Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 10:45:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e0f8790383
linux-stable/net
History
Marco Elver e0f8790383 9p/trans_fd: Annotate data-racy writes to file::f_flags 
[ Upstream commit 355f074609 ]

syzbot reported:

 | BUG: KCSAN: data-race in p9_fd_create / p9_fd_create
 |
 | read-write to 0xffff888130fb3d48 of 4 bytes by task 15599 on cpu 0:
 |  p9_fd_open net/9p/trans_fd.c:842 [inline]
 |  p9_fd_create+0x210/0x250 net/9p/trans_fd.c:1092
 |  p9_client_create+0x595/0xa70 net/9p/client.c:1010
 |  v9fs_session_init+0xf9/0xd90 fs/9p/v9fs.c:410
 |  v9fs_mount+0x69/0x630 fs/9p/vfs_super.c:123
 |  legacy_get_tree+0x74/0xd0 fs/fs_context.c:611
 |  vfs_get_tree+0x51/0x190 fs/super.c:1519
 |  do_new_mount+0x203/0x660 fs/namespace.c:3335
 |  path_mount+0x496/0xb30 fs/namespace.c:3662
 |  do_mount fs/namespace.c:3675 [inline]
 |  __do_sys_mount fs/namespace.c:3884 [inline]
 |  [...]
 |
 | read-write to 0xffff888130fb3d48 of 4 bytes by task 15563 on cpu 1:
 |  p9_fd_open net/9p/trans_fd.c:842 [inline]
 |  p9_fd_create+0x210/0x250 net/9p/trans_fd.c:1092
 |  p9_client_create+0x595/0xa70 net/9p/client.c:1010
 |  v9fs_session_init+0xf9/0xd90 fs/9p/v9fs.c:410
 |  v9fs_mount+0x69/0x630 fs/9p/vfs_super.c:123
 |  legacy_get_tree+0x74/0xd0 fs/fs_context.c:611
 |  vfs_get_tree+0x51/0x190 fs/super.c:1519
 |  do_new_mount+0x203/0x660 fs/namespace.c:3335
 |  path_mount+0x496/0xb30 fs/namespace.c:3662
 |  do_mount fs/namespace.c:3675 [inline]
 |  __do_sys_mount fs/namespace.c:3884 [inline]
 |  [...]
 |
 | value changed: 0x00008002 -> 0x00008802

Within p9_fd_open(), O_NONBLOCK is added to f_flags of the read and
write files. This may happen concurrently if e.g. mounting process
modifies the fd in another thread.

Mark the plain read-modify-writes as intentional data-races, with the
assumption that the result of executing the accesses concurrently will
always result in the same result despite the accesses themselves not
being atomic.

Reported-by: syzbot+e441aeeb422763cc5511@syzkaller.appspotmail.com
Signed-off-by: Marco Elver <elver@google.com>
Link: https://lore.kernel.org/r/ZO38mqkS0TYUlpFp@elver.google.com
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Message-ID: <20231025103445.1248103-1-asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-11-28 17:14:50 +00:00
..
6lowpan 6lowpan: Remove redundant initialisation. 2023-03-29 08:22:52 +01:00
9p 9p/trans_fd: Annotate data-racy writes to file::f_flags 2023-11-28 17:14:50 +00:00
802 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
8021q Revert "vlan: Fix VLAN 0 memory leak" 2023-08-14 08:14:00 +01:00
appletalk sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
atm sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
ax25 sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
batman-adv batman-adv: Hold rtnl lock during MTU update via netlink 2023-08-22 17:25:10 -07:00
bluetooth Bluetooth: Fix double free in hci_conn_cleanup 2023-11-28 17:14:43 +00:00
bpf bpf: Move kernel test kfuncs to bpf_testmod 2023-05-16 22:09:24 -07:00
bpfilter net: Use umd_cleanup_helper() 2023-05-31 13:06:57 +02:00
bridge neighbour: fix data-races around n->output 2023-10-10 22:03:01 +02:00
caif sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
can can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior 2023-10-19 23:10:59 +02:00
ceph libceph: use kernel_connect() 2023-10-19 23:11:05 +02:00
core net: annotate data-races around sk->sk_dst_pending_confirm 2023-11-28 17:14:42 +00:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-01 21:07:46 -07:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:57:22 +01:00
devlink devlink: Hold devlink lock on health reporter dump get 2023-10-19 23:10:59 +02:00
dns_resolver
dsa net: dsa: fix older DSA drivers using phylink 2023-07-27 17:19:46 -07:00
ethernet net: ethernet: use sysfs_emit() to instead of scnprintf() 2022-12-07 20:02:44 -08:00
ethtool ethtool: plca: fix plca enable data type while parsing the value 2023-10-10 22:03:02 +02:00
handshake net/handshake: fix file ref count in handshake_nl_accept_doit() 2023-11-02 09:36:54 +01:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-20 11:57:22 +01:00
ieee802154 sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
ife
ipv4 net: annotate data-races around sk->sk_dst_pending_confirm 2023-11-28 17:14:42 +00:00
ipv6 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:57:22 +01:00
iucv net/iucv: Fix size of interrupt data 2023-03-16 17:34:40 -07:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-19 12:30:30 +02:00
key net: af_key: fix sadb_x_filter validation 2023-06-29 10:47:29 +02:00
l2tp udp: annotate data-races around udp->encap_type 2023-11-20 11:56:47 +01:00
l3mdev
lapb
llc llc: verify mac len before reading mac header 2023-11-20 11:57:21 +01:00
mac80211 wifi: mac80211: don't return unset power in ieee80211_get_tx_power() 2023-11-28 17:14:41 +00:00
mac802154 Core WPAN changes: 2023-06-24 15:41:46 -07:00
mctp mctp: perform route lookups under a RCU read-side lock 2023-10-19 23:11:06 +02:00
mpls net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
mptcp mptcp: properly account fastopen data 2023-11-20 11:56:54 +01:00
ncsi ncsi: Propagate carrier gain/loss events to the NCSI controller 2023-10-06 13:16:17 +02:00
netfilter netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:57:24 +01:00
netlabel netlabel: Reorder fields in 'struct netlbl_domaddr6_map' 2023-06-20 20:06:56 -07:00
netlink netlink: annotate data-races around sk->sk_err 2023-10-10 22:03:03 +02:00
netrom netrom: Deny concurrent connect(). 2023-09-13 09:53:12 +02:00
nfc nfc: nci: fix possible NULL pointer dereference in send_acknowledge() 2023-10-25 12:16:10 +02:00
nsh net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
openvswitch net/sched: act_ct: Always fill offloading tuple iifidx 2023-11-20 11:57:24 +01:00
packet af_packet: Fix fortified memcpy() without flex array. 2023-10-19 23:11:01 +02:00
phonet sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
psample
qrtr Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
rds net: prevent address rewrite in kernel_bind() 2023-10-19 23:10:56 +02:00
rfkill net: rfkill: reduce data->mtx scope in rfkill_fop_open 2023-10-25 12:16:30 +02:00
rose sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
rxrpc rxrpc: Fix two connection reaping bugs 2023-11-20 11:57:22 +01:00
sched net/sched: act_ct: Always fill offloading tuple iifidx 2023-11-20 11:57:24 +01:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-10 22:03:03 +02:00
smc net/smc: put sk reference if close work was canceled 2023-11-20 11:57:23 +01:00
strparser
sunrpc SUNRPC/TLS: Lock the lower_xprt during the tls handshake 2023-10-25 12:16:18 +02:00
switchdev
tipc tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING 2023-11-20 11:57:22 +01:00
tls tls: Use size_add() in call to struct_size() 2023-11-20 11:56:48 +01:00
unix af_unix: Fix data-race around unix_tot_inflight. 2023-09-19 12:30:18 +02:00
vmw_vsock vsock: read from socket's error queue 2023-11-28 17:14:43 +00:00
wireless wifi: cfg80211: fix off-by-one in element defrag 2023-11-20 11:56:46 +01:00
x25 sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
xdp xdp: Fix zero-size allocation warning in xskq_create() 2023-10-19 23:11:00 +02:00
xfrm net: xfrm: skip policies marked as dead while reinserting policies 2023-10-25 12:16:13 +02:00
compat.c net/compat: Update msg_control_is_user when setting a kernel pointer 2023-04-14 11:09:27 +01:00
devres.c
Kconfig net/core: Enable socket busy polling on -RT 2023-05-26 08:51:26 +01:00
Kconfig.debug
Makefile net/handshake: Create a NETLINK service for handling handshake requests 2023-04-19 18:48:48 -07:00
socket.c net: prevent address rewrite in kernel_bind() 2023-10-19 23:10:56 +02:00
sysctl_net.c