moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
83ef63535a8a620f36fb3ffc19fba421c78ce3e0
kernel_arpi/net/core
History
Eric Dumazet ff999198ec net-timestamp: convert sk->sk_tskey to atomic_t 
[ Upstream commit a1cdec57e03a1352e92fbbe7974039dda4efcec0 ]

UDP sendmsg() can be lockless, this is causing all kinds
of data races.

This patch converts sk->sk_tskey to remove one of these races.

BUG: KCSAN: data-race in __ip_append_data / __ip_append_data

read to 0xffff8881035d4b6c of 4 bytes by task 8877 on cpu 1:
 __ip_append_data+0x1c1/0x1de0 net/ipv4/ip_output.c:994
 ip_make_skb+0x13f/0x2d0 net/ipv4/ip_output.c:1636
 udp_sendmsg+0x12bd/0x14c0 net/ipv4/udp.c:1249
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff8881035d4b6c of 4 bytes by task 8880 on cpu 0:
 __ip_append_data+0x1d8/0x1de0 net/ipv4/ip_output.c:994
 ip_make_skb+0x13f/0x2d0 net/ipv4/ip_output.c:1636
 udp_sendmsg+0x12bd/0x14c0 net/ipv4/udp.c:1249
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000054d -> 0x0000054e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8880 Comm: syz-executor.5 Not tainted 5.17.0-rc2-syzkaller-00167-gdcb85f85fa6f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: 09c2d251b7 ("net-timestamp: add key to disambiguate concurrent datagrams")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-03-02 11:48:01 +01:00
..
bpf_sk_storage.c
net: in_irq() cleanup
2021-08-13 14:09:19 -07:00
datagram.c
datagram.h
dev_addr_lists.c
net: dev_addr_list: handle first address in __hw_addr_add_ex
2021-09-30 13:29:09 +01:00
dev_ioctl.c
net: core: don't call SIOCBRADD/DELIF for non-bridge devices
2021-08-05 11:36:59 +01:00
dev.c
xdp: check prog type before updating BPF link
2022-01-27 11:05:26 +01:00
devlink.c
devlink: Remove misleading internal_flags from health reporter dump
2022-01-27 11:05:39 +01:00
drop_monitor.c
drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
2022-02-23 12:03:12 +01:00
dst_cache.c
wireguard: device: reset peer src endpoint when netns exits
2021-12-08 09:04:46 +01:00
dst.c
net: Remove redundant if statements
2021-08-05 13:27:50 +01:00
failover.c
fib_notifier.c
fib_rules.c
ipv6: fix memory leak in fib6_rule_suppress
2021-12-08 09:04:43 +01:00
filter.c
bpf: Do not try bpf_msg_push_data with len 0
2022-03-02 11:47:55 +01:00
flow_dissector.c
net/sched: flow_dissector: Fix matching on zone id for invalid conns
2022-01-27 11:04:02 +01:00
flow_offload.c
net: Fix offloading indirect devices dependency on qdisc order creation
2021-08-19 13:19:30 +01:00
gen_estimator.c
gen_stats.c
gro_cells.c
hwbm.c
link_watch.c
net: linkwatch: fix failure to restore device state across suspend/resume
2021-08-11 14:43:16 -07:00
lwt_bpf.c
lwtunnel.c
lwtunnel: Validate RTA_ENCAP_TYPE attribute length
2022-01-11 15:35:14 +01:00
Makefile
sock_map: Relax config dependency to CONFIG_NET
2021-07-15 18:17:49 -07:00
neighbour.c
net, neigh: clear whole pneigh_entry at alloc time
2021-12-14 10:57:19 +01:00
net_namespace.c
netns: add schedule point in ops_exit_list()
2022-01-27 11:05:35 +01:00
net-procfs.c
net-procfs: show net devices bound packet types
2022-02-01 17:27:08 +01:00
net-sysfs.c
net-sysfs: update the queue counts in the unregistration path
2022-01-27 11:04:38 +01:00
net-sysfs.h
net-traces.c
netclassid_cgroup.c
bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
2021-09-13 16:35:58 -07:00
netevent.c
netpoll.c
netprio_cgroup.c
bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
2021-09-13 16:35:58 -07:00
page_pool.c
page_pool: use relaxed atomic for release side accounting
2021-08-24 10:46:31 +01:00
pktgen.c
pktgen: remove unused variable
2021-09-03 11:48:28 +01:00
ptp_classifier.c
bpf: Refactor BPF_PROG_RUN into a function
2021-08-17 00:45:07 +02:00
request_sock.c
rtnetlink.c
net_sched: add __rcu annotation to netdev->qdisc
2022-02-23 12:03:12 +01:00
scm.c
memcg: enable accounting for scm_fp_list objects
2021-07-20 06:00:38 -07:00
secure_seq.c
selftests.c
net: selftests: add MTU test
2021-07-22 00:52:04 -07:00
skbuff.c
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
skmsg.c
bpf, sockmap: Re-evaluate proto ops when psock is removed from sockmap
2021-12-14 10:57:18 +01:00
sock_destructor.h
skb_expand_head() adjust skb->truesize incorrectly
2021-10-22 12:35:51 -07:00
sock_diag.c
sock_map.c
bpf, sockmap: Fix double bpf_prog_put on error case in map_link
2022-01-27 11:03:50 +01:00
sock_reuseport.c
sock.c
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
stream.c
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
2021-11-18 19:16:34 +01:00
sysctl_net_core.c
bpf: Prevent increasing bpf_jit_limit above max
2021-10-22 17:23:53 -07:00
timestamping.c
tso.c
utils.c
xdp.c