[PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
@ 2023-05-08 17:55 Kuniyuki Iwashima
  2023-05-09  9:07 ` Eric Dumazet
  2023-05-10  3:30 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Kuniyuki Iwashima @ 2023-05-08 17:55 UTC (permalink / raw)
  To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
  Cc: Kuniyuki Iwashima, Kuniyuki Iwashima, netdev, syzbot

KCSAN found a data race in sock_recv_cmsgs() where the read access
to sk->sk_stamp needs READ_ONCE().

BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg

write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
 sock_write_timestamp include/net/sock.h:2670 [inline]
 sock_recv_cmsgs include/net/sock.h:2722 [inline]
 packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 sock_recvmsg+0x11a/0x130 net/socket.c:1040
 sock_read_iter+0x176/0x220 net/socket.c:1118
 call_read_iter include/linux/fs.h:1845 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x5e0/0x630 fs/read_write.c:470
 ksys_read+0x163/0x1a0 fs/read_write.c:613
 __do_sys_read fs/read_write.c:623 [inline]
 __se_sys_read fs/read_write.c:621 [inline]
 __x64_sys_read+0x41/0x50 fs/read_write.c:621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:
 sock_recv_cmsgs include/net/sock.h:2721 [inline]
 packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 sock_recvmsg+0x11a/0x130 net/socket.c:1040
 sock_read_iter+0x176/0x220 net/socket.c:1118
 call_read_iter include/linux/fs.h:1845 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x5e0/0x630 fs/read_write.c:470
 ksys_read+0x163/0x1a0 fs/read_write.c:613
 __do_sys_read fs/read_write.c:623 [inline]
 __se_sys_read fs/read_write.c:621 [inline]
 __x64_sys_read+0x41/0x50 fs/read_write.c:621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0xffffffffc4653600 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

Fixes: 6c7c98bad488 ("sock: avoid dirtying sk_stamp, if possible")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
v3:
  * Use sock_read_timestamp() instead of cmpxchg().

v2: https://lore.kernel.org/netdev/20230508165815.45602-1-kuniyu@amazon.com/
  * Add Fixes tag

v1: https://lore.kernel.org/netdev/20230506022325.99106-1-kuniyu@amazon.com/
---
 include/net/sock.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/sock.h b/include/net/sock.h
index 8b7ed7167243..656ea89f60ff 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2718,7 +2718,7 @@ static inline void sock_recv_cmsgs(struct msghdr *msg, struct sock *sk,
 		__sock_recv_cmsgs(msg, sk, skb);
 	else if (unlikely(sock_flag(sk, SOCK_TIMESTAMP)))
 		sock_write_timestamp(sk, skb->tstamp);
-	else if (unlikely(sk->sk_stamp == SK_DEFAULT_STAMP))
+	else if (unlikely(sock_read_timestamp(sk) == SK_DEFAULT_STAMP))
 		sock_write_timestamp(sk, 0);
 }
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
  2023-05-08 17:55 [PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs() Kuniyuki Iwashima
@ 2023-05-09  9:07 ` Eric Dumazet
  2023-05-10  3:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Eric Dumazet @ 2023-05-09  9:07 UTC (permalink / raw)
  To: Kuniyuki Iwashima
  Cc: David S. Miller, Jakub Kicinski, Paolo Abeni, Kuniyuki Iwashima,
	netdev, syzbot

On Mon, May 8, 2023 at 7:56 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>
> KCSAN found a data race in sock_recv_cmsgs() where the read access
> to sk->sk_stamp needs READ_ONCE().
>
>
> Fixes: 6c7c98bad488 ("sock: avoid dirtying sk_stamp, if possible")
> Reported-by: syzbot <syzkaller@googlegroups.com>
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> ---

Reviewed-by: Eric Dumazet <edumazet@google.com>

Thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
  2023-05-08 17:55 [PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs() Kuniyuki Iwashima
  2023-05-09  9:07 ` Eric Dumazet
@ 2023-05-10  3:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-05-10  3:30 UTC (permalink / raw)
  To: Kuniyuki Iwashima
  Cc: davem, edumazet, kuba, pabeni, kuni1840, netdev, syzkaller

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Mon, 8 May 2023 10:55:43 -0700 you wrote:
> KCSAN found a data race in sock_recv_cmsgs() where the read access
> to sk->sk_stamp needs READ_ONCE().
> 
> BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg
> 
> write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
>  sock_write_timestamp include/net/sock.h:2670 [inline]
>  sock_recv_cmsgs include/net/sock.h:2722 [inline]
>  packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
>  sock_recvmsg_nosec net/socket.c:1019 [inline]
>  sock_recvmsg+0x11a/0x130 net/socket.c:1040
>  sock_read_iter+0x176/0x220 net/socket.c:1118
>  call_read_iter include/linux/fs.h:1845 [inline]
>  new_sync_read fs/read_write.c:389 [inline]
>  vfs_read+0x5e0/0x630 fs/read_write.c:470
>  ksys_read+0x163/0x1a0 fs/read_write.c:613
>  __do_sys_read fs/read_write.c:623 [inline]
>  __se_sys_read fs/read_write.c:621 [inline]
>  __x64_sys_read+0x41/0x50 fs/read_write.c:621
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x72/0xdc
> 
> [...]

Here is the summary with links:
  - [v3,net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
    https://git.kernel.org/netdev/net/c/dfd9248c071a

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-05-10  3:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-08 17:55 [PATCH v3 net] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs() Kuniyuki Iwashima
2023-05-09  9:07 ` Eric Dumazet
2023-05-10  3:30 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).