From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, "Jason A. Donenfeld" <Jason@zx2c4.com>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 6.1 76/96] wireguard: send: annotate intentional data race in checking empty queue
Date: Tue, 16 Jul 2024 17:32:27 +0200 [thread overview]
Message-ID: <20240716152749.433716161@linuxfoundation.org> (raw)
In-Reply-To: <20240716152746.516194097@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 381a7d453fa2ac5f854a154d3c9b1bbb90c4f94f upstream.
KCSAN reports a race in wg_packet_send_keepalive, which is intentional:
BUG: KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets
write to 0xffff88814cd91280 of 8 bytes by task 3194 on cpu 0:
__skb_queue_head_init include/linux/skbuff.h:2162 [inline]
skb_queue_splice_init include/linux/skbuff.h:2248 [inline]
wg_packet_send_staged_packets+0xe5/0xad0 drivers/net/wireguard/send.c:351
wg_xmit+0x5b8/0x660 drivers/net/wireguard/device.c:218
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3564
__dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0xa66/0xce0 net/ipv6/ip6_output.c:137
ip6_finish_output+0x1a5/0x490 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ndisc_send_skb+0x4a2/0x670 net/ipv6/ndisc.c:509
ndisc_send_rs+0x3ab/0x3e0 net/ipv6/ndisc.c:719
addrconf_dad_completed+0x640/0x8e0 net/ipv6/addrconf.c:4295
addrconf_dad_work+0x891/0xbc0
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
read to 0xffff88814cd91280 of 8 bytes by task 3202 on cpu 1:
skb_queue_empty include/linux/skbuff.h:1798 [inline]
wg_packet_send_keepalive+0x20/0x100 drivers/net/wireguard/send.c:225
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x445/0x5e0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
value changed: 0xffff888148fef200 -> 0xffff88814cd91280
Mark this race as intentional by using the skb_queue_empty_lockless()
function rather than skb_queue_empty(), which uses READ_ONCE()
internally to annotate the race.
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://patch.msgid.link/20240704154517.1572127-5-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireguard/send.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireguard/send.c
+++ b/drivers/net/wireguard/send.c
@@ -222,7 +222,7 @@ void wg_packet_send_keepalive(struct wg_
{
struct sk_buff *skb;
- if (skb_queue_empty(&peer->staged_packet_queue)) {
+ if (skb_queue_empty_lockless(&peer->staged_packet_queue)) {
skb = alloc_skb(DATA_PACKET_HEAD_ROOM + MESSAGE_MINIMUM_LENGTH,
GFP_ATOMIC);
if (unlikely(!skb))
next prev parent reply other threads:[~2024-07-16 15:57 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-16 15:31 [PATCH 6.1 00/96] 6.1.100-rc1 review Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 01/96] mm: prevent derefencing NULL ptr in pfn_section_valid() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 02/96] cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 03/96] cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 04/96] cachefiles: stop sending new request when dropping object Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 05/96] cachefiles: cancel all requests for the object that is being dropped Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 06/96] cachefiles: wait for ondemand_object_worker to finish when dropping object Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 07/96] cachefiles: cyclic allocation of msg_id to avoid reuse Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 08/96] cachefiles: add missing lock protection when polling Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 09/96] filelock: fix potential use-after-free in posix_lock_inode Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 10/96] fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 11/96] vfs: dont mod negative dentry count when on shrinker list Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 12/96] tcp: fix incorrect undo caused by DSACK of TLP retransmit Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 13/96] net: phy: microchip: lan87xx: reinit PHY after cable test Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 14/96] skmsg: Skip zero length skb in sk_msg_recvmsg Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 15/96] octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 16/96] net: fix rc7s __skb_datagram_iter() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 17/96] i40e: Fix XDP program unloading while removing the driver Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 18/96] net: ethernet: lantiq_etop: fix double free in detach Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 19/96] bpf: Refactor some inode/task/sk storage functions for reuse Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 20/96] bpf: Reduce smap->elem_size Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 21/96] bpf: use bpf_map_kvcalloc in bpf_local_storage Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 22/96] bpf: Remove __bpf_local_storage_map_alloc Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 23/96] bpf: fix order of args in call to bpf_map_kvcalloc Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 24/96] net: ethernet: mtk-star-emac: set mac_managed_pm when probing Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 25/96] ppp: reject claimed-as-LCP but actually malformed packets Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 26/96] ethtool: netlink: do not return SQI value if link is down Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 27/96] udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 28/96] net/sched: Fix UAF when resolving a clash Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 29/96] net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 30/96] s390: Mark psw in __load_psw_mask() as __unitialized Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 31/96] firmware: cs_dsp: Fix overflow checking of wmfw header Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 32/96] firmware: cs_dsp: Return error if block header overflows file Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 33/96] firmware: cs_dsp: Validate payload length before processing block Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 34/96] firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 35/96] firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 36/96] ARM: davinci: Convert comma to semicolon Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 37/96] octeontx2-af: replace cpt slot with lf id on reg write Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 38/96] octeontx2-af: update cpt lf alloc mailbox Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 39/96] octeontx2-af: fix a issue with cpt_lf_alloc mailbox Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 40/96] octeontx2-af: fix detection of IP layer Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 41/96] octeontx2-af: extend RSS supported offload types Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 42/96] octeontx2-af: fix issue with IPv6 ext match for RSS Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 43/96] octeontx2-af: fix issue with IPv4 " Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 44/96] cifs: fix setting SecurityFlags to true Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 45/96] Revert "sched/fair: Make sure to try to detach at least one movable task" Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 46/96] tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 47/96] tcp: avoid too many retransmit packets Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 48/96] net: ks8851: Fix deadlock with the SPI chip variant Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 49/96] net: ks8851: Fix potential TX stall after interface reopen Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 50/96] USB: serial: option: add Telit generic core-dump composition Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 51/96] USB: serial: option: add Telit FN912 rmnet compositions Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 52/96] USB: serial: option: add Fibocom FM350-GL Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 53/96] USB: serial: option: add support for Foxconn T99W651 Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 54/96] USB: serial: option: add Netprisma LCUK54 series modules Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 55/96] USB: serial: option: add Rolling RW350-GL variants Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 56/96] USB: serial: mos7840: fix crash on resume Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 57/96] USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 58/96] usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 59/96] USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 60/96] hpet: Support 32-bit userspace Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 61/96] xhci: always resume roothubs if xHC was reset during resume Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 62/96] ksmbd: discard write access to the directory open Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 63/96] nvmem: rmem: Fix return value of rmem_read() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 64/96] nvmem: meson-efuse: Fix return value of nvmem callbacks Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 65/96] nvmem: core: only change name to fram for current attribute Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 66/96] platform/x86: toshiba_acpi: Fix array out-of-bounds access Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 67/96] ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 68/96] ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 69/96] ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 70/96] Fix userfaultfd_api to return EINVAL as expected Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 71/96] libceph: fix race between delayed_work() and ceph_monc_stop() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 72/96] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 73/96] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 74/96] wireguard: allowedips: avoid unaligned 64-bit memory accesses Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 75/96] wireguard: queueing: annotate intentional data race in cpu round robin Greg Kroah-Hartman
2024-07-16 15:32 ` Greg Kroah-Hartman [this message]
2024-07-16 15:32 ` [PATCH 6.1 77/96] misc: fastrpc: Fix DSP capabilities request Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 78/96] misc: fastrpc: Avoid updating PD type for capability request Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 79/96] misc: fastrpc: Copy the complete capability structure to user Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 80/96] x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 81/96] cifs: use origin fullpath for automounts Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 82/96] cifs: avoid dup prefix path in dfs_get_automount_devname() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 83/96] bpf: Allow reads from uninit stack Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 84/96] nilfs2: fix kernel bug on rename operation of broken directory Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 85/96] sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 86/96] i2c: rcar: bring hardware to known state when probing Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 87/96] i2c: mark HostNotify target address as used Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 88/96] i2c: rcar: reset controller is mandatory for Gen3+ Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 89/96] i2c: rcar: introduce Gen4 devices Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 90/96] i2c: rcar: ensure Gen3+ reset does not disturb local targets Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 91/96] i2c: testunit: avoid re-issued work after read message Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 92/96] i2c: rcar: clear NO_RXDMA flag after resetting Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 93/96] x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 94/96] x86/bhi: Avoid warning in #DB handler due to BHI mitigation Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 95/96] kbuild: Make ld-version.sh more robust against version string changes Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 96/96] i2c: rcar: fix error code in probe() Greg Kroah-Hartman
2024-07-16 18:38 ` [PATCH 6.1 00/96] 6.1.100-rc1 review SeongJae Park
2024-07-16 18:42 ` Florian Fainelli
2024-07-16 19:01 ` Pavel Machek
2024-07-16 20:29 ` Naresh Kamboju
2024-07-17 6:24 ` Greg Kroah-Hartman
2024-07-17 15:51 ` Shuah Khan
2024-07-17 16:57 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240716152749.433716161@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jason@zx2c4.com \
--cc=kuba@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox