mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 13:22:57 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Eric Dumazet abee4c8eb7 ipv4: fix data-races around inet->inet_id 
[ Upstream commit f866fbc842 ]

UDP sendmsg() is lockless, so ip_select_ident_segs()
can very well be run from multiple cpus [1]

Convert inet->inet_id to an atomic_t, but implement
a dedicated path for TCP, avoiding cost of a locked
instruction (atomic_add_return())

Note that this patch will cause a trivial merge conflict
because we added inet->flags in net-next tree.

v2: added missing change in
drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
(David Ahern)

[1]

BUG: KCSAN: data-race in __ip_make_skb / __ip_make_skb

read-write to 0xffff888145af952a of 2 bytes by task 7803 on cpu 1:
ip_select_ident_segs include/net/ip.h:542 [inline]
ip_select_ident include/net/ip.h:556 [inline]
__ip_make_skb+0x844/0xc70 net/ipv4/ip_output.c:1446
ip_make_skb+0x233/0x2c0 net/ipv4/ip_output.c:1560
udp_sendmsg+0x1199/0x1250 net/ipv4/udp.c:1260
inet_sendmsg+0x63/0x80 net/ipv4/af_inet.c:830
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg net/socket.c:748 [inline]
____sys_sendmsg+0x37c/0x4d0 net/socket.c:2494
___sys_sendmsg net/socket.c:2548 [inline]
__sys_sendmmsg+0x269/0x500 net/socket.c:2634
__do_sys_sendmmsg net/socket.c:2663 [inline]
__se_sys_sendmmsg net/socket.c:2660 [inline]
__x64_sys_sendmmsg+0x57/0x60 net/socket.c:2660
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff888145af952a of 2 bytes by task 7804 on cpu 0:
ip_select_ident_segs include/net/ip.h:541 [inline]
ip_select_ident include/net/ip.h:556 [inline]
__ip_make_skb+0x817/0xc70 net/ipv4/ip_output.c:1446
ip_make_skb+0x233/0x2c0 net/ipv4/ip_output.c:1560
udp_sendmsg+0x1199/0x1250 net/ipv4/udp.c:1260
inet_sendmsg+0x63/0x80 net/ipv4/af_inet.c:830
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg net/socket.c:748 [inline]
____sys_sendmsg+0x37c/0x4d0 net/socket.c:2494
___sys_sendmsg net/socket.c:2548 [inline]
__sys_sendmmsg+0x269/0x500 net/socket.c:2634
__do_sys_sendmmsg net/socket.c:2663 [inline]
__se_sys_sendmmsg net/socket.c:2660 [inline]
__x64_sys_sendmmsg+0x57/0x60 net/socket.c:2660
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x184d -> 0x184e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7804 Comm: syz-executor.1 Not tainted 6.5.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
==================================================================

Fixes: 23f57406b8 ("ipv4: avoid using shared IP generator for connected sockets")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-08-30 14:52:31 +02:00
..
accel accel/qaic: Clean up integer overflow checking in map_user_pages() 2023-08-23 17:32:45 +02:00
accessibility
acpi ACPI: scan: Create platform device for CS35L56 2023-08-16 18:32:31 +02:00
amba
android binder: fix memory leak in binder_init() 2023-08-16 18:32:21 +02:00
ata ata: pata_ns87415: mark ns87560_tf_read static 2023-08-03 10:26:00 +02:00
atm
auxdisplay
base x86/srso: Add a Speculative RAS Overflow mitigation 2023-08-08 20:04:51 +02:00
bcma
block zram: take device and not only bvec offset into account 2023-08-16 18:32:17 +02:00
bluetooth Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally 2023-08-23 17:32:32 +02:00
bus bus: ti-sysc: Flush posted write on enable before reset 2023-08-23 17:32:49 +02:00
cdrom
cdx cdx: fix driver managed dma support 2023-07-19 16:36:37 +02:00
char tpm_tis: Opt-in interrupts 2023-08-16 18:32:19 +02:00
clk clk: mediatek: mt8183: Add back SSPM related clocks 2023-08-11 12:14:26 +02:00
clocksource clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe 2023-07-19 16:35:14 +02:00
comedi
connector
counter
cpufreq cpufreq: amd-pstate: fix global sysfs attribute type 2023-08-16 18:32:20 +02:00
cpuidle cpuidle: psci: Move enabling OSI mode after power domains creation 2023-08-16 18:32:19 +02:00
crypto crypto: qat - unmap buffers before free for RSA 2023-07-19 16:36:19 +02:00
cxl cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws() 2023-08-03 10:25:57 +02:00
dax dax/kmem: Pass valid argument to memory_group_register_static 2023-07-19 16:36:20 +02:00
dca
devfreq
dio
dma dmaengine: owl-dma: Modify mismatched function name 2023-08-16 18:32:28 +02:00
dma-buf dma-buf: fix an error pointer vs NULL bug 2023-08-03 10:26:14 +02:00
edac
eisa
extcon extcon: Fix kernel doc of property capability fields to avoid warnings 2023-07-19 16:36:31 +02:00
firewire firewire: net: fix use after free in fwnet_finish_incoming_packet() 2023-08-23 17:32:32 +02:00
firmware firmware: arm_scmi: Drop OF node reference in the transport channel setup 2023-08-11 12:14:19 +02:00
fpga
fsi
gnss
gpio gpio: sim: mark the GPIO chip as a one that can sleep 2023-08-16 18:32:29 +02:00
gpu drm/amdgpu: keep irq count in amdgpu_irq_disable_all 2023-08-23 17:32:55 +02:00
greybus
hid HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID 2023-08-23 17:32:29 +02:00
hsi
hte
hv x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline 2023-06-17 23:09:47 +00:00
hwmon hwmon: (aquacomputer_d5next) Add selective 200ms delay after sending ctrl report 2023-08-16 18:32:25 +02:00
hwspinlock
hwtracing hwtracing: hisi_ptt: Fix potential sleep in atomic context 2023-07-19 16:36:39 +02:00
i2c i2c: designware: Handle invalid SMBus block data response length value 2023-08-23 17:32:39 +02:00
i3c i3c: master: svc: fix cpu schedule in spin lock 2023-07-19 16:36:33 +02:00
idle
iio iio: light: bu27034: Fix scale format 2023-08-16 18:32:23 +02:00
infiniband RDMA/bnxt_re: consider timeout of destroy ah as success. 2023-08-23 17:32:28 +02:00
input Input: ads7846 - fix pointer cast warning 2023-07-19 16:36:59 +02:00
interconnect interconnect: qcom: sm8550: add enable_mask for bcm nodes 2023-08-16 18:32:23 +02:00
iommu iommu/amd: Introduce Disable IRTE Caching Support 2023-08-23 17:32:27 +02:00
ipack
irqchip irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation 2023-08-03 10:26:09 +02:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:32:25 +02:00
leds led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node() loops 2023-08-23 17:32:30 +02:00
macintosh
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-07-19 16:36:45 +02:00
mcb
md dm cache policy smq: ensure IO doesn't prevent cleaner policy progress 2023-08-03 10:26:13 +02:00
media media: uvcvideo: Fix menu count handling for userspace XU mappings 2023-08-23 17:32:53 +02:00
memory memory: brcmstb_dpfe: fix testing array offset after use 2023-07-19 16:35:53 +02:00
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-07-19 16:35:28 +02:00
message
mfd mfd: pm8008: Fix module autoloading 2023-07-23 13:54:01 +02:00
misc misc: rtsx: judge ASPM Mode to set PETXCFG Reg 2023-08-16 18:32:21 +02:00
mmc mmc: sunplus: Fix error handling in spmmc_drv_probe() 2023-08-23 17:32:54 +02:00
most
mtd mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() 2023-08-11 12:14:27 +02:00
mux
net ipv4: fix data-races around inet->inet_id 2023-08-30 14:52:31 +02:00
nfc nfc: fdp: Add MODULE_FIRMWARE macros 2023-06-18 11:19:52 +01:00
ntb NTB: ntb_tool: Add check for devm_kcalloc 2023-07-23 13:53:43 +02:00
nubus nubus: Partially revert proc_create_single_data() conversion 2023-07-05 18:30:30 +01:00
nvdimm
nvme nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM9B1 256G and 512G 2023-08-16 18:32:18 +02:00
nvmem nvmem: rmem: Use NVMEM_DEVID_AUTO 2023-07-19 16:36:37 +02:00
of of: Preserve "of-display" device name for compatibility 2023-07-27 08:56:36 +02:00
opp opp: Fix use-after-free in lazy_opp_tables after probe deferral 2023-07-23 13:54:07 +02:00
parisc
parport
pci PCI: acpiphp: Reassign resources on bridge if necessary 2023-08-30 14:52:27 +02:00
pcmcia pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() 2023-08-23 17:32:31 +02:00
peci
perf perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() 2023-07-23 13:54:09 +02:00
phy phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() 2023-08-03 10:25:50 +02:00
pinctrl pinctrl: qcom: Add intr_target_width field to support increased number of interrupt targets 2023-08-23 17:32:51 +02:00
platform ACPI: scan: Create platform device for CS35L56 2023-08-16 18:32:31 +02:00
pnp
power power: supply: rt9467: Make charger-enable control as logic level 2023-07-19 16:36:33 +02:00
powercap powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 2023-07-19 16:35:15 +02:00
pps
ps3
ptp
pwm pwm: meson: fix handling of period/duty if greater than UINT_MAX 2023-07-23 13:54:11 +02:00
rapidio
ras
regulator regulator: da9063: better fix null deref with partial DT 2023-08-23 17:32:52 +02:00
remoteproc
reset
rpmsg
rtc rtc: st-lpc: Release some resources in st_rtc_probe() in case of error 2023-07-19 16:36:40 +02:00
s390 scsi: zfcp: Defer fc_rport blocking until after ADISC response 2023-08-11 12:14:19 +02:00
sbus
scsi scsi: qedf: Fix firmware halt over suspend and resume 2023-08-16 18:32:31 +02:00
sh
siox
slimbus
soc soc: aspeed: socinfo: Add kfree for kstrdup 2023-08-23 17:32:51 +02:00
soundwire soundwire: fix enumeration completion 2023-08-03 10:26:10 +02:00
spi spi: dw: Remove misleading comment for Mount Evans SoC 2023-07-27 08:57:06 +02:00
spmi
ssb
staging staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() 2023-08-03 10:26:05 +02:00
target scsi: target: core: Fix error path in target_setup_session() 2023-06-14 21:54:35 -04:00
tc
tee
thermal thermal: of: fix double-free on unregistration 2023-08-03 10:26:13 +02:00
thunderbolt thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth 2023-08-23 17:32:32 +02:00
tty serial: 8250: Fix oops for port->pm on uart_change_pm() 2023-08-23 17:32:52 +02:00
ufs scsi: ufs: renesas: Fix private allocation 2023-08-16 18:32:30 +02:00
uio
usb usb: chipidea: imx: add missing USB PHY DPDM wakeup setting 2023-08-23 17:32:31 +02:00
vdpa vdpa: Enable strict validation for netlinks ops 2023-08-23 17:32:38 +02:00
vfio vfio/mdev: Move the compat_class initialization to module init 2023-07-19 16:36:18 +02:00
vhost
video fbdev: mmp: fix value check in mmphw_probe() 2023-08-23 17:32:37 +02:00
virt virt: sevguest: Add CONFIG_CRYPTO dependency 2023-07-19 16:35:08 +02:00
virtio virtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs() 2023-08-23 17:32:35 +02:00
vlynq
w1 w1: fix loop in w1_fini() 2023-07-19 16:36:25 +02:00
watchdog watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) 2023-08-23 17:32:32 +02:00
xen xen: speed up grant-table reclaim 2023-08-03 10:26:09 +02:00
zorro
Kconfig
Makefile