iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Kuniyuki Iwashima 679ed006d4 af_unix: Fix a data race of sk->sk_receive_queue->qlen. 
KCSAN found a data race of sk->sk_receive_queue->qlen where recvmsg()
updates qlen under the queue lock and sendmsg() checks qlen under
unix_state_sock(), not the queue lock, so the reader side needs
READ_ONCE().

BUG: KCSAN: data-race in __skb_try_recv_from_queue / unix_wait_for_peer

write (marked) to 0xffff888019fe7c68 of 4 bytes by task 49792 on cpu 0:
 __skb_unlink include/linux/skbuff.h:2347 [inline]
 __skb_try_recv_from_queue+0x3de/0x470 net/core/datagram.c:197
 __skb_try_recv_datagram+0xf7/0x390 net/core/datagram.c:263
 __unix_dgram_recvmsg+0x109/0x8a0 net/unix/af_unix.c:2452
 unix_dgram_recvmsg+0x94/0xa0 net/unix/af_unix.c:2549
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 ____sys_recvmsg+0x3a3/0x3b0 net/socket.c:2720
 ___sys_recvmsg+0xc8/0x150 net/socket.c:2764
 do_recvmmsg+0x182/0x560 net/socket.c:2858
 __sys_recvmmsg net/socket.c:2937 [inline]
 __do_sys_recvmmsg net/socket.c:2960 [inline]
 __se_sys_recvmmsg net/socket.c:2953 [inline]
 __x64_sys_recvmmsg+0x153/0x170 net/socket.c:2953
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff888019fe7c68 of 4 bytes by task 49793 on cpu 1:
 skb_queue_len include/linux/skbuff.h:2127 [inline]
 unix_recvq_full net/unix/af_unix.c:229 [inline]
 unix_wait_for_peer+0x154/0x1a0 net/unix/af_unix.c:1445
 unix_dgram_sendmsg+0x13bc/0x14b0 net/unix/af_unix.c:2048
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg+0x148/0x160 net/socket.c:747
 ____sys_sendmsg+0x20e/0x620 net/socket.c:2503
 ___sys_sendmsg+0xc6/0x140 net/socket.c:2557
 __sys_sendmmsg+0x11d/0x370 net/socket.c:2643
 __do_sys_sendmmsg net/socket.c:2672 [inline]
 __se_sys_sendmmsg net/socket.c:2669 [inline]
 __x64_sys_sendmmsg+0x58/0x70 net/socket.c:2669
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0x0000000b -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 49793 Comm: syz-executor.0 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-05-10 19:06:53 -07:00
..
6lowpan
6lowpan: Remove redundant initialisation.
2023-03-29 08:22:52 +01:00
9p
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
802
treewide: Convert del_timer*() to timer_shutdown*()
2022-12-25 13:38:09 -08:00
8021q
vlan: Add MACsec offload operations for VLAN interface
2023-04-21 08:22:14 +01:00
appletalk
atm
Networking changes for 6.4.
2023-04-26 16:07:23 -07:00
ax25
batman-adv
net: vlan: introduce skb_vlan_eth_hdr()
2023-04-23 14:16:44 +01:00
bluetooth
Driver core changes for 6.4-rc1
2023-04-27 11:53:57 -07:00
bpf
bpf: add test_run support for netfilter program type
2023-04-21 11:34:50 -07:00
bpfilter
bridge
net: add vlan_get_protocol_and_depth() helper
2023-05-10 10:25:55 +01:00
caif
net: caif: Fix use-after-free in cfusbl_device_notify()
2023-03-02 22:22:07 -08:00
can
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-04-06 12:01:20 -07:00
ceph
Networking changes for 6.3.
2023-02-21 18:24:12 -08:00
core
net: datagram: fix data-races in datagram_poll()
2023-05-10 19:06:49 -07:00
dcb
net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps
2023-01-20 09:33:22 +00:00
dccp
netfilter: keep conntrack reference until IPsecv6 policy checks are done
2023-03-22 21:50:23 +01:00
devlink
devlink: drop leftover duplicate/unused code
2023-02-20 11:38:35 +00:00
dns_resolver
dsa
net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX
2023-04-23 14:16:45 +01:00
ethernet
ethtool
ethtool: Fix uninitialized number of lanes
2023-05-03 09:13:20 +01:00
handshake
net/handshake: Fix section mismatch in handshake_exit
2023-04-21 20:24:57 -07:00
hsr
hsr: ratelimit only when errors are printed
2023-03-16 21:11:03 -07:00
ieee802154
net: ieee802154: remove an unnecessary null pointer check
2023-03-17 09:13:53 +01:00
ife
ipv4
tcp: add annotations around sk->sk_shutdown accesses
2023-05-10 10:27:31 +01:00
ipv6
net: ipv6: fix skb hash for some RST packets
2023-04-28 09:53:43 +01:00
iucv
net/iucv: Fix size of interrupt data
2023-03-16 17:34:40 -07:00
kcm
net/sock: Introduce trace_sk_data_ready()
2023-01-23 11:26:50 +00:00
key
af_key: Fix heap information leak
2023-02-13 09:30:14 +00:00
l2tp
l2tp: generate correct module alias strings
2023-03-31 09:25:12 +01:00
l3mdev
lapb
llc
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
mac80211
wireless-next patches for v6.4
2023-04-21 07:35:51 -07:00
mac802154
mac802154: Rename kfree_rcu() to kvfree_rcu_mightsleep()
2023-04-05 13:48:04 +00:00
mctp
mctp: remove MODULE_LICENSE in non-modules
2023-03-09 23:06:21 -08:00
mpls
net: mpls: fix stale pointer if allocation fails during device rename
2023-02-15 10:26:37 +00:00
mptcp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-04-20 16:29:51 -07:00
ncsi
net/ncsi: clear Tx enable mode when handling a Config required AEN
2023-04-28 09:35:33 +01:00
netfilter
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
netlabel
netlink
netlink: annotate accesses to nlk->cb_running
2023-05-10 09:28:38 +01:00
netrom
netrom: Fix use-after-free caused by accept on already connected socket
2023-01-30 07:30:47 +00:00
nfc
nfc: change order inside nfc_se_io error path
2023-03-07 13:37:05 -08:00
nsh
openvswitch
net: openvswitch: fix race on port output
2023-04-07 19:42:53 -07:00
packet
net: add vlan_get_protocol_and_depth() helper
2023-05-10 10:25:55 +01:00
phonet
net/sock: Introduce trace_sk_data_ready()
2023-01-23 11:26:50 +00:00
psample
qrtr
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
2023-04-13 09:35:30 +02:00
rds
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
2023-02-13 09:33:39 +00:00
rfkill
net: rfkill-gpio: Add explicit include for of.h
2023-04-06 20:36:27 +02:00
rose
net/rose: Fix to not accept on connected socket
2023-01-28 00:19:57 -08:00
rxrpc
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
sched
net/sched: flower: fix error handler on replace
2023-05-05 10:01:31 +01:00
sctp
sctp: delete the nested flexible array hmac
2023-04-21 08:19:30 +01:00
smc
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
strparser
sunrpc
NFSD 6.4 Release Notes
2023-04-29 11:04:14 -07:00
switchdev
tipc
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
tls
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
unix
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
2023-05-10 19:06:53 -07:00
vmw_vsock
vsock/loopback: don't disable irqs for queue access
2023-04-14 11:04:04 +01:00
wireless
Driver core changes for 6.4-rc1
2023-04-27 11:53:57 -07:00
x25
net/x25: Fix to not accept on connected socket
2023-01-25 09:51:04 +00:00
xdp
bpf-next-for-netdev
2023-04-13 16:43:38 -07:00
xfrm
ipsec-next-2023-04-19
2023-04-19 18:46:17 -07:00
compat.c
net/compat: Update msg_control_is_user when setting a kernel pointer
2023-04-14 11:09:27 +01:00
devres.c
Kconfig
net/handshake: Add Kunit tests for the handshake consumer API
2023-04-19 18:48:48 -07:00
Kconfig.debug
Makefile
net/handshake: Create a NETLINK service for handling handshake requests
2023-04-19 18:48:48 -07:00
socket.c
net: annotate sk->sk_err write from do_recvmmsg()
2023-05-10 09:58:29 +01:00
sysctl_net.c