linux

mirror of https://github.com/torvalds/linux.git synced 2024-09-21 15:33:19 +00:00

History

Eric Dumazet 086d49058c ipv6: annotate some data-races around sk->sk_prot IPv6 has this hack changing sk->sk_prot when an IPv6 socket is 'converted' to an IPv4 one with IPV6_ADDRFORM option. This operation is only performed for TCP and UDP, knowing their 'struct proto' for the two network families are populated in the same way, and can not disappear while a reader might use and dereference sk->sk_prot. If we think about it all reads of sk->sk_prot while either socket lock or RTNL is not acquired should be using READ_ONCE(). Also note that other layers like MPTCP, XFRM, CHELSIO_TLS also write over sk->sk_prot. BUG: KCSAN: data-race in inet6_recvmsg / ipv6_setsockopt write to 0xffff8881386f7aa8 of 8 bytes by task 26932 on cpu 0: do_ipv6_setsockopt net/ipv6/ipv6_sockglue.c:492 [inline] ipv6_setsockopt+0x3758/0x3910 net/ipv6/ipv6_sockglue.c:1019 udpv6_setsockopt+0x85/0x90 net/ipv6/udp.c:1649 sock_common_setsockopt+0x5d/0x70 net/core/sock.c:3489 __sys_setsockopt+0x209/0x2a0 net/socket.c:2180 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0x62/0x70 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff8881386f7aa8 of 8 bytes by task 26911 on cpu 1: inet6_recvmsg+0x7a/0x210 net/ipv6/af_inet6.c:659 ____sys_recvmsg+0x16c/0x320 ___sys_recvmsg net/socket.c:2674 [inline] do_recvmmsg+0x3f5/0xae0 net/socket.c:2768 __sys_recvmmsg net/socket.c:2847 [inline] __do_sys_recvmmsg net/socket.c:2870 [inline] __se_sys_recvmmsg net/socket.c:2863 [inline] __x64_sys_recvmmsg+0xde/0x160 net/socket.c:2863 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0xffffffff85e0e980 -> 0xffffffff85e01580 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 26911 Comm: syz-executor.3 Not tainted 5.17.0-rc2-syzkaller-00316-g0457e5153e0e-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2022-02-18 11:53:28 +00:00
..
6lowpan	net: don't include ndisc.h from ipv6.h	2022-02-04 14:15:11 -08:00
9p	virtio,vdpa,qemu_fw_cfg: features, cleanups, fixes	2022-01-18 10:05:48 +02:00
802	net: 802: Use memset_startat() to clear struct fields	2021-11-19 11:23:23 +00:00
8021q	vlan: move dev_put into vlan_dev_uninit	2022-02-09 13:33:39 +00:00
appletalk
atm	proc: remove PDE_DATA() completely	2022-01-22 08:33:37 +02:00
ax25	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-10 17:29:56 -08:00
batman-adv	ipv6: make mc_forwarding atomic	2022-02-05 15:20:34 +00:00
bluetooth	bluetooth-next pull request for net-next:	2022-01-28 13:39:07 -08:00
bpf	bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide	2022-02-09 11:40:45 -08:00
bpfilter
bridge	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
caif	caif: cleanup double word in comment	2022-02-07 12:06:54 +00:00
can	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-10 17:29:56 -08:00
ceph	libceph: optionally use bounce buffer on recv path in crc mode	2022-02-02 18:50:36 +01:00
core	net: add sanity check in proto_register()	2022-02-17 20:06:06 -08:00
dcb
dccp	dccp: remove max48()	2022-01-27 13:53:27 +00:00
decnet	Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next	2021-12-31 14:35:40 +00:00
dns_resolver
dsa	net: dsa: add support for phylink mac_select_pcs()	2022-02-18 11:28:32 +00:00
ethernet	gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers	2021-11-24 17:21:42 -08:00
ethtool	ethtool: add header/data split indication	2022-01-28 14:43:47 +00:00
hsr	net: hsr: use hlist_head instead of list_head for mac addresses	2022-02-06 10:55:52 +00:00
ieee802154	Merge tag 'ieee802154-for-davem-2022-02-10' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next	2022-02-10 14:28:04 +00:00
ife
ipv4	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
ipv6	ipv6: annotate some data-races around sk->sk_prot	2022-02-18 11:53:28 +00:00
iucv	net: Don't include filter.h from net/sock.h	2021-12-29 08:48:14 -08:00
kcm	net: Don't include filter.h from net/sock.h	2021-12-29 08:48:14 -08:00
key
l2tp	l2tp: add netns refcount tracker to l2tp_dfs_seq_data	2021-12-10 06:38:27 -08:00
l3mdev
lapb
llc	sock: Use sock_owned_by_user_nocheck() instead of sk_lock.owned.	2021-12-10 19:43:00 -08:00
mac80211	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
mac802154
mctp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
mpls	net: mpls: Fix GCC 12 warning	2022-02-10 15:29:39 +00:00
mptcp	mptcp: don't save tcp data_ready and write space callbacks	2022-02-16 20:52:06 -08:00
ncsi	all: replace find_next{,_zero}_bit with find_first{,_zero}_bit where appropriate	2022-01-15 08:47:31 -08:00
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
netlabel	lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()	2021-11-22 17:52:47 -05:00
netlink	net: Don't include filter.h from net/sock.h	2021-12-29 08:48:14 -08:00
netrom	netrom: fix api breakage in nr_setsockopt()	2022-01-07 14:11:05 +00:00
nfc	Networking fixes for 5.17-rc1, including fixes from netfilter, bpf.	2022-01-20 10:57:05 +02:00
nsh
openvswitch	net/sched: Enable tc skb ext allocation on chain miss only when needed	2022-02-05 10:12:53 +00:00
packet	af_packet: fix data-race in packet_setsockopt / packet_setsockopt	2022-02-01 20:21:10 -08:00
phonet	phonet/pep: refuse to enable an unbound pipe	2021-12-20 11:49:51 +00:00
psample
qrtr	bus: mhi: core: Add an API for auto queueing buffers for DL channel	2021-12-17 17:17:14 +01:00
rds	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2021-12-16 16:13:19 -08:00
rfkill	rfkill: allow to get the software rfkill state	2021-12-20 11:02:38 +01:00
rose	net: Don't include filter.h from net/sock.h	2021-12-29 08:48:14 -08:00
rxrpc	rxrpc: Adjust retransmission backoff	2022-01-22 02:03:24 +00:00
sched	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
sctp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-01-05 14:36:10 -08:00
smc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
strparser	bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding	2021-11-09 01:05:28 +01:00
sunrpc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-10 17:29:56 -08:00
switchdev	net: switchdev: introduce switchdev_handle_port_obj_{add,del} for foreign interfaces	2022-02-16 11:21:04 +00:00
tipc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
tls	tls: cap the output scatter list to something reasonable	2022-02-04 10:14:07 +00:00
unix	Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next	2022-01-24 15:42:29 -08:00
vmw_vsock	vsock: remove vsock from connected table when connect is interrupted by a signal	2022-02-17 08:56:02 -08:00
wireless	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-02-17 11:44:20 -08:00
x25	net: x25: drop harmless check of !more	2021-12-09 18:35:11 -08:00
xdp	i40e: xsk: Move tmp desc array from driver to pool	2022-01-27 17:25:32 +01:00
xfrm	xfrm: Don't accidentally set RTO_ONLINK in decode_session4()	2022-01-11 20:36:08 -08:00
compat.c
devres.c
Kconfig	net: kunit: add a test for dev_addr_lists	2021-11-20 12:25:57 +00:00
Kconfig.debug	net: add networking namespace refcount tracker	2021-12-10 06:38:26 -08:00
Makefile
socket.c	net: fix documentation for kernel_getsockname	2022-02-14 14:01:19 +00:00
sysctl_net.c	sections: move and rename core_kernel_data() to is_kernel_core_data()	2021-11-09 10:02:50 -08:00