iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet ff999198ec net-timestamp: convert sk->sk_tskey to atomic_t 
[ Upstream commit a1cdec57e03a1352e92fbbe7974039dda4efcec0 ]

UDP sendmsg() can be lockless, this is causing all kinds
of data races.

This patch converts sk->sk_tskey to remove one of these races.

BUG: KCSAN: data-race in __ip_append_data / __ip_append_data

read to 0xffff8881035d4b6c of 4 bytes by task 8877 on cpu 1:
 __ip_append_data+0x1c1/0x1de0 net/ipv4/ip_output.c:994
 ip_make_skb+0x13f/0x2d0 net/ipv4/ip_output.c:1636
 udp_sendmsg+0x12bd/0x14c0 net/ipv4/udp.c:1249
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff8881035d4b6c of 4 bytes by task 8880 on cpu 0:
 __ip_append_data+0x1d8/0x1de0 net/ipv4/ip_output.c:994
 ip_make_skb+0x13f/0x2d0 net/ipv4/ip_output.c:1636
 udp_sendmsg+0x12bd/0x14c0 net/ipv4/udp.c:1249
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000054d -> 0x0000054e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8880 Comm: syz-executor.5 Not tainted 5.17.0-rc2-syzkaller-00167-gdcb85f85fa6f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: 09c2d251b707 ("net-timestamp: add key to disambiguate concurrent datagrams")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-03-02 11:48:01 +01:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-07-22 16:19:03 +02:00
9p
9p/net: fix missing error check in p9_check_errors
2021-11-18 19:17:16 +01:00
802
net: 802: remove dead leftover after ipx driver removal
2021-08-13 16:30:35 -07:00
8021q
net: vlan: fix underflow for the real_dev refcnt
2021-12-01 09:04:53 +01:00
appletalk
net: socket: rework compat_ifreq_ioctl()
2021-07-23 14:20:25 +01:00
atm
atm: Use list_for_each_entry() to simplify code in resources.c
2021-06-10 14:08:09 -07:00
ax25
ax25: improve the incomplete fix to avoid UAF and NPD bugs
2022-02-23 12:03:05 +01:00
batman-adv
batman-adv: allow netlink usage in unprivileged containers
2022-01-27 11:04:25 +01:00
bluetooth
Bluetooth: refactor malicious adv data check
2022-02-01 17:27:14 +01:00
bpf
bpf, test, cgroup: Use sk_{alloc,free} for test cases
2021-09-28 09:29:28 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-06-25 13:13:50 +02:00
bridge
net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled
2022-02-23 12:03:13 +01:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-14 12:51:15 +01:00
can
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
ceph
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
core
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
dcb
dccp
tcp: switch orphan_count to bare per-cpu counters
2021-11-18 19:16:33 +01:00
decnet
net: Remove redundant if statements
2021-08-05 13:27:50 +01:00
dns_resolver
dsa
net: dsa: lan9303: handle hwaccel VLAN tags
2022-02-23 12:03:11 +01:00
ethernet
move netdev_boot_setup into Space.c
2021-08-03 13:05:26 +01:00
ethtool
ethtool: do not perform operations on net devices being unregistered
2021-12-14 10:57:09 +01:00
hsr
net: hsr: don't check sequence number if tag removal is offloaded
2021-06-16 12:13:01 -07:00
ieee802154
net: ieee802154: Return meaningful error codes from the netlink helpers
2022-02-08 18:34:09 +01:00
ife
ipv4
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
ipv6
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
iucv
net/iucv: Replace deprecated CPU-hotplug functions.
2021-08-09 10:13:32 +01:00
kcm
net: sock: introduce sk_error_report
2021-06-29 11:28:21 -07:00
key
l2tp
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
2021-09-09 11:00:20 +01:00
l3mdev
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
net: Remove redundant if statements
2021-08-05 13:27:50 +01:00
mac80211
mac80211: mlme: check for null after calling kmemdup
2022-02-23 12:03:10 +01:00
mac802154
ieee802154: Remove redundant initialization of variable ret
2021-09-07 14:06:08 +01:00
mctp
mctp: Don't let RTM_DELROUTE delete local routes
2021-12-08 09:04:53 +01:00
mpls
net: mpls: Fix notifications when deleting a device
2021-12-08 09:04:47 +01:00
mptcp
mptcp: add mibs counter for ignored incoming options
2022-03-02 11:47:53 +01:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:42:37 +01:00
netfilter
netfilter: nf_tables: fix memory leak during stateful obj update
2022-03-02 11:47:59 +01:00
netlabel
net: fix NULL pointer reference in cipso_v4_doi_free
2021-08-30 12:23:18 +01:00
netlink
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
2021-12-17 10:30:15 +01:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 11:04:00 +01:00
nfc
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
2022-01-27 11:02:48 +01:00
nsh
openvswitch
openvswitch: Fix setting ipv6 fields causing hw csum failure
2022-03-02 11:47:57 +01:00
packet
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
2022-02-05 12:38:59 +01:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:35:16 +01:00
psample
qrtr
net: qrtr: revert check in qrtr_endpoint_post()
2021-09-02 11:37:02 +01:00
rds
rds: memory leak in __rds_conn_create()
2021-12-22 09:32:42 +01:00
rfkill
rose
rxrpc
rxrpc: Adjust retransmission backoff
2022-02-01 17:27:11 +01:00
sched
net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
2022-03-02 11:47:57 +01:00
sctp
sctp: hold endpoint before calling cb in sctp_transport_lookup_process
2022-01-11 15:35:14 +01:00
smc
net/smc: Use a mutex for locking "struct smc_pnettable"
2022-03-02 11:47:59 +01:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 19:17:11 +01:00
sunrpc
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
2022-02-23 12:03:19 +01:00
switchdev
net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge
2021-08-04 12:35:07 +01:00
tipc
tipc: Fix end of loop tests for list_for_each_entry()
2022-03-02 11:47:56 +01:00
tls
net/tls: Fix authentication failure in CCM mode
2021-12-08 09:04:41 +01:00
unix
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
2022-01-27 11:05:30 +01:00
vmw_vsock
vsock: remove vsock from connected table when connect is interrupted by a signal
2022-02-23 12:03:09 +01:00
wireless
cfg80211: fix race in netlink owner interface destruction
2022-02-23 12:03:11 +01:00
x25
net: x25: Use list_for_each_entry() to simplify code in x25_route.c
2021-06-10 14:08:09 -07:00
xdp
Revert "xsk: Do not sleep in poll() when need_wakeup set"
2021-12-22 09:32:51 +01:00
xfrm
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
2022-01-27 11:05:36 +01:00
compat.c
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
Makefile
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
socket.c
net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets
2022-01-27 11:03:52 +01:00
sysctl_net.c