superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/net
History
Eric Dumazet 417e7ec0d6 ipv4: fix data-races around inet->inet_id 
[ Upstream commit f866fbc842 ]

UDP sendmsg() is lockless, so ip_select_ident_segs()
can very well be run from multiple cpus [1]

Convert inet->inet_id to an atomic_t, but implement
a dedicated path for TCP, avoiding cost of a locked
instruction (atomic_add_return())

Note that this patch will cause a trivial merge conflict
because we added inet->flags in net-next tree.

v2: added missing change in
drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
(David Ahern)

[1]

BUG: KCSAN: data-race in __ip_make_skb / __ip_make_skb

read-write to 0xffff888145af952a of 2 bytes by task 7803 on cpu 1:
ip_select_ident_segs include/net/ip.h:542 [inline]
ip_select_ident include/net/ip.h:556 [inline]
__ip_make_skb+0x844/0xc70 net/ipv4/ip_output.c:1446
ip_make_skb+0x233/0x2c0 net/ipv4/ip_output.c:1560
udp_sendmsg+0x1199/0x1250 net/ipv4/udp.c:1260
inet_sendmsg+0x63/0x80 net/ipv4/af_inet.c:830
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg net/socket.c:748 [inline]
____sys_sendmsg+0x37c/0x4d0 net/socket.c:2494
___sys_sendmsg net/socket.c:2548 [inline]
__sys_sendmmsg+0x269/0x500 net/socket.c:2634
__do_sys_sendmmsg net/socket.c:2663 [inline]
__se_sys_sendmmsg net/socket.c:2660 [inline]
__x64_sys_sendmmsg+0x57/0x60 net/socket.c:2660
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff888145af952a of 2 bytes by task 7804 on cpu 0:
ip_select_ident_segs include/net/ip.h:541 [inline]
ip_select_ident include/net/ip.h:556 [inline]
__ip_make_skb+0x817/0xc70 net/ipv4/ip_output.c:1446
ip_make_skb+0x233/0x2c0 net/ipv4/ip_output.c:1560
udp_sendmsg+0x1199/0x1250 net/ipv4/udp.c:1260
inet_sendmsg+0x63/0x80 net/ipv4/af_inet.c:830
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg net/socket.c:748 [inline]
____sys_sendmsg+0x37c/0x4d0 net/socket.c:2494
___sys_sendmsg net/socket.c:2548 [inline]
__sys_sendmmsg+0x269/0x500 net/socket.c:2634
__do_sys_sendmmsg net/socket.c:2663 [inline]
__se_sys_sendmmsg net/socket.c:2660 [inline]
__x64_sys_sendmmsg+0x57/0x60 net/socket.c:2660
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x184d -> 0x184e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7804 Comm: syz-executor.1 Not tainted 6.5.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
==================================================================

Fixes: 23f57406b8 ("ipv4: avoid using shared IP generator for connected sockets")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-08-30 16:11:02 +02:00
..
appletalk
arcnet
bonding bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves 2023-08-16 18:27:27 +02:00
caif
can net: validate veth and vxcan peer ifindexes 2023-08-30 16:11:02 +02:00
dsa net: dsa: mt7530: fix handling of 802.1X PAE frames 2023-08-30 16:11:01 +02:00
ethernet ipv4: fix data-races around inet->inet_id 2023-08-30 16:11:02 +02:00
fddi
fjes
hamradio
hippi
hyperv
ieee802154
ipa net: ipa: only reset hashed tables when supported 2023-08-11 12:08:09 +02:00
ipvlan ipvlan: Fix a reference count leak warning in ipvlan_ns_exit() 2023-08-30 16:11:01 +02:00
mctp
mdio
netdevsim netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() 2023-07-23 13:49:27 +02:00
pcs net: pcs: Add missing put_device call in miic_create 2023-08-23 17:52:33 +02:00
phy net: phy: broadcom: stub c45 read/write for 54810 2023-08-23 17:52:34 +02:00
plip
ppp pptp: Fix fib lookup calls. 2023-07-19 16:22:06 +02:00
pse-pd
slip
team team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves 2023-08-23 17:52:34 +02:00
usb net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb 2023-08-11 12:08:24 +02:00
vmxnet3
vxlan drivers: vxlan: vnifilter: free percpu vni stats on error path 2023-08-16 18:27:27 +02:00
wan
wireguard wireguard: allowedips: expand maximum node depth 2023-08-16 18:27:20 +02:00
wireless wifi: rtw89: fix 8852AE disconnection caused by RX full flags 2023-08-16 18:27:20 +02:00
wwan
xen-netback xen/netback: Fix buffer overrun triggered by unusual packet 2023-08-08 20:03:51 +02:00
Kconfig
LICENSE.SRC
Makefile
Space.c
amt.c
bareudp.c
dummy.c
eql.c
geneve.c
gtp.c gtp: Fix use-after-free in __gtp_encap_destroy(). 2023-07-19 16:21:12 +02:00
ifb.c
loopback.c
macsec.c macsec: use DEV_STATS_INC() 2023-08-16 18:27:26 +02:00
macvlan.c
macvtap.c
mdio.c
mhi_net.c
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
sungem_phy.c
tap.c net: tap_open(): set sk_uid from current_fsuid() 2023-08-11 12:08:20 +02:00
thunderbolt.c
tun.c drivers: net: prevent tun_build_skb() to exceed the packet size limit 2023-08-16 18:27:27 +02:00
veth.c net: validate veth and vxcan peer ifindexes 2023-08-30 16:11:02 +02:00
virtio_net.c virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case 2023-08-23 17:52:39 +02:00
vrf.c
vsockmon.c
xen-netfront.c