TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41d2e3be0f
twx-linux/net/core
History
Eric Dumazet ad91a2dacb net: restrict SO_REUSEPORT to inet sockets 
[ Upstream commit 5b0af621c3f6ef9261cf6067812f2fd9943acb4b ]

After blamed commit, crypto sockets could accidentally be destroyed
from RCU call back, as spotted by zyzbot [1].

Trying to acquire a mutex in RCU callback is not allowed.

Restrict SO_REUSEPORT socket option to inet sockets.

v1 of this patch supported TCP, UDP and SCTP sockets,
but fcnal-test.sh test needed RAW and ICMP support.

[1]
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1
preempt_count: 100, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by ksoftirqd/1/24:
  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
Preemption disabled at:
 [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline]
 [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537
CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
  __dump_stack lib/dump_stack.c:94 [inline]
  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
  __might_resched+0x5d4/0x780 kernel/sched/core.c:8758
  __mutex_lock_common kernel/locking/mutex.c:562 [inline]
  __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735
  crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
  aead_release+0x3d/0x50 crypto/algif_aead.c:489
  alg_do_release crypto/af_alg.c:118 [inline]
  alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
  __sk_destruct+0x58/0x5f0 net/core/sock.c:2260
  rcu_do_batch kernel/rcu/tree.c:2567 [inline]
  rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
  handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
  run_ksoftirqd+0xca/0x130 kernel/softirq.c:950
  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
  kthread+0x2f0/0x390 kernel/kthread.c:389
  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Fixes: 8c7138b33e5c ("net: Unpublish sk from sk_reuseport_cb before call_rcu")
Reported-by: syzbot+b3e02953598f447d4d2a@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6772f2f4.050a0220.2f3838.04cb.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20241231160527.3994168-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-01-09 13:32:02 +01:00
..
bpf_sk_storage.c
datagram.c net: fix rc7's __skb_datagram_iter() 2024-07-18 13:21:13 +02:00
dev_addr_lists_test.c
dev_addr_lists.c
dev_ioctl.c
dev.c net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets 2025-01-09 13:32:02 +01:00
dev.h net: fix removing a namespace with conflicting altnames 2024-01-31 16:19:01 -08:00
drop_monitor.c drop_monitor: replace spin_lock by raw_spin_lock 2024-06-27 13:49:01 +02:00
dst_cache.c ipv6: introduce dst_rt6_info() helper 2024-12-14 19:59:35 +01:00
dst.c net: do not delay dst_entries_add() in dst_release() 2024-10-17 15:24:28 +02:00
failover.c
fib_notifier.c
fib_rules.c
filter.c bpf: Check negative offsets in __bpf_skb_min_len() 2025-01-02 10:32:00 +01:00
flow_dissector.c net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE 2024-08-03 08:54:05 +02:00
flow_offload.c
gen_estimator.c net: use unrcu_pointer() helper 2024-12-09 10:32:10 +01:00
gen_stats.c
gro_cells.c
gro.c net: Add netif_get_gro_max_size helper for GRO 2024-10-10 11:57:16 +02:00
gso.c
hwbm.c
link_watch.c net: avoid potential UAF in default_operstate() 2024-12-14 19:59:40 +01:00
lwt_bpf.c lwt: Fix return values of BPF xmit ops 2023-08-18 16:05:26 +02:00
lwtunnel.c
Makefile
neighbour.c net/neighbor: clear error in case strict check is not set 2024-12-14 20:00:09 +01:00
net_namespace.c net: defer final 'struct net' free in netns dismantle 2024-12-19 18:11:28 +01:00
net-procfs.c
net-sysfs.c ethtool: check device is present when getting link settings 2024-09-04 13:28:26 +02:00
net-sysfs.h
net-traces.c
netclassid_cgroup.c
netdev-genl-gen.c
netdev-genl-gen.h
netdev-genl.c
netevent.c
netpoll.c netpoll: Use rcu_access_pointer() in __netpoll_setup 2024-12-14 20:00:10 +01:00
netprio_cgroup.c
of_net.c
page_pool.c net: page_pool: add missing free_percpu when page_pool_init fail 2023-11-20 11:59:34 +01:00
pktgen.c kthread: add kthread_stop_put 2024-06-12 11:12:52 +02:00
ptp_classifier.c
request_sock.c tcp: make sure init the accept_queue's spinlocks once 2024-01-31 16:19:00 -08:00
rtnetlink.c net: fix crash when config small gso_max_size/gso_ipv4_max_size 2024-11-08 16:28:18 +01:00
scm.c io_uring/unix: drop usage of io_uring socket 2024-03-26 18:19:09 -04:00
secure_seq.c
selftests.c
skbuff.c net: core: reject skb_copy(_expand) for fraglist GSO skbs 2024-05-17 12:02:06 +02:00
skmsg.c tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection 2025-01-02 10:32:00 +01:00
sock_destructor.h
sock_diag.c net: use unrcu_pointer() helper 2024-12-09 10:32:10 +01:00
sock_map.c bpf, sockmap: Fix update element with same 2024-12-19 18:11:25 +01:00
sock_reuseport.c
sock.c net: restrict SO_REUSEPORT to inet sockets 2025-01-09 13:32:02 +01:00
stream.c net: Return error from sk_stream_wait_connect() if sk_wait_event() fails 2024-01-01 12:42:30 +00:00
sysctl_net_core.c net: make SK_MEMORY_PCPU_RESERV tunable 2024-05-02 16:32:36 +02:00
timestamping.c
tso.c
utils.c
xdp.c xdp: fix invalid wait context of page_pool_destroy() 2024-08-03 08:53:44 +02:00