mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc6962f2dbaf1676c8cbb8b04522f26a186bf416
rockchip-kernel/net/core
History
Eric Dumazet ad91a2dacb net: restrict SO_REUSEPORT to inet sockets 
[ Upstream commit 5b0af621c3f6ef9261cf6067812f2fd9943acb4b ]

After blamed commit, crypto sockets could accidentally be destroyed
from RCU call back, as spotted by zyzbot [1].

Trying to acquire a mutex in RCU callback is not allowed.

Restrict SO_REUSEPORT socket option to inet sockets.

v1 of this patch supported TCP, UDP and SCTP sockets,
but fcnal-test.sh test needed RAW and ICMP support.

[1]
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1
preempt_count: 100, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by ksoftirqd/1/24:
  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
Preemption disabled at:
 [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline]
 [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537
CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
  __dump_stack lib/dump_stack.c:94 [inline]
  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
  __might_resched+0x5d4/0x780 kernel/sched/core.c:8758
  __mutex_lock_common kernel/locking/mutex.c:562 [inline]
  __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735
  crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
  aead_release+0x3d/0x50 crypto/algif_aead.c:489
  alg_do_release crypto/af_alg.c:118 [inline]
  alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
  __sk_destruct+0x58/0x5f0 net/core/sock.c:2260
  rcu_do_batch kernel/rcu/tree.c:2567 [inline]
  rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
  handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
  run_ksoftirqd+0xca/0x130 kernel/softirq.c:950
  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
  kthread+0x2f0/0x390 kernel/kthread.c:389
  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Fixes: 8c7138b33e ("net: Unpublish sk from sk_reuseport_cb before call_rcu")
Reported-by: syzbot+b3e02953598f447d4d2a@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6772f2f4.050a0220.2f3838.04cb.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20241231160527.3994168-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-01-09 13:32:02 +01:00
..
bpf_sk_storage.c
bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
2023-07-27 10:07:56 -07:00
datagram.c
net: fix rc7's __skb_datagram_iter()
2024-07-18 13:21:13 +02:00
dev_addr_lists_test.c
kunit: Use KUNIT_EXPECT_MEMEQ macro
2022-10-27 02:40:14 -06:00
dev_addr_lists.c
net: extract a few internals from netdevice.h
2022-04-07 20:32:09 -07:00
dev_ioctl.c
net: omit ndo_hwtstamp_get() call when possible in dev_set_hwtstamp_phylib()
2023-08-06 13:25:10 +01:00
dev.c
net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
2025-01-09 13:32:02 +01:00
dev.h
net: fix removing a namespace with conflicting altnames
2024-01-31 16:19:01 -08:00
drop_monitor.c
drop_monitor: replace spin_lock by raw_spin_lock
2024-06-27 13:49:01 +02:00
dst_cache.c
ipv6: introduce dst_rt6_info() helper
2024-12-14 19:59:35 +01:00
dst.c
net: do not delay dst_entries_add() in dst_release()
2024-10-17 15:24:28 +02:00
failover.c
net: failover: use IFF_NO_ADDRCONF flag to prevent ipv6 addrconf
2022-12-12 15:18:25 -08:00
fib_notifier.c
fib_rules.c
fib: expand fib_rule_policy
2021-12-16 07:18:35 -08:00
filter.c
bpf: Check negative offsets in __bpf_skb_min_len()
2025-01-02 10:32:00 +01:00
flow_dissector.c
net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
2024-08-03 08:54:05 +02:00
flow_offload.c
tc: flower: Enable offload support IPSEC SPI field.
2023-08-02 10:09:32 +01:00
gen_estimator.c
net: use unrcu_pointer() helper
2024-12-09 10:32:10 +01:00
gen_stats.c
net: Remove the obsolte u64_stats_fetch_*_irq() users (net).
2022-10-28 20:13:54 -07:00
gro_cells.c
net: drop the weight argument from netif_napi_add
2022-09-28 18:57:14 -07:00
gro.c
net: Add netif_get_gro_max_size helper for GRO
2024-10-10 11:57:16 +02:00
gso.c
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
hwbm.c
link_watch.c
net: avoid potential UAF in default_operstate()
2024-12-14 19:59:40 +01:00
lwt_bpf.c
lwt: Fix return values of BPF xmit ops
2023-08-18 16:05:26 +02:00
lwtunnel.c
xfrm: lwtunnel: squelch kernel warning in case XFRM encap type is not available
2022-10-12 10:45:51 +02:00
Makefile
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
neighbour.c
net/neighbor: clear error in case strict check is not set
2024-12-14 20:00:09 +01:00
net_namespace.c
net: defer final 'struct net' free in netns dismantle
2024-12-19 18:11:28 +01:00
net-procfs.c
net-sysfs: display two backlog queue len separately
2023-03-22 12:03:52 +01:00
net-sysfs.c
ethtool: check device is present when getting link settings
2024-09-04 13:28:26 +02:00
net-sysfs.h
net-traces.c
udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint
2023-07-07 09:16:52 +01:00
netclassid_cgroup.c
core: Variable type completion
2022-08-31 09:40:34 +01:00
netdev-genl-gen.c
net: ynl: prefix uAPI header include with uapi/
2023-05-26 10:30:14 +01:00
netdev-genl-gen.h
net: ynl: prefix uAPI header include with uapi/
2023-05-26 10:30:14 +01:00
netdev-genl.c
netdev-genl: use struct genl_info for reply construction
2023-08-15 15:01:03 -07:00
netevent.c
netpoll.c
netpoll: Use rcu_access_pointer() in __netpoll_setup
2024-12-14 20:00:10 +01:00
netprio_cgroup.c
of_net.c
net: Explicitly include correct DT includes
2023-07-27 20:33:16 -07:00
page_pool.c
net: page_pool: add missing free_percpu when page_pool_init fail
2023-11-20 11:59:34 +01:00
pktgen.c
kthread: add kthread_stop_put
2024-06-12 11:12:52 +02:00
ptp_classifier.c
ptp: Add generic PTP is_sync() function
2022-03-07 11:31:34 +00:00
request_sock.c
tcp: make sure init the accept_queue's spinlocks once
2024-01-31 16:19:00 -08:00
rtnetlink.c
net: fix crash when config small gso_max_size/gso_ipv4_max_size
2024-11-08 16:28:18 +01:00
scm.c
io_uring/unix: drop usage of io_uring socket
2024-03-26 18:19:09 -04:00
secure_seq.c
tcp: Fix data-races around sysctl knobs related to SYN option.
2022-07-20 10:14:49 +01:00
selftests.c
net: core: constify mac addrs in selftests
2021-10-24 13:59:44 +01:00
skbuff.c
net: core: reject skb_copy(_expand) for fraglist GSO skbs
2024-05-17 12:02:06 +02:00
skmsg.c
tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
2025-01-02 10:32:00 +01:00
sock_destructor.h
sock_diag.c
net: use unrcu_pointer() helper
2024-12-09 10:32:10 +01:00
sock_map.c
bpf, sockmap: Fix update element with same
2024-12-19 18:11:25 +01:00
sock_reuseport.c
soreuseport: Fix socket selection for SO_INCOMING_CPU.
2022-10-25 11:35:16 +02:00
sock.c
net: restrict SO_REUSEPORT to inet sockets
2025-01-09 13:32:02 +01:00
stream.c
net: Return error from sk_stream_wait_connect() if sk_wait_event() fails
2024-01-01 12:42:30 +00:00
sysctl_net_core.c
net: make SK_MEMORY_PCPU_RESERV tunable
2024-05-02 16:32:36 +02:00
timestamping.c
tso.c
net: tso: inline tso_count_descs()
2022-12-12 15:04:39 -08:00
utils.c
net: core: inet[46]_pton strlen len types
2022-11-01 21:14:39 -07:00
xdp.c
xdp: fix invalid wait context of page_pool_destroy()
2024-08-03 08:53:44 +02:00