Re: [PATCH net] xfrm: fix a data-race in xfrm_lookup_with_ifid()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Simon Horman <horms@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	netdev@vger.kernel.org, eric.dumazet@gmail.com,
	syzbot <syzkaller@googlegroups.com>,
	Steffen Klassert <steffen.klassert@secunet.com>
Subject: Re: [PATCH net] xfrm: fix a data-race in xfrm_lookup_with_ifid()
Date: Fri, 13 Oct 2023 17:22:25 +0200	[thread overview]
Message-ID: <20231013152225.GL29570@kernel.org> (raw)
In-Reply-To: <20231011102429.799316-1-edumazet@google.com>

On Wed, Oct 11, 2023 at 10:24:29AM +0000, Eric Dumazet wrote:
> syzbot complains about a race in xfrm_lookup_with_ifid() [1]
> 
> When preparing commit 0a9e5794b21e ("xfrm: annotate data-race
> around use_time") I thought xfrm_lookup_with_ifid() was modifying
> a still private structure.
> 
> [1]
> BUG: KCSAN: data-race in xfrm_lookup_with_ifid / xfrm_lookup_with_ifid
> 
> write to 0xffff88813ea41108 of 8 bytes by task 8150 on cpu 1:
> xfrm_lookup_with_ifid+0xce7/0x12d0 net/xfrm/xfrm_policy.c:3218
> xfrm_lookup net/xfrm/xfrm_policy.c:3270 [inline]
> xfrm_lookup_route+0x3b/0x100 net/xfrm/xfrm_policy.c:3281
> ip6_dst_lookup_flow+0x98/0xc0 net/ipv6/ip6_output.c:1246
> send6+0x241/0x3c0 drivers/net/wireguard/socket.c:139
> wg_socket_send_skb_to_peer+0xbd/0x130 drivers/net/wireguard/socket.c:178
> wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
> wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
> wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
> process_one_work kernel/workqueue.c:2630 [inline]
> process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
> worker_thread+0x525/0x730 kernel/workqueue.c:2784
> kthread+0x1d7/0x210 kernel/kthread.c:388
> ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
> 
> write to 0xffff88813ea41108 of 8 bytes by task 15867 on cpu 0:
> xfrm_lookup_with_ifid+0xce7/0x12d0 net/xfrm/xfrm_policy.c:3218
> xfrm_lookup net/xfrm/xfrm_policy.c:3270 [inline]
> xfrm_lookup_route+0x3b/0x100 net/xfrm/xfrm_policy.c:3281
> ip6_dst_lookup_flow+0x98/0xc0 net/ipv6/ip6_output.c:1246
> send6+0x241/0x3c0 drivers/net/wireguard/socket.c:139
> wg_socket_send_skb_to_peer+0xbd/0x130 drivers/net/wireguard/socket.c:178
> wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
> wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
> wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
> process_one_work kernel/workqueue.c:2630 [inline]
> process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
> worker_thread+0x525/0x730 kernel/workqueue.c:2784
> kthread+0x1d7/0x210 kernel/kthread.c:388
> ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
> 
> value changed: 0x00000000651cd9d1 -> 0x00000000651cd9d2
> 
> Reported by Kernel Concurrency Sanitizer on:
> CPU: 0 PID: 15867 Comm: kworker/u4:58 Not tainted 6.6.0-rc4-syzkaller-00016-g5e62ed3b1c8a #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
> Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
> 
> Fixes: 0a9e5794b21e ("xfrm: annotate data-race around use_time")
> Reported-by: syzbot <syzkaller@googlegroups.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Steffen Klassert <steffen.klassert@secunet.com>

Reviewed-by: Simon Horman <horms@kernel.org>

next prev parent reply	other threads:[~2023-10-13 15:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-11 10:24 [PATCH net] xfrm: fix a data-race in xfrm_lookup_with_ifid() Eric Dumazet
2023-10-13 15:22 ` Simon Horman [this message]
2023-10-16  5:45 ` Steffen Klassert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231013152225.GL29570@kernel.org \
    --to=horms@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=steffen.klassert@secunet.com \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.