Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-14 08:02:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
0a9e5794b2
linux/net
History
Eric Dumazet 0a9e5794b2 xfrm: annotate data-race around use_time 
KCSAN reported multiple cpus can update use_time
at the same time.

Adds READ_ONCE()/WRITE_ONCE() annotations.

Note that 32bit arches are not fully protected,
but they will probably no longer be supported/used in 2106.

BUG: KCSAN: data-race in __xfrm_policy_check / __xfrm_policy_check

write to 0xffff88813e7ec108 of 8 bytes by interrupt on cpu 0:
__xfrm_policy_check+0x6ae/0x17f0 net/xfrm/xfrm_policy.c:3664
__xfrm_policy_check2 include/net/xfrm.h:1174 [inline]
xfrm_policy_check include/net/xfrm.h:1179 [inline]
xfrm6_policy_check+0x2e9/0x320 include/net/xfrm.h:1189
udpv6_queue_rcv_one_skb+0x48/0xa30 net/ipv6/udp.c:703
udpv6_queue_rcv_skb+0x2d6/0x310 net/ipv6/udp.c:792
udp6_unicast_rcv_skb+0x16b/0x190 net/ipv6/udp.c:935
__udp6_lib_rcv+0x84b/0x9b0 net/ipv6/udp.c:1020
udpv6_rcv+0x4b/0x50 net/ipv6/udp.c:1133
ip6_protocol_deliver_rcu+0x99e/0x1020 net/ipv6/ip6_input.c:439
ip6_input_finish net/ipv6/ip6_input.c:484 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ip6_input+0xca/0x180 net/ipv6/ip6_input.c:493
dst_input include/net/dst.h:454 [inline]
ip6_rcv_finish+0x1e9/0x2d0 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:302 [inline]
ipv6_rcv+0x85/0x140 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core net/core/dev.c:5482 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5596
process_backlog+0x23f/0x3b0 net/core/dev.c:5924
__napi_poll+0x65/0x390 net/core/dev.c:6485
napi_poll net/core/dev.c:6552 [inline]
net_rx_action+0x37e/0x730 net/core/dev.c:6663
__do_softirq+0xf2/0x2c7 kernel/softirq.c:571
do_softirq+0xb1/0xf0 kernel/softirq.c:472
__local_bh_enable_ip+0x6f/0x80 kernel/softirq.c:396
__raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline]
_raw_read_unlock_bh+0x17/0x20 kernel/locking/spinlock.c:284
wg_socket_send_skb_to_peer+0x107/0x120 drivers/net/wireguard/socket.c:184
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x142/0x360 drivers/net/wireguard/send.c:276
process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
worker_thread+0x618/0xa70 kernel/workqueue.c:2436
kthread+0x1a9/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

write to 0xffff88813e7ec108 of 8 bytes by interrupt on cpu 1:
__xfrm_policy_check+0x6ae/0x17f0 net/xfrm/xfrm_policy.c:3664
__xfrm_policy_check2 include/net/xfrm.h:1174 [inline]
xfrm_policy_check include/net/xfrm.h:1179 [inline]
xfrm6_policy_check+0x2e9/0x320 include/net/xfrm.h:1189
udpv6_queue_rcv_one_skb+0x48/0xa30 net/ipv6/udp.c:703
udpv6_queue_rcv_skb+0x2d6/0x310 net/ipv6/udp.c:792
udp6_unicast_rcv_skb+0x16b/0x190 net/ipv6/udp.c:935
__udp6_lib_rcv+0x84b/0x9b0 net/ipv6/udp.c:1020
udpv6_rcv+0x4b/0x50 net/ipv6/udp.c:1133
ip6_protocol_deliver_rcu+0x99e/0x1020 net/ipv6/ip6_input.c:439
ip6_input_finish net/ipv6/ip6_input.c:484 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ip6_input+0xca/0x180 net/ipv6/ip6_input.c:493
dst_input include/net/dst.h:454 [inline]
ip6_rcv_finish+0x1e9/0x2d0 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:302 [inline]
ipv6_rcv+0x85/0x140 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core net/core/dev.c:5482 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5596
process_backlog+0x23f/0x3b0 net/core/dev.c:5924
__napi_poll+0x65/0x390 net/core/dev.c:6485
napi_poll net/core/dev.c:6552 [inline]
net_rx_action+0x37e/0x730 net/core/dev.c:6663
__do_softirq+0xf2/0x2c7 kernel/softirq.c:571
do_softirq+0xb1/0xf0 kernel/softirq.c:472
__local_bh_enable_ip+0x6f/0x80 kernel/softirq.c:396
__raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline]
_raw_read_unlock_bh+0x17/0x20 kernel/locking/spinlock.c:284
wg_socket_send_skb_to_peer+0x107/0x120 drivers/net/wireguard/socket.c:184
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x142/0x360 drivers/net/wireguard/send.c:276
process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
worker_thread+0x618/0xa70 kernel/workqueue.c:2436
kthread+0x1a9/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

value changed: 0x0000000063c62d6f -> 0x0000000063c62d70

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 4185 Comm: kworker/1:2 Tainted: G W 6.2.0-rc4-syzkaller-00009-gd532dd102151-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: wg-crypt-wg0 wg_packet_tx_worker

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2023-01-27 10:21:09 +01:00
..
6lowpan
9p 9p-for-6.2-rc1 2022-12-23 11:39:18 -08:00
802 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
8021q net: Remove the obsolte u64_stats_fetch_*_irq() users (net). 2022-10-28 20:13:54 -07:00
appletalk
atm driver core: make struct class.dev_uevent() take a const * 2022-11-24 17:12:15 +01:00
ax25 ax25: af_ax25: Remove unnecessary (void*) conversions 2022-11-16 13:31:03 +00:00
batman-adv Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
bluetooth Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
bpf New Feature: 2022-12-17 14:06:53 -06:00
bpfilter
bridge treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
caif caif: fix memory leak in cfctrl_linkup_request() 2023-01-05 10:19:36 +01:00
can Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
ceph Treewide: Stop corrupting socket's task_frag 2022-12-19 17:28:49 -08:00
core Including fixes from bpf, wifi, and netfilter. 2023-01-05 12:40:50 -08:00
dcb net: dcb: move getapptrust to separate function 2022-11-15 15:27:43 +01:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
dns_resolver cred: Do not default to init_cred in prepare_kernel_cred() 2022-11-01 10:04:52 -07:00
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-13 09:49:29 +01:00
ethernet net: ethernet: use sysfs_emit() to instead of scnprintf() 2022-12-07 20:02:44 -08:00
ethtool net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers 2022-12-28 11:55:24 +00:00
hsr hsr: Use a single struct for self_node. 2022-12-01 20:26:22 -08:00
ieee802154 Merge tag 'ieee802154-for-net-next-2022-12-05' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next 2022-12-07 17:33:26 -08:00
ife
ipv4 Including fixes from bpf, wifi, and netfilter. 2023-01-05 12:40:50 -08:00
ipv6 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
iucv
kcm kcm: close race conditions on sk_receive_queue 2022-11-15 12:42:26 +01:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2022-11-29 20:50:51 -08:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
l3mdev
lapb
llc
mac80211 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-08 18:19:59 -08:00
mctp mctp: Remove device type check at unregister 2022-12-19 17:20:22 -08:00
mpls net: Remove the obsolte u64_stats_fetch_*_irq() users (net). 2022-10-28 20:13:54 -07:00
mptcp mptcp: fix lockdep false positive 2022-12-21 18:05:47 -08:00
ncsi net/ncsi: Silence runtime memcpy() false positive warning 2022-12-06 17:29:14 -08:00
netfilter Including fixes from bpf, wifi, and netfilter. 2023-01-05 12:40:50 -08:00
netlabel
netlink Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
netrom
nfc nfc: Fix potential resource leaks 2022-12-26 09:09:23 +00:00
nsh
openvswitch net: openvswitch: release vport resources on failure 2022-12-21 17:48:12 -08:00
packet Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
phonet
psample
qrtr
rds rds: remove redundant variable total_payload_len 2022-11-04 10:09:50 +00:00
rfkill driver core: make struct class.dev_uevent() take a const * 2022-11-24 17:12:15 +01:00
rose rose: Fix NULL pointer dereference in rose_send_frame() 2022-11-02 11:57:30 +00:00
rxrpc rxrpc: Fix incoming call setup race 2023-01-07 09:30:26 +00:00
sched Including fixes from bpf, wifi, and netfilter. 2023-01-05 12:40:50 -08:00
sctp Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
smc use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
strparser
sunrpc treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
switchdev
tipc tipc: fix unexpected link reset due to discovery messages 2023-01-06 12:53:10 +00:00
tls Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
unix unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg() 2022-12-15 11:35:18 +01:00
vmw_vsock Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
wireless Driver Core changes for 6.2-rc1 2022-12-16 03:54:54 -08:00
x25 net/x25: Fix skb leak in x25_lapb_receive_frame() 2022-11-15 20:22:19 -08:00
xdp bpf: Expand map key argument of bpf_redirect_map to u64 2022-11-15 09:00:27 -08:00
xfrm xfrm: annotate data-race around use_time 2023-01-27 10:21:09 +01:00
compat.c use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
sysctl_net.c