a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eb8079d2a7
android_kernel_samsung_a7y1.../net
History
Eric Dumazet 71b4848540 ipvs: move old_secure_tcp into struct netns_ipvs 
[ Upstream commit c24b75e0f9239e78105f81c5f03a751641eb07ef ]

syzbot reported the following issue :

BUG: KCSAN: data-race in update_defense_level / update_defense_level

read to 0xffffffff861a6260 of 4 bytes by task 3006 on cpu 1:
 update_defense_level+0x621/0xb30 net/netfilter/ipvs/ip_vs_ctl.c:177
 defense_work_handler+0x3d/0xd0 net/netfilter/ipvs/ip_vs_ctl.c:225
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

write to 0xffffffff861a6260 of 4 bytes by task 7333 on cpu 0:
 update_defense_level+0xa62/0xb30 net/netfilter/ipvs/ip_vs_ctl.c:205
 defense_work_handler+0x3d/0xd0 net/netfilter/ipvs/ip_vs_ctl.c:225
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7333 Comm: kworker/0:5 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events defense_work_handler

Indeed, old_secure_tcp is currently a static variable, while it
needs to be a per netns variable.

Fixes: a0840e2e165a ("IPVS: netns, ip_vs_ctl local vars moved to ipvs struct.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-07 11:49:17 +02:00
..
6lowpan A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
9p 9p/virtio: Add cleanup path in p9_virtio_init 2020-04-06 20:04:29 +02:00
802 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
8021q vlan: disable SIOCSHWTSTAMP in container 2020-04-06 17:01:37 +02:00
appletalk appletalk: enforce CAP_NET_RAW for raw sockets 2020-04-07 07:37:30 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2020-04-06 15:28:29 +02:00
ax25 ax25: enforce CAP_NET_RAW for raw sockets 2020-04-07 07:37:32 +02:00
batman-adv batman-adv: fix for leaked TVLV handler. 2020-04-06 19:54:11 +02:00
bluetooth Revert "Bluetooth: validate BLE connection interval updates" 2020-04-07 07:35:58 +02:00
bridge bridge/mdb: remove wrong use of NLM_F_MULTI 2020-04-06 21:35:09 +02:00
caif A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
can can: purge socket error queue on sock destruct 2020-04-06 19:16:48 +02:00
ceph A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
core net/flow_dissector: switch to siphash 2020-04-07 09:29:43 +02:00
dcb A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dccp inet: stop leaking jiffies on the wire 2020-04-07 09:29:41 +02:00
decnet A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dns_resolver A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dsa A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ethernet A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hsr A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ieee802154 ieee802154: enforce CAP_NET_RAW for raw sockets 2020-04-07 07:37:35 +02:00
ipv4 inet: stop leaking jiffies on the wire 2020-04-07 09:29:41 +02:00
ipv6 ipv6: drop incoming packets having a v4mapped source address 2020-04-07 08:07:05 +02:00
ipx A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
irda A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
iucv A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
key xfrm: clean up xfrm protocol checks 2020-04-06 21:34:53 +02:00
l2tp compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2020-04-06 20:28:29 +02:00
l3mdev A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
lapb lapb: fixed leak of control-blocks. 2020-04-06 19:03:42 +02:00
llc llc: fix sk_buff leak in llc_conn_service() 2020-04-07 09:28:32 +02:00
mac80211 mac80211: Reject malformed SSID elements 2020-04-07 09:26:46 +02:00
mac802154 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mpls A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mptcp A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ncm A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
netfilter ipvs: move old_secure_tcp into struct netns_ipvs 2020-04-07 11:49:17 +02:00
netlabel A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
netlink A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
netrom netrom: hold sock when setting skb->destructor 2020-04-06 20:05:22 +02:00
nfc nfc: netlink: fix double device reference drop 2020-04-07 11:48:24 +02:00
openvswitch openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC 2020-04-07 07:37:13 +02:00
packet af_packet: tone down the Tx-ring unsupported spew. 2020-04-06 21:35:03 +02:00
phonet A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
rds net/rds: Fix error handling in rds_ib_add_one() 2020-04-07 08:07:20 +02:00
rfkill A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
rose net: rose: fix a possible stack overflow 2020-04-06 12:57:06 +02:00
rxrpc A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sched net/flow_dissector: switch to siphash 2020-04-07 09:29:43 +02:00
sctp inet: stop leaking jiffies on the wire 2020-04-07 09:29:41 +02:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2020-04-06 16:38:50 +02:00
switchdev A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tipc tipc: add NULL pointer check before calling kfree_rcu 2020-04-06 21:35:27 +02:00
unix A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vmw_vsock A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
wimax A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
wireless nl80211: fix validation of mesh path nexthop 2020-04-07 09:28:24 +02:00
x25 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
xfrm xfrm: clean up xfrm protocol checks 2020-04-06 21:34:53 +02:00
compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
socket.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sysctl_net.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30