microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net/ipv6
История
Kuniyuki Iwashima fcd31dd829 tcp: Fix data races around icsk->icsk_af_ops. 
commit f49cd2f4d6 upstream.

setsockopt(IPV6_ADDRFORM) and tcp_v6_connect() change icsk->icsk_af_ops
under lock_sock(), but tcp_(get|set)sockopt() read it locklessly.  To
avoid load/store tearing, we need to add READ_ONCE() and WRITE_ONCE()
for the reads and writes.

Thanks to Eric Dumazet for providing the syzbot report:

BUG: KCSAN: data-race in tcp_setsockopt / tcp_v6_connect

write to 0xffff88813c624518 of 8 bytes by task 23936 on cpu 0:
tcp_v6_connect+0x5b3/0xce0 net/ipv6/tcp_ipv6.c:240
__inet_stream_connect+0x159/0x6d0 net/ipv4/af_inet.c:660
inet_stream_connect+0x44/0x70 net/ipv4/af_inet.c:724
__sys_connect_file net/socket.c:1976 [inline]
__sys_connect+0x197/0x1b0 net/socket.c:1993
__do_sys_connect net/socket.c:2003 [inline]
__se_sys_connect net/socket.c:2000 [inline]
__x64_sys_connect+0x3d/0x50 net/socket.c:2000
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff88813c624518 of 8 bytes by task 23937 on cpu 1:
tcp_setsockopt+0x147/0x1c80 net/ipv4/tcp.c:3789
sock_common_setsockopt+0x5d/0x70 net/core/sock.c:3585
__sys_setsockopt+0x212/0x2b0 net/socket.c:2252
__do_sys_setsockopt net/socket.c:2263 [inline]
__se_sys_setsockopt net/socket.c:2260 [inline]
__x64_sys_setsockopt+0x62/0x70 net/socket.c:2260
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0xffffffff8539af68 -> 0xffffffff8539aff8

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 23937 Comm: syz-executor.5 Not tainted
6.0.0-rc4-syzkaller-00331-g4ed9c1e971b1-dirty #0

Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 08/26/2022

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Kazunori Kobayashi <kazunori.kobayashi@miraclelinux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-07-05 09:14:51 +02:00
..
ila ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() 2023-03-17 08:48:54 +01:00
netfilter netfilter: complete validation of user input 2024-04-17 11:15:15 +02:00
Kconfig
Makefile
addrconf.c ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr 2024-04-17 11:15:14 +02:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-02-23 08:54:54 +01:00
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-16 09:58:18 +01:00
af_inet6.c ipv6: annotate some data-races around sk->sk_prot 2024-07-05 09:14:50 +02:00
ah6.c
anycast.c
calipso.c
datagram.c ipv6: Fix datagram socket connection with DSCP. 2023-02-22 12:57:09 +01:00
esp6.c net: ipv6: fix return value check in esp_remove_trailer 2023-10-25 11:58:57 +02:00
esp6_offload.c xfrm: Linearize the skb after offloading if needed. 2023-06-28 10:29:46 +02:00
exthdrs.c ipv6: rpl: Fix Route of Death. 2023-06-14 11:13:02 +02:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-30 13:55:31 +01:00
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() 2024-05-17 11:50:58 +02:00
fou6.c
icmp.c icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). 2023-07-23 13:47:41 +02:00
inet6_connection_sock.c
inet6_hashtables.c net: remove duplicate reuseport_lookup functions 2024-06-16 13:39:21 +02:00
ioam6.c
ioam6_iptunnel.c
ip6_checksum.c
ip6_fib.c ipv6: fix possible race in __fib6_drop_pcpu_from() 2024-07-05 09:14:09 +02:00
ip6_flowlabel.c ipv6: per-netns exclusive flowlabel checks 2022-02-23 12:03:10 +01:00
ip6_gre.c erspan: make sure erspan_base_hdr is present in skb->head 2024-04-10 16:19:38 +02:00
ip6_icmp.c
ip6_input.c tcp/udp: Make early_demux back namespacified. 2022-11-10 18:15:38 +01:00
ip6_offload.c gso: do not skip outer ip header in case of ipip and net_failover 2022-03-02 11:47:56 +01:00
ip6_offload.h
ip6_output.c net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps 2024-01-15 18:51:14 +01:00
ip6_tunnel.c ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() 2024-02-23 08:54:53 +01:00
ip6_udp_tunnel.c
ip6_vti.c ip6_vti: fix slab-use-after-free in decode_session6 2023-08-26 14:23:32 +02:00
ip6mr.c ip6mr: Fix skb_under_panic in ip6mr_cache_report() 2023-08-11 15:13:53 +02:00
ipcomp6.c
ipv6_sockglue.c tcp: Fix data races around icsk->icsk_af_ops. 2024-07-05 09:14:51 +02:00
mcast.c ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() 2024-03-26 18:21:19 -04:00
mcast_snoop.c
mip6.c
ndisc.c net: change accept_ra_min_rtr_lft to affect all RA lifetimes 2023-10-19 23:05:35 +02:00
netfilter.c netfilter: Update ip6_route_me_harder to consider L3 domain 2022-05-09 09:14:41 +02:00
output_core.c
ping.c ping6: Fix send to link-local addresses with VRF. 2023-06-21 15:59:16 +02:00
proc.c
protocol.c
raw.c ipv{4,6}/raw: fix output xfrm lookup wrt protocol 2023-06-05 09:21:26 +02:00
reassembly.c net: ipv6: fix wrong start position when receive hop-by-hop fragment 2024-06-16 13:39:25 +02:00
route.c ipv6: prevent possible NULL dereference in rt6_probe() 2024-07-05 09:14:29 +02:00
rpl.c net: rpl: fix rpl header size calculation 2023-04-26 13:51:49 +02:00
rpl_iptunnel.c
seg6.c ipv6: sr: fix invalid unregister error path 2024-06-16 13:39:26 +02:00
seg6_hmac.c ipv6: sr: fix memleak in seg6_hmac_init_algo 2024-06-16 13:39:47 +02:00
seg6_iptunnel.c ipv6: sr: block BH in seg6_output_core() and seg6_input_core() 2024-07-05 09:14:06 +02:00
seg6_local.c seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors 2024-07-05 09:14:31 +02:00
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-05-17 11:50:16 +02:00
syncookies.c dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:08:28 +01:00
sysctl_net_ipv6.c
tcp_ipv6.c tcp: Fix data races around icsk->icsk_af_ops. 2024-07-05 09:14:51 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udp: Avoid call to compute_score on multiple sites 2024-06-16 13:39:21 +02:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2023-04-26 13:51:54 +02:00
udp_offload.c udp: do not transition UDP GRO fraglist partial checksums to unnecessary 2024-04-10 16:19:39 +02:00
udplite.c udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). 2023-05-30 13:55:31 +01:00
xfrm6_input.c xfrm: Preserve vlan tags for transport mode software GRO 2024-05-17 11:50:57 +02:00
xfrm6_output.c xfrm: fix tunnel model fragmentation behavior 2022-04-08 14:22:46 +02:00
xfrm6_policy.c xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() 2024-07-05 09:14:29 +02:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c