Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp2906681ybx; Fri, 8 Nov 2019 11:05:49 -0800 (PST) X-Google-Smtp-Source: APXvYqzR0283gdKcrGq5qdrZXfNlH2v4qwJtrseDo4kGaeCxHrqPrDdDHQKQA54W1PCiPq0c5/Vv X-Received: by 2002:a17:906:2654:: with SMTP id i20mr10324120ejc.163.1573239949839; Fri, 08 Nov 2019 11:05:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573239949; cv=none; d=google.com; s=arc-20160816; b=R7JfmTR6rf0rzzGej3ikir4oeFx6/S0ry3KYw0m1+wAKGixb709C1Pv/JziYTlPulm eLGXh/EalxO9RR/HIV3lVt6lp2HtRWDfygLr0WD3aGLPBOVVc086aaFVUkI0rIDgcG6k eUkx+3iAO1zYyqlsp8Nx5JQBaYMxy5JrKlepsIFGSLRCWY8Vlg9PR9LSKOkFWS1Fr6Vi KJcJ1Ht3SQ4U0BDofUcQanCJaz1oeYFrpeiXIZiEk/5Rd2UlY9HDfBTCBePWjt5cfoxH LltaAbhbpA1hZwX+L9E8hRBMTtFdmlYWsjhAufqyJhgJWVzoQjhyJW3Sa0ki+Uc3y3Rq buWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=xfQUUIIGN1tplWOL+dsEz0UeXRgfL6QniKu6C1v/SNQ=; b=lF5CwHsF/OAVWXeTilI6kTcHObjkvNI1yZchYSVHw4698uaJoyNImApqXvfUL529fq sbCGMVZU6gZsL3goDI66RCvWg7Hp+sXxMOJoGb0KqEx0xnQS3rAuNjv/VN+iZD8ln/TF DSYNg/4FMYZYSPHFtN5W4dwbf0SskjpQYrFT/+6ZgdGNDxU4LSVDpked4V/Ume6YzQb7 Xn+wT/Q+2mDSYRKs1oaBce8T116+5HQbuSDKShNhojP6SfB2Vi8q++ZKqnxRvJppa2v2 g2ugyIrxEbxoVZZSFVxD6x505ZDUMNY9o87jafYUGxk702o70C/lxnQjmTW3c5RKhWPJ LRfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CPgRE7MN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j23si4390428eja.393.2019.11.08.11.05.26; Fri, 08 Nov 2019 11:05:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CPgRE7MN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387807AbfKHTCw (ORCPT + 99 others); Fri, 8 Nov 2019 14:02:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:60644 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731744AbfKHTCv (ORCPT ); Fri, 8 Nov 2019 14:02:51 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6490D218AE; Fri, 8 Nov 2019 19:02:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573239769; bh=wBdRuMXM5RgHs1nX//tDyoK5MRAxk45cNXVYJBO2Urc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CPgRE7MN1v3qUd66pB+kzBs91ToF05b8j4DMKruFWwzofFPGLesJ+ZV18/kPS+XRg JWklLAK8JshgXc6QAKSv5G+ElLhfcovT3z24i617/WPoAsp5gNZz2FWQomyMveJqnJ uwrHCcRhX42/FrliDE5g238qOXWIFZwP17NoW00g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , syzbot , "David S. Miller" Subject: [PATCH 4.19 55/79] udp: use skb_queue_empty_lockless() Date: Fri, 8 Nov 2019 19:50:35 +0100 Message-Id: <20191108174819.059758912@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191108174745.495640141@linuxfoundation.org> References: <20191108174745.495640141@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Dumazet [ Upstream commit 137a0dbe3426fd7bcfe3f8117b36a87b3590e4eb ] syzbot reported a data-race [1]. We should use skb_queue_empty_lockless() to document that we are not ensuring a mutual exclusion and silence KCSAN. [1] BUG: KCSAN: data-race in __skb_recv_udp / __udp_enqueue_schedule_skb write to 0xffff888122474b50 of 8 bytes by interrupt on cpu 0: __skb_insert include/linux/skbuff.h:1852 [inline] __skb_queue_before include/linux/skbuff.h:1958 [inline] __skb_queue_tail include/linux/skbuff.h:1991 [inline] __udp_enqueue_schedule_skb+0x2c1/0x410 net/ipv4/udp.c:1470 __udp_queue_rcv_skb net/ipv4/udp.c:1940 [inline] udp_queue_rcv_one_skb+0x7bd/0xc70 net/ipv4/udp.c:2057 udp_queue_rcv_skb+0xb5/0x400 net/ipv4/udp.c:2074 udp_unicast_rcv_skb.isra.0+0x7e/0x1c0 net/ipv4/udp.c:2233 __udp4_lib_rcv+0xa44/0x17c0 net/ipv4/udp.c:2300 udp_rcv+0x2b/0x40 net/ipv4/udp.c:2470 ip_protocol_deliver_rcu+0x4d/0x420 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x110/0x140 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_local_deliver+0x133/0x210 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish+0x121/0x160 net/ipv4/ip_input.c:413 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_rcv+0x18f/0x1a0 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124 process_backlog+0x1d3/0x420 net/core/dev.c:5955 read to 0xffff888122474b50 of 8 bytes by task 8921 on cpu 1: skb_queue_empty include/linux/skbuff.h:1494 [inline] __skb_recv_udp+0x18d/0x500 net/ipv4/udp.c:1653 udp_recvmsg+0xe1/0xb10 net/ipv4/udp.c:1712 inet_recvmsg+0xbb/0x250 net/ipv4/af_inet.c:838 sock_recvmsg_nosec+0x5c/0x70 net/socket.c:871 ___sys_recvmsg+0x1a0/0x3e0 net/socket.c:2480 do_recvmmsg+0x19a/0x5c0 net/socket.c:2601 __sys_recvmmsg+0x1ef/0x200 net/socket.c:2680 __do_sys_recvmmsg net/socket.c:2703 [inline] __se_sys_recvmmsg net/socket.c:2696 [inline] __x64_sys_recvmmsg+0x89/0xb0 net/socket.c:2696 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 8921 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/udp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1542,7 +1542,7 @@ static int first_packet_length(struct so spin_lock_bh(&rcvq->lock); skb = __first_packet_length(sk, rcvq, &total); - if (!skb && !skb_queue_empty(sk_queue)) { + if (!skb && !skb_queue_empty_lockless(sk_queue)) { spin_lock(&sk_queue->lock); skb_queue_splice_tail_init(sk_queue, rcvq); spin_unlock(&sk_queue->lock); @@ -1617,7 +1617,7 @@ struct sk_buff *__skb_recv_udp(struct so return skb; } - if (skb_queue_empty(sk_queue)) { + if (skb_queue_empty_lockless(sk_queue)) { spin_unlock_bh(&queue->lock); goto busy_check; } @@ -1644,7 +1644,7 @@ busy_check: break; sk_busy_loop(sk, flags & MSG_DONTWAIT); - } while (!skb_queue_empty(sk_queue)); + } while (!skb_queue_empty_lockless(sk_queue)); /* sk_queue is empty, reader_queue may contain peeked packets */ } while (timeo &&