iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Kuniyuki Iwashima e1d09c2c2f af_unix: Fix data races around sk->sk_shutdown. 
KCSAN found a data race around sk->sk_shutdown where unix_release_sock()
and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll()
and unix_dgram_poll() read it locklessly.

We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE().

BUG: KCSAN: data-race in unix_poll / unix_release_sock

write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0:
 unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631
 unix_release+0x59/0x80 net/unix/af_unix.c:1042
 __sock_release+0x7d/0x170 net/socket.c:653
 sock_close+0x19/0x30 net/socket.c:1397
 __fput+0x179/0x5e0 fs/file_table.c:321
 ____fput+0x15/0x20 fs/file_table.c:349
 task_work_run+0x116/0x1a0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297
 do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88800d0f8aec of 1 bytes by task 222 on cpu 1:
 unix_poll+0xa3/0x2a0 net/unix/af_unix.c:3170
 sock_poll+0xcf/0x2b0 net/socket.c:1385
 vfs_poll include/linux/poll.h:88 [inline]
 ep_item_poll.isra.0+0x78/0xc0 fs/eventpoll.c:855
 ep_send_events fs/eventpoll.c:1694 [inline]
 ep_poll fs/eventpoll.c:1823 [inline]
 do_epoll_wait+0x6c4/0xea0 fs/eventpoll.c:2258
 __do_sys_epoll_wait fs/eventpoll.c:2270 [inline]
 __se_sys_epoll_wait fs/eventpoll.c:2265 [inline]
 __x64_sys_epoll_wait+0xcc/0x190 fs/eventpoll.c:2265
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0x00 -> 0x03

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 222 Comm: dbus-broker Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

Fixes: 3c73419c09a5 ("af_unix: fix 'poll for write'/ connected DGRAM sockets")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-05-10 19:06:53 -07:00
..
6lowpan
6lowpan: Remove redundant initialisation.
2023-03-29 08:22:52 +01:00
9p
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
802
treewide: Convert del_timer*() to timer_shutdown*()
2022-12-25 13:38:09 -08:00
8021q
vlan: Add MACsec offload operations for VLAN interface
2023-04-21 08:22:14 +01:00
appletalk
atm
Networking changes for 6.4.
2023-04-26 16:07:23 -07:00
ax25
ax25: af_ax25: Remove unnecessary (void*) conversions
2022-11-16 13:31:03 +00:00
batman-adv
net: vlan: introduce skb_vlan_eth_hdr()
2023-04-23 14:16:44 +01:00
bluetooth
Driver core changes for 6.4-rc1
2023-04-27 11:53:57 -07:00
bpf
bpf: add test_run support for netfilter program type
2023-04-21 11:34:50 -07:00
bpfilter
bridge
net: add vlan_get_protocol_and_depth() helper
2023-05-10 10:25:55 +01:00
caif
net: caif: Fix use-after-free in cfusbl_device_notify()
2023-03-02 22:22:07 -08:00
can
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-04-06 12:01:20 -07:00
ceph
Networking changes for 6.3.
2023-02-21 18:24:12 -08:00
core
net: datagram: fix data-races in datagram_poll()
2023-05-10 19:06:49 -07:00
dcb
net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps
2023-01-20 09:33:22 +00:00
dccp
netfilter: keep conntrack reference until IPsecv6 policy checks are done
2023-03-22 21:50:23 +01:00
devlink
devlink: drop leftover duplicate/unused code
2023-02-20 11:38:35 +00:00
dns_resolver
dsa
net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX
2023-04-23 14:16:45 +01:00
ethernet
net: ethernet: use sysfs_emit() to instead of scnprintf()
2022-12-07 20:02:44 -08:00
ethtool
ethtool: Fix uninitialized number of lanes
2023-05-03 09:13:20 +01:00
handshake
net/handshake: Fix section mismatch in handshake_exit
2023-04-21 20:24:57 -07:00
hsr
hsr: ratelimit only when errors are printed
2023-03-16 21:11:03 -07:00
ieee802154
net: ieee802154: remove an unnecessary null pointer check
2023-03-17 09:13:53 +01:00
ife
ipv4
tcp: add annotations around sk->sk_shutdown accesses
2023-05-10 10:27:31 +01:00
ipv6
net: ipv6: fix skb hash for some RST packets
2023-04-28 09:53:43 +01:00
iucv
net/iucv: Fix size of interrupt data
2023-03-16 17:34:40 -07:00
kcm
net/sock: Introduce trace_sk_data_ready()
2023-01-23 11:26:50 +00:00
key
af_key: Fix heap information leak
2023-02-13 09:30:14 +00:00
l2tp
l2tp: generate correct module alias strings
2023-03-31 09:25:12 +01:00
l3mdev
lapb
llc
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
mac80211
wireless-next patches for v6.4
2023-04-21 07:35:51 -07:00
mac802154
mac802154: Rename kfree_rcu() to kvfree_rcu_mightsleep()
2023-04-05 13:48:04 +00:00
mctp
mctp: remove MODULE_LICENSE in non-modules
2023-03-09 23:06:21 -08:00
mpls
net: mpls: fix stale pointer if allocation fails during device rename
2023-02-15 10:26:37 +00:00
mptcp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-04-20 16:29:51 -07:00
ncsi
net/ncsi: clear Tx enable mode when handling a Config required AEN
2023-04-28 09:35:33 +01:00
netfilter
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
netlabel
netlink
netlink: annotate accesses to nlk->cb_running
2023-05-10 09:28:38 +01:00
netrom
netrom: Fix use-after-free caused by accept on already connected socket
2023-01-30 07:30:47 +00:00
nfc
nfc: change order inside nfc_se_io error path
2023-03-07 13:37:05 -08:00
nsh
openvswitch
net: openvswitch: fix race on port output
2023-04-07 19:42:53 -07:00
packet
net: add vlan_get_protocol_and_depth() helper
2023-05-10 10:25:55 +01:00
phonet
net/sock: Introduce trace_sk_data_ready()
2023-01-23 11:26:50 +00:00
psample
qrtr
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
2023-04-13 09:35:30 +02:00
rds
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
2023-02-13 09:33:39 +00:00
rfkill
net: rfkill-gpio: Add explicit include for of.h
2023-04-06 20:36:27 +02:00
rose
net/rose: Fix to not accept on connected socket
2023-01-28 00:19:57 -08:00
rxrpc
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
sched
net/sched: flower: fix error handler on replace
2023-05-05 10:01:31 +01:00
sctp
sctp: delete the nested flexible array hmac
2023-04-21 08:19:30 +01:00
smc
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
strparser
sunrpc
NFSD 6.4 Release Notes
2023-04-29 11:04:14 -07:00
switchdev
tipc
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
tls
net: deal with most data-races in sk_wait_event()
2023-05-10 10:03:32 +01:00
unix
af_unix: Fix data races around sk->sk_shutdown.
2023-05-10 19:06:53 -07:00
vmw_vsock
vsock/loopback: don't disable irqs for queue access
2023-04-14 11:04:04 +01:00
wireless
Driver core changes for 6.4-rc1
2023-04-27 11:53:57 -07:00
x25
net/x25: Fix to not accept on connected socket
2023-01-25 09:51:04 +00:00
xdp
bpf-next-for-netdev
2023-04-13 16:43:38 -07:00
xfrm
ipsec-next-2023-04-19
2023-04-19 18:46:17 -07:00
compat.c
net/compat: Update msg_control_is_user when setting a kernel pointer
2023-04-14 11:09:27 +01:00
devres.c
Kconfig
net/handshake: Add Kunit tests for the handshake consumer API
2023-04-19 18:48:48 -07:00
Kconfig.debug
Makefile
net/handshake: Create a NETLINK service for handling handshake requests
2023-04-19 18:48:48 -07:00
socket.c
net: annotate sk->sk_err write from do_recvmmsg()
2023-05-10 09:58:29 +01:00
sysctl_net.c