with offload

2019-08-08 22:39:35 -07:00

tcp_cdg.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_cong.c

tcp: fix tcp_set_congestion_control() use from bpf hook

2019-07-18 20:33:48 -07:00

tcp_cubic.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_dctcp.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

tcp_dctcp.h

tcp: refactor DCTCP ECN ACK handling

2018-10-10 22:26:00 -07:00

tcp_diag.c

net: annotate lockless accesses to sk->sk_max_ack_backlog

2019-11-06 16:14:48 -08:00

tcp_fastopen.c

tcp: add TCP_INFO status for failed client TFO

2019-10-25 19:25:37 -07:00

tcp_highspeed.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_htcp.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_hybla.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_illinois.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_input.c

tcp: add TCP_INFO status for failed client TFO

2019-10-25 19:25:37 -07:00

tcp_ipv4.c

net: annotate lockless accesses to sk->sk_ack_backlog

2019-11-06 16:14:48 -08:00

tcp_lp.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_metrics.c

tcp: refactor setting the initial congestion window

2019-05-01 11:47:54 -04:00

tcp_minisocks.c

tcp: annotate tp->snd_nxt lockless reads

2019-10-13 10:13:08 -07:00

tcp_nv.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_offload.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

tcp_output.c

tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp

2019-11-07 16:17:52 -08:00

tcp_rate.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

tcp_recovery.c

tcp: introduce tcp_skb_timestamp_us() helper

2018-09-21 19:37:59 -07:00

tcp_scalable.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_timer.c

tcp: add rcu protection around tp->fastopen_rsk

2019-10-13 10:13:08 -07:00

tcp_ulp.c

bpf: sockmap/tls, close can race with map free

2019-07-22 16:04:17 +02:00

tcp_vegas.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_vegas.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

tcp_veno.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_westwood.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp_yeah.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

tcp.c

tcp: fix data-race in tcp_recvmsg()

2019-11-06 21:38:34 -08:00

tunnel4.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

udp_diag.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

udp_impl.h

udp: add missing rehash callback to udplite

2019-01-17 15:01:08 -08:00

udp_offload.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-22 08:59:24 -04:00

udp_tunnel.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

udp.c

net: annotate accesses to sk->sk_incoming_cpu

2019-10-30 13:24:25 -07:00

udplite.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

xfrm4_input.c

xfrm: reset transport header back to network header after all input transforms ahave been applied

2018-09-04 10:26:30 +02:00

xfrm4_output.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

xfrm4_policy.c

ipv4: Revert removal of rt_uses_gateway

2019-09-20 18:23:33 -07:00

xfrm4_protocol.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

xfrm4_state.c

xfrm: remove eth_proto value from xfrm_state_afinfo

2019-06-06 08:34:50 +02:00

xfrm4_tunnel.c

xfrm: remove type and offload_type map from xfrm_state_afinfo

2019-06-06 08:34:50 +02:00