Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/net
History
Eric Dumazet d95d6320ba ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt 
Because fib6_info_hw_flags_set() is called without any synchronization,
all accesses to gi6->offload, fi->trap and fi->offload_failed
need some basic protection like READ_ONCE()/WRITE_ONCE().

BUG: KCSAN: data-race in fib6_info_hw_flags_set / fib6_purge_rt

read to 0xffff8881087d5886 of 1 bytes by task 13953 on cpu 0:
 fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1007 [inline]
 fib6_purge_rt+0x4f/0x580 net/ipv6/ip6_fib.c:1033
 fib6_del_route net/ipv6/ip6_fib.c:1983 [inline]
 fib6_del+0x696/0x890 net/ipv6/ip6_fib.c:2028
 __ip6_del_rt net/ipv6/route.c:3876 [inline]
 ip6_del_rt+0x83/0x140 net/ipv6/route.c:3891
 __ipv6_dev_ac_dec+0x2b5/0x370 net/ipv6/anycast.c:374
 ipv6_dev_ac_dec net/ipv6/anycast.c:387 [inline]
 __ipv6_sock_ac_close+0x141/0x200 net/ipv6/anycast.c:207
 ipv6_sock_ac_close+0x79/0x90 net/ipv6/anycast.c:220
 inet6_release+0x32/0x50 net/ipv6/af_inet6.c:476
 __sock_release net/socket.c:650 [inline]
 sock_close+0x6c/0x150 net/socket.c:1318
 __fput+0x295/0x520 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
 exit_to_user_mode_prepare+0x160/0x190 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:300
 do_syscall_64+0x50/0xd0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff8881087d5886 of 1 bytes by task 1912 on cpu 1:
 fib6_info_hw_flags_set+0x155/0x3b0 net/ipv6/route.c:6230
 nsim_fib6_rt_hw_flags_set drivers/net/netdevsim/fib.c:668 [inline]
 nsim_fib6_rt_add drivers/net/netdevsim/fib.c:691 [inline]
 nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:756 [inline]
 nsim_fib6_event drivers/net/netdevsim/fib.c:853 [inline]
 nsim_fib_event drivers/net/netdevsim/fib.c:886 [inline]
 nsim_fib_event_work+0x284f/0x2cf0 drivers/net/netdevsim/fib.c:1477
 process_one_work+0x3f6/0x960 kernel/workqueue.c:2307
 worker_thread+0x616/0xa70 kernel/workqueue.c:2454
 kthread+0x2c7/0x2e0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

value changed: 0x22 -> 0x2a

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1912 Comm: kworker/1:3 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events nsim_fib_event_work

Fixes: 0c5fcf9e24 ("IPv6: Add "offload failed" indication to routes")
Fixes: bb3c4ab93e ("ipv6: Add "offload" and "trap" indications to routes")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Amit Cohen <amcohen@nvidia.com>
Cc: Ido Schimmel <idosch@nvidia.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Link: https://lore.kernel.org/r/20220216173217.3792411-2-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2022-02-17 09:48:24 -08:00
..
9p net/p9: load default transports 2022-01-10 10:00:09 +09:00
bluetooth Bluetooth: hci_event: Rework hci_inquiry_result_with_rssi_evt 2022-01-06 14:57:09 +01:00
caif
iucv
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2022-01-09 15:59:23 -08:00
netns ipv6: per-netns exclusive flowlabel checks 2022-02-16 20:37:47 -08:00
nfc
phonet
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-01-05 14:36:10 -08:00
tc_act
6lowpan.h
Space.h
act_api.h
addrconf.h ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() 2022-02-14 13:30:37 +00:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
ah.h
amt.h
arp.h
atmclip.h
ax25.h ax25: fix reference count leaks of ax25_dev 2022-02-03 14:20:36 -08:00
ax88796.h
bareudp.h
bond_3ad.h bonding: fix data-races around agg_select_timer 2022-02-15 14:35:18 +00:00
bond_alb.h
bond_options.h
bonding.h bonding: use rcu_dereference_rtnl when get bonding active slave 2022-01-24 11:57:38 +00:00
bpf_sk_storage.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN 2022-02-14 13:31:12 +00:00
dsfield.h
dst.h
dst_cache.h
dst_metadata.h net: fix a memleak when uncloning an skb dst and its metadata 2022-02-09 11:41:47 +00:00
dst_ops.h
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow.h
flow_dissector.h
flow_offload.h
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h inet: frags: annotate races around fqdir->dead and fqdir->high_thresh 2022-01-13 13:06:05 +00:00
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ioam6.h
ip.h ipv4: avoid using shared IP generator for connected sockets 2022-01-27 08:37:02 -08:00
ip6_checksum.h
ip6_fib.h ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt 2022-02-17 09:48:24 -08:00
ip6_route.h
ip6_tunnel.h
ip_fib.h
ip_tunnels.h
ip_vs.h
ipcomp.h
ipconfig.h
ipv6.h ipv6: per-netns exclusive flowlabel checks 2022-02-16 20:37:47 -08:00
ipv6_frag.h inet: frags: annotate races around fqdir->dead and fqdir->high_thresh 2022-01-13 13:06:05 +00:00
ipv6_stubs.h
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h mac80211: Add stations iterator where the iterator function may sleep 2022-01-04 15:47:15 +01:00
mac802154.h
macsec.h
mctp.h
mctpdevice.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mptcp.h
mrp.h
ncsi.h
ndisc.h
neighbour.h net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work 2022-02-02 20:30:18 -08:00
net_failover.h
net_namespace.h
net_ratelimit.h
net_trackers.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h
p8022.h
page_pool.h page_pool: Store the XDP mem id 2022-01-05 19:46:32 -08:00
pie.h
ping.h
pkt_cls.h net: sched: do not allocate a tracker in tcf_exts_init() 2022-01-11 20:40:16 -08:00
pkt_sched.h net: openvswitch: Fix ct_state nat flags for conns arriving from tc 2022-01-09 16:24:12 -08:00
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h ipv4: remove sparse error in ip_neigh_gw4() 2022-01-27 08:38:33 -08:00
rpl.h
rsi_91x.h
rtnetlink.h
rtnh.h
sch_generic.h net_sched: restore "mpu xxx" handling 2022-01-13 11:06:42 -08:00
scm.h
secure_seq.h
seg6.h udp6: Use Segment Routing Header for dest address if present 2022-01-04 12:17:35 +00:00
seg6_hmac.h
seg6_local.h
selftests.h
slhc_vj.h
smc.h
snmp.h
sock.h net: bpf: Handle return value of BPF_CGROUP_RUN_PROG_INET{4,6}_POST_BIND() 2022-01-06 17:08:35 -08:00
sock_reuseport.h
stp.h
strparser.h
switchdev.h
tcp.h tcp: Add a stub for sk_defer_free_flush() 2022-01-20 20:17:32 -08:00
tcp_states.h
timewait_sock.h
tipc.h
tls.h
tls_toe.h
transp_v6.h
tso.h
tun_proto.h
udp.h
udp_tunnel.h
udplite.h
vsock_addr.h
vxlan.h
wext.h
x25.h
x25device.h
xdp.h xdp: Allow registering memory model without rxq reference 2022-01-05 19:46:32 -08:00
xdp_priv.h
xdp_sock.h net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
xdp_sock_drv.h
xfrm.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-01-09 17:00:17 -08:00
xsk_buff_pool.h