Merge branch 'net-packet-KCSAN'

Eric Dumazet says: ==================== net/packet: KCSAN awareness This series is based on one syzbot report [1] Seven 'flags/booleans' are converted to atomic bit variant. po->xmit and po->tp_tstamp accesses get annotations. [1] BUG: KCSAN: data-race in packet_rcv / packet_setsockopt read-write to 0xffff88813dbe84e4 of 1 bytes by task 12312 on cpu 0: packet_setsockopt+0xb77/0xe60 net/packet/af_packet.c:3900 __sys_setsockopt+0x212/0x2b0 net/socket.c:2252 __do_sys_setsockopt net/socket.c:2263 [inline] __se_sys_setsockopt net/socket.c:2260 [inline] __x64_sys_setsockopt+0x62/0x70 net/socket.c:2260 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd read to 0xffff88813dbe84e4 of 1 bytes by task 1911 on cpu 1: packet_rcv+0x4b1/0xa40 net/packet/af_packet.c:2187 deliver_skb net/core/dev.c:2189 [inline] dev_queue_xmit_nit+0x3a9/0x620 net/core/dev.c:2259 xmit_one+0x71/0x2a0 net/core/dev.c:3586 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256 dev_queue_xmit include/linux/netdevice.h:3008 [inline] neigh_hh_output include/net/neighbour.h:530 [inline] neigh_output include/net/neighbour.h:544 [inline] ip6_finish_output2+0x9e9/0xc30 net/ipv6/ip6_output.c:134 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] ip6_finish_output+0x395/0x4f0 net/ipv6/ip6_output.c:206 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:227 dst_output include/net/dst.h:445 [inline] ip6_local_out+0x60/0x80 net/ipv6/output_core.c:161 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline] udp_tunnel6_xmit_skb+0x321/0x4a0 net/ipv6/ip6_udp_tunnel.c:109 send6+0x2ed/0x3b0 drivers/net/wireguard/socket.c:152 wg_socket_send_skb_to_peer+0xbb/0x120 drivers/net/wireguard/socket.c:178 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline] wg_packet_tx_worker+0x142/0x360 drivers/net/wireguard/send.c:276 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289 worker_thread+0x618/0xa70 kernel/workqueue.c:2436 kthread+0x1a9/0x1e0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 ==================== Reviewed-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Merge branch 'net-packet-KCSAN'
Eric Dumazet says: ==================== net/packet: KCSAN awareness This series is based on one syzbot report [1] Seven 'flags/booleans' are converted to atomic bit variant. po->xmit and po->tp_tstamp accesses get annotations. [1] BUG: KCSAN: data-race in packet_rcv / packet_setsockopt read-write to 0xffff88813dbe84e4 of 1 bytes by task 12312 on cpu 0: packet_setsockopt+0xb77/0xe60 net/packet/af_packet.c:3900 __sys_setsockopt+0x212/0x2b0 net/socket.c:2252 __do_sys_setsockopt net/socket.c:2263 [inline] __se_sys_setsockopt net/socket.c:2260 [inline] __x64_sys_setsockopt+0x62/0x70 net/socket.c:2260 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd read to 0xffff88813dbe84e4 of 1 bytes by task 1911 on cpu 1: packet_rcv+0x4b1/0xa40 net/packet/af_packet.c:2187 deliver_skb net/core/dev.c:2189 [inline] dev_queue_xmit_nit+0x3a9/0x620 net/core/dev.c:2259 xmit_one+0x71/0x2a0 net/core/dev.c:3586 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256 dev_queue_xmit include/linux/netdevice.h:3008 [inline] neigh_hh_output include/net/neighbour.h:530 [inline] neigh_output include/net/neighbour.h:544 [inline] ip6_finish_output2+0x9e9/0xc30 net/ipv6/ip6_output.c:134 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] ip6_finish_output+0x395/0x4f0 net/ipv6/ip6_output.c:206 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:227 dst_output include/net/dst.h:445 [inline] ip6_local_out+0x60/0x80 net/ipv6/output_core.c:161 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline] udp_tunnel6_xmit_skb+0x321/0x4a0 net/ipv6/ip6_udp_tunnel.c:109 send6+0x2ed/0x3b0 drivers/net/wireguard/socket.c:152 wg_socket_send_skb_to_peer+0xbb/0x120 drivers/net/wireguard/socket.c:178 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline] wg_packet_tx_worker+0x142/0x360 drivers/net/wireguard/send.c:276 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289 worker_thread+0x618/0xa70 kernel/workqueue.c:2436 kthread+0x1a9/0x1e0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 ==================== Reviewed-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
19a9fbc0 · David S. Miller · dc021e6c · 791a3e9f · 19a9fbc0 · 19a9fbc0
Commit 19a9fbc0 authored Mar 17, 2023 by David S. Miller
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 87 additions and 63 deletions

net/packet/af_packet.c net/packet/af_packet.c +54 -50

net/packet/diag.c net/packet/diag.c +6 -6

net/packet/internal.h net/packet/internal.h +27 -7

No files found.
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -18,18 +18,18 @@ static int pdiag_put_info(const struct packet_sock *po, struct sk_buff *nlskb)
 	pinfo.pdi_version = po->tp_version;
 	pinfo.pdi_reserve = po->tp_reserve;
 	pinfo.pdi_copy_thresh = po->copy_thresh;
-	pinfo.pdi_tstamp = po->tp_tstamp;
+	pinfo.pdi_tstamp = READ_ONCE(po->tp_tstamp);

 	pinfo.pdi_flags = 0;
-	if (po->running)
+	if (packet_sock_flag(po, PACKET_SOCK_RUNNING))
 		pinfo.pdi_flags |= PDI_RUNNING;
-	if (po->auxdata)
+	if (packet_sock_flag(po, PACKET_SOCK_AUXDATA))
 		pinfo.pdi_flags |= PDI_AUXDATA;
-	if (po->origdev)
+	if (packet_sock_flag(po, PACKET_SOCK_ORIGDEV))
 		pinfo.pdi_flags |= PDI_ORIGDEV;
-	if (po->has_vnet_hdr)
+	if (packet_sock_flag(po, PACKET_SOCK_HAS_VNET_HDR))
 		pinfo.pdi_flags |= PDI_VNETHDR;
-	if (po->tp_loss)
+	if (packet_sock_flag(po, PACKET_SOCK_TP_LOSS))
 		pinfo.pdi_flags |= PDI_LOSS;

 	return nla_put(nlskb, PACKET_DIAG_INFO, sizeof(pinfo), &pinfo);

--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -116,13 +116,7 @@ struct packet_sock {
 	int			copy_thresh;
 	spinlock_t		bind_lock;
 	struct mutex		pg_vec_lock;
-	unsigned int		running;	/* bind_lock must be held */
-	unsigned int		auxdata:1,	/* writer must hold sock lock */
-				origdev:1,
-				has_vnet_hdr:1,
-				tp_loss:1,
-				tp_tx_has_off:1;
-	int			pressure;
+	unsigned long		flags;
 	int			ifindex;	/* bound device		*/
 	__be16			num;
 	struct packet_rollover	*rollover;
@@ -144,4 +138,30 @@ static inline struct packet_sock *pkt_sk(struct sock *sk)
 	return (struct packet_sock *)sk;
 }

+enum packet_sock_flags {
+	PACKET_SOCK_ORIGDEV,
+	PACKET_SOCK_AUXDATA,
+	PACKET_SOCK_TX_HAS_OFF,
+	PACKET_SOCK_TP_LOSS,
+	PACKET_SOCK_HAS_VNET_HDR,
+	PACKET_SOCK_RUNNING,
+	PACKET_SOCK_PRESSURE,
+};
+
+static inline void packet_sock_flag_set(struct packet_sock *po,
+					enum packet_sock_flags flag,
+					bool val)
+{
+	if (val)
+		set_bit(flag, &po->flags);
+	else
+		clear_bit(flag, &po->flags);
+}
+
+static inline bool packet_sock_flag(const struct packet_sock *po,
+				    enum packet_sock_flags flag)
+{
+	return test_bit(flag, &po->flags);
+}
+
 #endif