Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb()

Potential race in ip4_datagram_release_cb · Alexey Preobrazhensky <hidden> · 2014-06-06
Re: Potential race in ip4_datagram_release_cb · Eric Dumazet <hidden> · 2014-06-06
Re: Potential race in ip4_datagram_release_cb · Alexei Starovoitov <hidden> · 2014-06-06
Re: Potential race in ip4_datagram_release_cb · Eric Dumazet <hidden> · 2014-06-06
Re: Potential race in ip4_datagram_release_cb · Alexei Starovoitov <hidden> · 2014-06-06
Re: Potential race in ip4_datagram_release_cb · Eric Dumazet <hidden> · 2014-06-06
Re: Potential race in ip4_datagram_release_cb · Alexei Starovoitov <hidden> · 2014-06-06
[PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-10
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-12
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-12
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-12
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-22
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-23
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-23
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Dmitry Vyukov <dvyukov@google.com> · 2014-06-23
[PATCH net] ipv4: fix dst race in sk_dst_get() · Eric Dumazet <hidden> · 2014-06-24
Re: [PATCH net] ipv4: fix dst race in sk_dst_get() · David Miller <davem@davemloft.net> · 2014-06-26
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Kostya Serebryany <hidden> · 2014-06-11
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-29
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-30
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-06-30
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-06-30
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-07-08
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · Eric Dumazet <hidden> · 2014-07-08
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-07-08
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-07-16
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · dormando <hidden> · 2014-07-25
[PATCH] ipv4: irq safe sk_dst_[re]set() and ipv4_sk_update_pmtu() fix · Eric Dumazet <hidden> · 2014-06-30
Re: [PATCH] ipv4: irq safe sk_dst_[re]set() and ipv4_sk_update_pmtu() fix · David Miller <davem@davemloft.net> · 2014-07-01
Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() · David Miller <davem@davemloft.net> · 2014-06-11

From: David Miller <davem@davemloft.net>
Date: 2014-06-11 22:39:55

From: Eric Dumazet <redacted>
Date: Tue, 10 Jun 2014 06:43:01 -0700

From: Eric Dumazet <edumazet@google.com>

Alexey gave a AddressSanitizer[1] report that finally gave a good hint
at where was the origin of various problems already reported by Dormando
in the past [2]

Problem comes from the fact that UDP can have a lockless TX path, and
concurrent threads can manipulate sk_dst_cache, while another thread,
is holding socket lock and calls __sk_dst_set() in
ip4_datagram_release_cb() (this was added in linux-3.8)

It seems that all we need to do is to use sk_dst_check() and
sk_dst_set() so that all the writers hold same spinlock
(sk->sk_dst_lock) to prevent corruptions.

TCP stack do not need this protection, as all sk_dst_cache writers hold
the socket lock.

[1]
https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel

...

Reported-by: Alexey Preobrazhensky <redacted>
Reported-by: dormando <redacted>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: 8141ed9fcedb2 ("ipv4: Add a socket release callback for datagram sockets")

Applied and queued up for -stable.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help