kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/net-fix-data-race-in-neigh_event_send.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   42410b3106954b309b30192171d183270a6400e6
  2.   patches.suse
  3.   net-fix-data-race-in-neigh_event_send.patch
Blob History Raw
Jiri Slaby 52366a 
From: Eric Dumazet <edumazet@google.com>
Jiri Slaby 52366a 
Date: Thu, 7 Nov 2019 20:08:19 -0800
Jiri Slaby 52366a 
Subject: net: fix data-race in neigh_event_send()
Jiri Slaby 52366a 
Git-commit: 1b53d64435d56902fc234ff2507142d971a09687
Jiri Slaby 52366a 
Patch-mainline: 5.4-rc7
Jiri Slaby 52366a 
References: networking-stable-19_11_10
Jiri Slaby 52366a
Jiri Slaby 52366a 
KCSAN reported the following data-race [1]
Jiri Slaby 52366a
Jiri Slaby 52366a 
The fix will also prevent the compiler from optimizing out
Jiri Slaby 52366a 
the condition.
Jiri Slaby 52366a
Jiri Slaby 52366a 
[1]
Jiri Slaby 52366a
Jiri Slaby 52366a 
BUG: KCSAN: data-race in neigh_resolve_output / neigh_resolve_output
Jiri Slaby 52366a
Jiri Slaby 52366a 
write to 0xffff8880a41dba78 of 8 bytes by interrupt on cpu 1:
Jiri Slaby 52366a 
 neigh_event_send include/net/neighbour.h:443 [inline]
Jiri Slaby 52366a 
 neigh_resolve_output+0x78/0x480 net/core/neighbour.c:1474
Jiri Slaby 52366a 
 neigh_output include/net/neighbour.h:511 [inline]
Jiri Slaby 52366a 
 ip_finish_output2+0x4af/0xe40 net/ipv4/ip_output.c:228
Jiri Slaby 52366a 
 __ip_finish_output net/ipv4/ip_output.c:308 [inline]
Jiri Slaby 52366a 
 __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290
Jiri Slaby 52366a 
 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318
Jiri Slaby 52366a 
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
Jiri Slaby 52366a 
 ip_output+0xdf/0x210 net/ipv4/ip_output.c:432
Jiri Slaby 52366a 
 dst_output include/net/dst.h:436 [inline]
Jiri Slaby 52366a 
 ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125
Jiri Slaby 52366a 
 __ip_queue_xmit+0x3a8/0xa40 net/ipv4/ip_output.c:532
Jiri Slaby 52366a 
 ip_queue_xmit+0x45/0x60 include/net/ip.h:237
Jiri Slaby 52366a 
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169
Jiri Slaby 52366a 
 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline]
Jiri Slaby 52366a 
 __tcp_retransmit_skb+0x4bd/0x15f0 net/ipv4/tcp_output.c:2976
Jiri Slaby 52366a 
 tcp_retransmit_skb+0x36/0x1a0 net/ipv4/tcp_output.c:2999
Jiri Slaby 52366a 
 tcp_retransmit_timer+0x719/0x16d0 net/ipv4/tcp_timer.c:515
Jiri Slaby 52366a 
 tcp_write_timer_handler+0x42d/0x510 net/ipv4/tcp_timer.c:598
Jiri Slaby 52366a 
 tcp_write_timer+0xd1/0xf0 net/ipv4/tcp_timer.c:618
Jiri Slaby 52366a
Jiri Slaby 52366a 
read to 0xffff8880a41dba78 of 8 bytes by interrupt on cpu 0:
Jiri Slaby 52366a 
 neigh_event_send include/net/neighbour.h:442 [inline]
Jiri Slaby 52366a 
 neigh_resolve_output+0x57/0x480 net/core/neighbour.c:1474
Jiri Slaby 52366a 
 neigh_output include/net/neighbour.h:511 [inline]
Jiri Slaby 52366a 
 ip_finish_output2+0x4af/0xe40 net/ipv4/ip_output.c:228
Jiri Slaby 52366a 
 __ip_finish_output net/ipv4/ip_output.c:308 [inline]
Jiri Slaby 52366a 
 __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290
Jiri Slaby 52366a 
 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318
Jiri Slaby 52366a 
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
Jiri Slaby 52366a 
 ip_output+0xdf/0x210 net/ipv4/ip_output.c:432
Jiri Slaby 52366a 
 dst_output include/net/dst.h:436 [inline]
Jiri Slaby 52366a 
 ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125
Jiri Slaby 52366a 
 __ip_queue_xmit+0x3a8/0xa40 net/ipv4/ip_output.c:532
Jiri Slaby 52366a 
 ip_queue_xmit+0x45/0x60 include/net/ip.h:237
Jiri Slaby 52366a 
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169
Jiri Slaby 52366a 
 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline]
Jiri Slaby 52366a 
 __tcp_retransmit_skb+0x4bd/0x15f0 net/ipv4/tcp_output.c:2976
Jiri Slaby 52366a 
 tcp_retransmit_skb+0x36/0x1a0 net/ipv4/tcp_output.c:2999
Jiri Slaby 52366a 
 tcp_retransmit_timer+0x719/0x16d0 net/ipv4/tcp_timer.c:515
Jiri Slaby 52366a 
 tcp_write_timer_handler+0x42d/0x510 net/ipv4/tcp_timer.c:598
Jiri Slaby 52366a
Jiri Slaby 52366a 
Reported by Kernel Concurrency Sanitizer on:
Jiri Slaby 52366a 
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.0-rc3+ #0
Jiri Slaby 52366a 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Jiri Slaby 52366a
Jiri Slaby 52366a 
Signed-off-by: Eric Dumazet <edumazet@google.com>
Jiri Slaby 52366a 
Reported-by: syzbot <syzkaller@googlegroups.com>
Jiri Slaby 52366a 
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Slaby 52366a 
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Jiri Slaby 52366a 
---
Jiri Slaby 52366a 
 include/net/neighbour.h |    4 ++--
Jiri Slaby 52366a 
 1 file changed, 2 insertions(+), 2 deletions(-)
Jiri Slaby 52366a
Jiri Slaby 52366a 
--- a/include/net/neighbour.h
Jiri Slaby 52366a 
+++ b/include/net/neighbour.h
Jiri Slaby 52366a 
@@ -427,8 +427,8 @@ static inline int neigh_event_send(struc
Jiri Slaby 52366a 
 {
Jiri Slaby 52366a 
 	unsigned long now = jiffies;
Jiri Slaby 52366a
Jiri Slaby 52366a 
-	if (neigh->used != now)
Jiri Slaby 52366a 
-		neigh->used = now;
Jiri Slaby 52366a 
+	if (READ_ONCE(neigh->used) != now)
Jiri Slaby 52366a 
+		WRITE_ONCE(neigh->used, now);
Jiri Slaby 52366a 
 	if (!(neigh->nud_state&(NUD_CONNECTED|NUD_DELAY|NUD_PROBE)))
Jiri Slaby 52366a 
 		return __neigh_event_send(neigh, skb);
Jiri Slaby 52366a 
 	return 0;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.