iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Kuniyuki Iwashima afe8764f76 af_unix: Fix data-races around sk->sk_shutdown. 
sk->sk_shutdown is changed under unix_state_lock(sk), but
unix_dgram_sendmsg() calls two functions to read sk_shutdown locklessly.

  sock_alloc_send_pskb
  `- sock_wait_for_wmem

Let's use READ_ONCE() there.

Note that the writer side was marked by commit e1d09c2c2f57 ("af_unix:
Fix data races around sk->sk_shutdown.").

BUG: KCSAN: data-race in sock_alloc_send_pskb / unix_release_sock

write (marked) to 0xffff8880069af12c of 1 bytes by task 1 on cpu 1:
 unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631
 unix_release+0x59/0x80 net/unix/af_unix.c:1053
 __sock_release+0x7d/0x170 net/socket.c:654
 sock_close+0x19/0x30 net/socket.c:1386
 __fput+0x2a3/0x680 fs/file_table.c:384
 ____fput+0x15/0x20 fs/file_table.c:412
 task_work_run+0x116/0x1a0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297
 do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8

read to 0xffff8880069af12c of 1 bytes by task 28650 on cpu 0:
 sock_alloc_send_pskb+0xd2/0x620 net/core/sock.c:2767
 unix_dgram_sendmsg+0x2f8/0x14f0 net/unix/af_unix.c:1944
 unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]
 unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg+0x148/0x160 net/socket.c:748
 ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494
 ___sys_sendmsg+0xc6/0x140 net/socket.c:2548
 __sys_sendmsg+0x94/0x140 net/socket.c:2577
 __do_sys_sendmsg net/socket.c:2586 [inline]
 __se_sys_sendmsg net/socket.c:2584 [inline]
 __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8

value changed: 0x00 -> 0x03

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 28650 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-09-04 11:06:16 +01:00
..
6lowpan
9p
net: annotate data-races around sock->ops
2023-08-09 15:32:43 -07:00
802
8021q
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-18 12:44:56 -07:00
appletalk
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
atm
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
ax25
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-24 10:51:39 -07:00
bluetooth
Bluetooth: HCI: Introduce HCI_QUIRK_BROKEN_LE_CODED
2023-08-24 12:23:46 -07:00
bpf
bpf: Prevent inlining of bpf_fentry_test7()
2023-08-30 08:36:17 +02:00
bpfilter
net: Use umd_cleanup_helper()
2023-05-31 13:06:57 +02:00
bridge
netfilter: ebtables: fix fortify warnings in size_entry_mwt()
2023-08-22 15:13:20 +02:00
caif
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
can
net: annotate data-races around sk->sk_tsflags
2023-09-01 07:27:33 +01:00
ceph
libceph: fix potential hang in ceph_osdc_notify()
2023-08-02 09:07:34 +02:00
core
af_unix: Fix data-races around sk->sk_shutdown.
2023-09-04 11:06:16 +01:00
dcb
net: dcb: choose correct policy to parse DCB_ATTR_BCN
2023-08-01 21:07:46 -07:00
dccp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-29 07:44:56 +02:00
devlink
devlink: move devlink_notify_register/unregister() to dev.c
2023-08-28 08:02:24 -07:00
dns_resolver
dsa
net: dsa: mark parsed interface mode for legacy switch drivers
2023-08-09 13:08:09 -07:00
ethernet
ethtool
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
handshake
net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
2023-09-01 07:25:14 +01:00
hsr
net/hsr: Remove unused function declarations
2023-07-31 20:11:47 -07:00
ieee802154
genetlink: use attrs from struct genl_info
2023-08-15 15:00:45 -07:00
ife
ipv4
ipv4: ignore dst hint for multipath routes
2023-09-01 08:11:51 +01:00
ipv6
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
2023-09-04 07:07:30 +01:00
iucv
kcm
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-18 12:44:56 -07:00
l2tp
inet: introduce inet->inet_flags
2023-08-16 11:09:16 +01:00
l3mdev
lapb
llc
net/llc/llc_conn.c: fix 4 instances of -Wmissing-variable-declarations
2023-08-09 15:34:28 -07:00
mac80211
wireless-next patches for v6.6
2023-08-25 18:35:09 -07:00
mac802154
Core WPAN changes:
2023-06-24 15:41:46 -07:00
mctp
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
mpls
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
mptcp
mptcp: annotate data-races around msk->rmem_fwd_alloc
2023-09-01 07:27:33 +01:00
ncsi
genetlink: make genl_info->nlhdr const
2023-08-15 14:54:44 -07:00
netfilter
netfilter: nf_tables: Audit log rule reset
2023-08-31 01:29:28 +02:00
netlabel
netlabel: Remove unused declaration netlbl_cipsov4_doi_free()
2023-08-02 12:28:22 -07:00
netlink
genetlink: add a family pointer to struct genl_info
2023-08-15 15:01:03 -07:00
netrom
netrom: Deny concurrent connect().
2023-08-28 06:58:46 +01:00
nfc
genetlink: use attrs from struct genl_info
2023-08-15 15:00:45 -07:00
nsh
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
openvswitch
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-18 12:44:56 -07:00
packet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-10 14:10:53 -07:00
phonet
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
psample
qrtr
net: qrtr: Handle IPCR control port format of older targets
2023-07-17 09:02:30 +01:00
rds
net/rds: Remove unused function declarations
2023-08-13 12:25:42 +01:00
rfkill
rose
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
rxrpc
Networking changes for 6.5.
2023-06-28 16:43:10 -07:00
sched
net/sched: fq_pie: avoid stalls in fq_pie_timer()
2023-08-31 11:21:52 +02:00
sctp
sctp: annotate data-races around sk->sk_wmem_queued
2023-08-31 11:56:59 +02:00
smc
net: annotate data-races around sk->sk_lingertime
2023-08-21 07:41:57 +01:00
strparser
sunrpc
Networking changes for 6.6.
2023-08-29 11:33:01 -07:00
switchdev
net: switchdev: Add a helper to replay objects on a bridge port
2023-07-21 08:54:03 +01:00
tipc
genetlink: use attrs from struct genl_info
2023-08-15 15:00:45 -07:00
tls
tls: get cipher_name from cipher_desc in tls_set_sw_offload
2023-08-27 17:17:42 -07:00
unix
af_unix: Fix data-race around unix_tot_inflight.
2023-09-04 11:06:16 +01:00
vmw_vsock
vsock: Remove unused function declarations
2023-07-31 14:41:08 -07:00
wireless
wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results()
2023-08-22 21:40:40 +02:00
x25
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
xdp
xsk: Fix xsk_diag use-after-free error during socket cleanup
2023-08-31 13:21:11 +02:00
xfrm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-18 12:44:56 -07:00
compat.c
devres.c
Kconfig
bpf: Add fd-based tcx multi-prog infra with link support
2023-07-19 10:07:27 -07:00
Kconfig.debug
Makefile
socket.c
net: annotate data-races around sk->sk_bind_phc
2023-09-01 07:27:33 +01:00
sysctl_net.c