9fcf986cc4
fib_alias_hw_flags_set() can be used by concurrent threads,
and is only RCU protected.
We need to annotate accesses to following fields of struct fib_alias:
offload, trap, offload_failed
Because of READ_ONCE()WRITE_ONCE() limitations, make these
field u8.
BUG: KCSAN: data-race in fib_alias_hw_flags_set / fib_alias_hw_flags_set
read to 0xffff888134224a6a of 1 bytes by task 2013 on cpu 1:
fib_alias_hw_flags_set+0x28a/0x470 net/ipv4/fib_trie.c:1050
nsim_fib4_rt_hw_flags_set drivers/net/netdevsim/fib.c:350 [inline]
nsim_fib4_rt_add drivers/net/netdevsim/fib.c:367 [inline]
nsim_fib4_rt_insert drivers/net/netdevsim/fib.c:429 [inline]
nsim_fib4_event drivers/net/netdevsim/fib.c:461 [inline]
nsim_fib_event drivers/net/netdevsim/fib.c:881 [inline]
nsim_fib_event_work+0x1852/0x2cf0 drivers/net/netdevsim/fib.c:1477
process_one_work+0x3f6/0x960 kernel/workqueue.c:2307
process_scheduled_works kernel/workqueue.c:2370 [inline]
worker_thread+0x7df/0xa70 kernel/workqueue.c:2456
kthread+0x1bf/0x1e0 kernel/kthread.c:377
ret_from_fork+0x1f/0x30
write to 0xffff888134224a6a of 1 bytes by task 4872 on cpu 0:
fib_alias_hw_flags_set+0x2d5/0x470 net/ipv4/fib_trie.c:1054
nsim_fib4_rt_hw_flags_set drivers/net/netdevsim/fib.c:350 [inline]
nsim_fib4_rt_add drivers/net/netdevsim/fib.c:367 [inline]
nsim_fib4_rt_insert drivers/net/netdevsim/fib.c:429 [inline]
nsim_fib4_event drivers/net/netdevsim/fib.c:461 [inline]
nsim_fib_event drivers/net/netdevsim/fib.c:881 [inline]
nsim_fib_event_work+0x1852/0x2cf0 drivers/net/netdevsim/fib.c:1477
process_one_work+0x3f6/0x960 kernel/workqueue.c:2307
process_scheduled_works kernel/workqueue.c:2370 [inline]
worker_thread+0x7df/0xa70 kernel/workqueue.c:2456
kthread+0x1bf/0x1e0 kernel/kthread.c:377
ret_from_fork+0x1f/0x30
value changed: 0x00 -> 0x02
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4872 Comm: kworker/0:0 Not tainted 5.17.0-rc3-syzkaller-00188-g1d41d2e82623-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events nsim_fib_event_work
Fixes: 90b93f1b31 ("ipv4: Add "offload" and "trap" indications to routes")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://lore.kernel.org/r/20220216173217.3792411-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
63 lines
1.6 KiB
C
63 lines
1.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _FIB_LOOKUP_H
|
|
#define _FIB_LOOKUP_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/list.h>
|
|
#include <net/ip_fib.h>
|
|
#include <net/nexthop.h>
|
|
|
|
struct fib_alias {
|
|
struct hlist_node fa_list;
|
|
struct fib_info *fa_info;
|
|
u8 fa_tos;
|
|
u8 fa_type;
|
|
u8 fa_state;
|
|
u8 fa_slen;
|
|
u32 tb_id;
|
|
s16 fa_default;
|
|
u8 offload;
|
|
u8 trap;
|
|
u8 offload_failed;
|
|
struct rcu_head rcu;
|
|
};
|
|
|
|
#define FA_S_ACCESSED 0x01
|
|
|
|
/* Don't write on fa_state unless needed, to keep it shared on all cpus */
|
|
static inline void fib_alias_accessed(struct fib_alias *fa)
|
|
{
|
|
if (!(fa->fa_state & FA_S_ACCESSED))
|
|
fa->fa_state |= FA_S_ACCESSED;
|
|
}
|
|
|
|
/* Exported by fib_semantics.c */
|
|
void fib_release_info(struct fib_info *);
|
|
struct fib_info *fib_create_info(struct fib_config *cfg,
|
|
struct netlink_ext_ack *extack);
|
|
int fib_nh_match(struct net *net, struct fib_config *cfg, struct fib_info *fi,
|
|
struct netlink_ext_ack *extack);
|
|
bool fib_metrics_match(struct fib_config *cfg, struct fib_info *fi);
|
|
int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
|
|
const struct fib_rt_info *fri, unsigned int flags);
|
|
void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, int dst_len,
|
|
u32 tb_id, const struct nl_info *info, unsigned int nlm_flags);
|
|
size_t fib_nlmsg_size(struct fib_info *fi);
|
|
|
|
static inline void fib_result_assign(struct fib_result *res,
|
|
struct fib_info *fi)
|
|
{
|
|
/* we used to play games with refcounts, but we now use RCU */
|
|
res->fi = fi;
|
|
res->nhc = fib_info_nhc(fi, 0);
|
|
}
|
|
|
|
struct fib_prop {
|
|
int error;
|
|
u8 scope;
|
|
};
|
|
|
|
extern const struct fib_prop fib_props[RTN_MAX + 1];
|
|
|
|
#endif /* _FIB_LOOKUP_H */
|