Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1928536ybl; Tue, 3 Dec 2019 15:10:03 -0800 (PST) X-Google-Smtp-Source: APXvYqx/CcFXsoNN4h/CtPGqRMy86Wq6eSYbd4wC3HvFJg/709xBJ+BfIedUH5Qgdi4i27hjvYel X-Received: by 2002:a05:6808:258:: with SMTP id m24mr70744oie.101.1575414603761; Tue, 03 Dec 2019 15:10:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575414603; cv=none; d=google.com; s=arc-20160816; b=Dy5MOTIF24gkuMa7z0vClGVTgJ894Hi0HyyOBmCbX20AYSfO7wQe/LADbFZPdChGuq ZAUbSJeCESSK82rqXg3VACNDyeMQHVYuam0dBukkt7DiC3ap5vVfPZLdxzY9K3zTYjkB v3oyizA3N3QW4hYX5g3x2O2ZT/7AAx52YF9mSvrmNt04dGJSd2aHi4xD/nzpKF17QJnf Vx/S5UmIQrRb+uop5hiiJVN9ah3U4gi9DMhjUGlndximuLbcuX+dgBVBZHeHXb0vwvsE 1IXCvLfC3XBcVop4ySZCRpByB2OBqOwtfhsHelYEN7XT8xoA1JuFa09gjOdNqPVwIVnV PEWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Cqdn+ZRoxgP0HI47BG61vc75noPCZIAERatGU3d2Wkw=; b=IeFOKMVRig9IzuNKf0DZikxGM0Oi0LPZ7W/fWflKRzfX6/UDiWXWhr0UBi/8vg++3l AREpFzdWDmg4p1he4EN+q5uNx3QGzNnj92zsNildtlTiiUGSlZTIs2/U/v9rhWsbx+eM IeriOWVE8WAGtPLKgq0Xeyj6TbF7LD/3qzotJVR5X+xxdd6aVFXwpfpV+JpjohIkx/i9 ynCnVPWLbM9DWua1KxZyaG74Ei6LtiMQblPRGBd8gUJfooG+2sJI9Hx3PcByO1m+50f2 mmNSuZAqAHdJR3Is/akucEbjYKbF7Tvn9qXdLrwiTg/MlQaTmz5qnlK9OiTewG9FGiBm xuEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VjVBN+fd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w65si2246620oig.149.2019.12.03.15.09.51; Tue, 03 Dec 2019 15:10:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VjVBN+fd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728798AbfLCWo0 (ORCPT + 99 others); Tue, 3 Dec 2019 17:44:26 -0500 Received: from mail.kernel.org ([198.145.29.99]:60354 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727883AbfLCWoZ (ORCPT ); Tue, 3 Dec 2019 17:44:25 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 33C0C20803; Tue, 3 Dec 2019 22:44:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1575413063; bh=0zXPUIf9Rf5yHaATyC1GslscThVCO1PZ9HvWuVX6T0g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VjVBN+fdUKzoo4LVh+NL8nwg11nJ+HL1Ms0Mn0dkv7nIa7/40g79Ql4Kwb3wDF8Wq IyNN7VthgXvSGqsrcu5ocx/lj6NSbOCmycHc0krSVpANFGJO1Ms9EPLicc6sRKTw9J HjwvMmM+w3ZhQ2bzFV1X/FFuRQ4cxXuNNf2GkN/U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+e3b35fe7918ff0ee474e@syzkaller.appspotmail.com, Xin Long , Marcelo Ricardo Leitner , Jakub Kicinski Subject: [PATCH 5.3 119/135] sctp: cache netns in sctp_ep_common Date: Tue, 3 Dec 2019 23:35:59 +0100 Message-Id: <20191203213043.772105510@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191203213005.828543156@linuxfoundation.org> References: <20191203213005.828543156@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xin Long [ Upstream commit 312434617cb16be5166316cf9d08ba760b1042a1 ] This patch is to fix a data-race reported by syzbot: BUG: KCSAN: data-race in sctp_assoc_migrate / sctp_hash_obj write to 0xffff8880b67c0020 of 8 bytes by task 18908 on cpu 1: sctp_assoc_migrate+0x1a6/0x290 net/sctp/associola.c:1091 sctp_sock_migrate+0x8aa/0x9b0 net/sctp/socket.c:9465 sctp_accept+0x3c8/0x470 net/sctp/socket.c:4916 inet_accept+0x7f/0x360 net/ipv4/af_inet.c:734 __sys_accept4+0x224/0x430 net/socket.c:1754 __do_sys_accept net/socket.c:1795 [inline] __se_sys_accept net/socket.c:1792 [inline] __x64_sys_accept+0x4e/0x60 net/socket.c:1792 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 read to 0xffff8880b67c0020 of 8 bytes by task 12003 on cpu 0: sctp_hash_obj+0x4f/0x2d0 net/sctp/input.c:894 rht_key_get_hash include/linux/rhashtable.h:133 [inline] rht_key_hashfn include/linux/rhashtable.h:159 [inline] rht_head_hashfn include/linux/rhashtable.h:174 [inline] head_hashfn lib/rhashtable.c:41 [inline] rhashtable_rehash_one lib/rhashtable.c:245 [inline] rhashtable_rehash_chain lib/rhashtable.c:276 [inline] rhashtable_rehash_table lib/rhashtable.c:316 [inline] rht_deferred_worker+0x468/0xab0 lib/rhashtable.c:420 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269 worker_thread+0xa0/0x800 kernel/workqueue.c:2415 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 It was caused by rhashtable access asoc->base.sk when sctp_assoc_migrate is changing its value. However, what rhashtable wants is netns from asoc base.sk, and for an asoc, its netns won't change once set. So we can simply fix it by caching netns since created. Fixes: d6c0256a60e6 ("sctp: add the rhashtable apis for sctp global transport hashtable") Reported-by: syzbot+e3b35fe7918ff0ee474e@syzkaller.appspotmail.com Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- include/net/sctp/structs.h | 3 +++ net/sctp/associola.c | 1 + net/sctp/endpointola.c | 1 + net/sctp/input.c | 4 ++-- 4 files changed, 7 insertions(+), 2 deletions(-) --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -1239,6 +1239,9 @@ struct sctp_ep_common { /* What socket does this endpoint belong to? */ struct sock *sk; + /* Cache netns and it won't change once set */ + struct net *net; + /* This is where we receive inbound chunks. */ struct sctp_inq inqueue; --- a/net/sctp/associola.c +++ b/net/sctp/associola.c @@ -65,6 +65,7 @@ static struct sctp_association *sctp_ass /* Discarding const is appropriate here. */ asoc->ep = (struct sctp_endpoint *)ep; asoc->base.sk = (struct sock *)sk; + asoc->base.net = sock_net(sk); sctp_endpoint_hold(asoc->ep); sock_hold(asoc->base.sk); --- a/net/sctp/endpointola.c +++ b/net/sctp/endpointola.c @@ -152,6 +152,7 @@ static struct sctp_endpoint *sctp_endpoi /* Remember who we are attached to. */ ep->base.sk = sk; + ep->base.net = sock_net(sk); sock_hold(ep->base.sk); return ep; --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -876,7 +876,7 @@ static inline int sctp_hash_cmp(struct r if (!sctp_transport_hold(t)) return err; - if (!net_eq(sock_net(t->asoc->base.sk), x->net)) + if (!net_eq(t->asoc->base.net, x->net)) goto out; if (x->lport != htons(t->asoc->base.bind_addr.port)) goto out; @@ -891,7 +891,7 @@ static inline __u32 sctp_hash_obj(const { const struct sctp_transport *t = data; - return sctp_hashfn(sock_net(t->asoc->base.sk), + return sctp_hashfn(t->asoc->base.net, htons(t->asoc->base.bind_addr.port), &t->ipaddr, seed); }