From patchwork Mon Aug 26 06:10:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1152943 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="n7ol3gsf"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46H1px5yxgz9sMr for ; Mon, 26 Aug 2019 16:11:21 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729350AbfHZGLV (ORCPT ); Mon, 26 Aug 2019 02:11:21 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:40505 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729348AbfHZGLV (ORCPT ); Mon, 26 Aug 2019 02:11:21 -0400 Received: by mail-pf1-f193.google.com with SMTP id w16so11091070pfn.7; Sun, 25 Aug 2019 23:11:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=brzyMJQEtSFOlIzSlYHmlx1qPiPRfraKFBoTUSQ5qVQ=; b=n7ol3gsfiohlI1FScybVRGDTue1g+Ikn7EjblmPNIveow6Xy31i6wKUjsz+mfuUiky k0rlNx4cdzbjPD3IdYMfrTW8EyXuk9QETcQDmHBJAKbkVIhrLr1x5m9gb2VNeqr5Jujm LX0fYrIfbiwOLxZdwfZawRA4F77hjA4NdGGGTtMjtiI7xU2U93YFAFoU1GAOfz4Oldj0 ZsojSiC8BJmrT/pxJcf0P8lu2EnIoN4pvx7ltceW3VCETwStrmyA6UDparAU9BKZa4tI +wk8gBtds9lEnatC/AdETWBu+SjQCyGrwFBlQErINVntYRLRDqkmwhG1H4vDm15jckWr 3pwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=brzyMJQEtSFOlIzSlYHmlx1qPiPRfraKFBoTUSQ5qVQ=; b=gf+1LgikoLpPISVJ+8CnBQVYyaydChSe14HQiP0AKBiauzVqyNi8arZYcsj6MKQaSs KFL5n3ufwr8DuDBsrNBK6ykxBDOOvQFEBY/PMKV99U2rxxzMSdKOZBDroHK7vD2KTUem VpOe1ra2oOMvi+uDP9j5Z12PQg1B4zrkgjMs0B3rRWNo49Ee19p8TKZQaPpGrOxIiCmQ A4UtKZQPZrWPDxKeQ1wEh4qr4GKp5IPC9VjyMH8esGr+Y/6jwMzAafQTcIEpLw61bzk5 Ys39P/n0Bloxy0pQMjqJRRTQOOHkVit+FFOXPQVQBbY7bx/Zzw2Kzw4891CLqRh5kLJ9 uddA== X-Gm-Message-State: APjAAAV2xB9bL4uH5Iapru1C1MoQhDEOCSSDB2qngqU029Et8wimd4gP nsWXZqFV2nKpUy9C99x52bM= X-Google-Smtp-Source: APXvYqx5JPVlgeMaKavxNyIJ4ZN38gQeIKtMPhMaVZrOl8HQmaqDsrEvUBLI3ALWdgSyTz6zkH4mwA== X-Received: by 2002:a17:90a:eb05:: with SMTP id j5mr18461277pjz.102.1566799880636; Sun, 25 Aug 2019 23:11:20 -0700 (PDT) Received: from btopel-mobl.ger.intel.com ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id d2sm9567452pjs.21.2019.08.25.23.11.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Aug 2019 23:11:20 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v2 1/4] xsk: avoid store-tearing when assigning queues Date: Mon, 26 Aug 2019 08:10:50 +0200 Message-Id: <20190826061053.15996-2-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190826061053.15996-1-bjorn.topel@gmail.com> References: <20190826061053.15996-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: Björn Töpel Use WRITE_ONCE when doing the store of tx, rx, fq, and cq, to avoid potential store-tearing. These members are read outside of the control mutex in the mmap implementation. Acked-by: Jonathan Lemon Fixes: 37b076933a8e ("xsk: add missing write- and data-dependency barrier") Signed-off-by: Björn Töpel --- net/xdp/xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index ee4428a892fa..f3351013c2a5 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -409,7 +409,7 @@ static int xsk_init_queue(u32 entries, struct xsk_queue **queue, /* Make sure queue is ready before it can be seen by others */ smp_wmb(); - *queue = q; + WRITE_ONCE(*queue, q); return 0; } From patchwork Mon Aug 26 06:10:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1152945 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="uLkaz7Rq"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46H1q31Hc8z9sMr for ; Mon, 26 Aug 2019 16:11:27 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729380AbfHZGL0 (ORCPT ); Mon, 26 Aug 2019 02:11:26 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:38274 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729348AbfHZGL0 (ORCPT ); Mon, 26 Aug 2019 02:11:26 -0400 Received: by mail-pf1-f194.google.com with SMTP id o70so11095999pfg.5; Sun, 25 Aug 2019 23:11:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6hdTdPpF9Wg+T70R6ZHOrFu/emCNeLVTxxZFb2xfDQw=; b=uLkaz7RqAcxFxGVJFmeFmmgaYYvOWs5iJ1zbPwYyp4MOdebXjvcWKky6JWkgIkcI/R zaD+ErMX/tSJUacxRuNHl8C3aLrcys2EbUBVT82ARFNL3Vg6nVx4ydrUvpg7d2HGK0Sy dx1wNu3+LPBjLpB9nXdY3tDn6VO8U6gyVrsFETz/bAvfqKWqOW8yUx2KRbbePMNmsdb0 RtH3CIAAm3mZYl9c/oo8pLXoV3aKixsCrd7lC8DRqXKM+SdNencWK45dO+cL0Sms+TLW jDKA9sQErMxYzRuAUhnc6KnIPRhKpL78mkDYsQZeDhjv2Et43JS1GtzmgMbtUFqIA5F8 snHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6hdTdPpF9Wg+T70R6ZHOrFu/emCNeLVTxxZFb2xfDQw=; b=Xa0cNZqQMqsr7JmtFtBUIIhsQ2IaQmtpab1leyk2hEg3wGxcKfK+4RQ004AZgWbDx+ fkRzf0wPoJ3VpBDLNcBAKWhrxgIBPGvCljLK4GeT6NBVDZCYGywXUvrFuS+xb8Nbeh5w sfNhvTV/6x82Pdtjsp1fXfPQABcIxZ6EvwjFBPa0+g60JQqi6baPQGxS2HbPu0bbZ4sz XtxeNKW2m3kAtcThKcVeGlhAUw+4Sb5sxJbBx+JLk9v9rO1+dHxpFjWeVSS2jGYdFSMa EFH5jEKjlp/FBJ4uG74gI0b9lfR9lMSoERG4LAYPjGNUg2Tn6xwXVXskH0TO/2r8uQ14 EVWg== X-Gm-Message-State: APjAAAV0Nrb7ZtOBZUiagSSp/gAdPcN/MmKOTTdqaXz3ytXnHfXm9TZD tKFS3KYvAu4kGIROYkNMmKM= X-Google-Smtp-Source: APXvYqx//KsHBg5+gH6ZIGVGHslDHAE/q7Yk7Gcg5rj0KjkW/aa/YK1gM9/M+zSWctIoeuG9zjKBXA== X-Received: by 2002:a62:64d4:: with SMTP id y203mr18205660pfb.91.1566799885293; Sun, 25 Aug 2019 23:11:25 -0700 (PDT) Received: from btopel-mobl.ger.intel.com ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id d2sm9567452pjs.21.2019.08.25.23.11.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Aug 2019 23:11:24 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v2 2/4] xsk: add proper barriers and {READ, WRITE}_ONCE-correctness for state Date: Mon, 26 Aug 2019 08:10:51 +0200 Message-Id: <20190826061053.15996-3-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190826061053.15996-1-bjorn.topel@gmail.com> References: <20190826061053.15996-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Björn Töpel The state variable was read, and written outside the control mutex (struct xdp_sock, mutex), without proper barriers and {READ, WRITE}_ONCE correctness. In this commit this issue is addressed, and the state member is now used a point of synchronization whether the socket is setup correctly or not. This also fixes a race, found by syzcaller, in xsk_poll() where umem could be accessed when stale. Suggested-by: Hillf Danton Reported-by: syzbot+c82697e3043781e08802@syzkaller.appspotmail.com Fixes: 77cd0d7b3f25 ("xsk: add support for need_wakeup flag in AF_XDP rings") Signed-off-by: Björn Töpel Acked-by: Jonathan Lemon --- net/xdp/xsk.c | 57 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 17 deletions(-) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index f3351013c2a5..8fafa3ce3ae6 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -162,10 +162,23 @@ static int __xsk_rcv_zc(struct xdp_sock *xs, struct xdp_buff *xdp, u32 len) return err; } +static bool xsk_is_bound(struct xdp_sock *xs) +{ + if (READ_ONCE(xs->state) == XSK_BOUND) { + /* Matches smp_wmb() in bind(). */ + smp_rmb(); + return true; + } + return false; +} + int xsk_rcv(struct xdp_sock *xs, struct xdp_buff *xdp) { u32 len; + if (!xsk_is_bound(xs)) + return -EINVAL; + if (xs->dev != xdp->rxq->dev || xs->queue_id != xdp->rxq->queue_index) return -EINVAL; @@ -362,7 +375,7 @@ static int xsk_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len) struct sock *sk = sock->sk; struct xdp_sock *xs = xdp_sk(sk); - if (unlikely(!xs->dev)) + if (unlikely(!xsk_is_bound(xs))) return -ENXIO; if (unlikely(!(xs->dev->flags & IFF_UP))) return -ENETDOWN; @@ -378,10 +391,15 @@ static unsigned int xsk_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait) { unsigned int mask = datagram_poll(file, sock, wait); - struct sock *sk = sock->sk; - struct xdp_sock *xs = xdp_sk(sk); - struct net_device *dev = xs->dev; - struct xdp_umem *umem = xs->umem; + struct xdp_sock *xs = xdp_sk(sock->sk); + struct net_device *dev; + struct xdp_umem *umem; + + if (unlikely(!xsk_is_bound(xs))) + return mask; + + dev = xs->dev; + umem = xs->umem; if (umem->need_wakeup) dev->netdev_ops->ndo_xsk_wakeup(dev, xs->queue_id, @@ -417,10 +435,9 @@ static void xsk_unbind_dev(struct xdp_sock *xs) { struct net_device *dev = xs->dev; - if (!dev || xs->state != XSK_BOUND) + if (xs->state != XSK_BOUND) return; - - xs->state = XSK_UNBOUND; + WRITE_ONCE(xs->state, XSK_UNBOUND); /* Wait for driver to stop using the xdp socket. */ xdp_del_sk_umem(xs->umem, xs); @@ -495,7 +512,9 @@ static int xsk_release(struct socket *sock) local_bh_enable(); xsk_delete_from_maps(xs); + mutex_lock(&xs->mutex); xsk_unbind_dev(xs); + mutex_unlock(&xs->mutex); xskq_destroy(xs->rx); xskq_destroy(xs->tx); @@ -589,19 +608,18 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len) } umem_xs = xdp_sk(sock->sk); - if (!umem_xs->umem) { - /* No umem to inherit. */ + if (!xsk_is_bound(umem_xs)) { err = -EBADF; sockfd_put(sock); goto out_unlock; - } else if (umem_xs->dev != dev || umem_xs->queue_id != qid) { + } + if (umem_xs->dev != dev || umem_xs->queue_id != qid) { err = -EINVAL; sockfd_put(sock); goto out_unlock; } - xdp_get_umem(umem_xs->umem); - xs->umem = umem_xs->umem; + WRITE_ONCE(xs->umem, umem_xs->umem); sockfd_put(sock); } else if (!xs->umem || !xdp_umem_validate_queues(xs->umem)) { err = -EINVAL; @@ -626,10 +644,15 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len) xdp_add_sk_umem(xs->umem, xs); out_unlock: - if (err) + if (err) { dev_put(dev); - else - xs->state = XSK_BOUND; + } else { + /* Matches smp_rmb() in bind() for shared umem + * sockets, and xsk_is_bound(). + */ + smp_wmb(); + WRITE_ONCE(xs->state, XSK_BOUND); + } out_release: mutex_unlock(&xs->mutex); rtnl_unlock(); @@ -869,7 +892,7 @@ static int xsk_mmap(struct file *file, struct socket *sock, unsigned long pfn; struct page *qpg; - if (xs->state != XSK_READY) + if (READ_ONCE(xs->state) != XSK_READY) return -EBUSY; if (offset == XDP_PGOFF_RX_RING) { From patchwork Mon Aug 26 06:10:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1152947 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Em844pTp"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46H1q72TwJz9sN1 for ; Mon, 26 Aug 2019 16:11:31 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729385AbfHZGLb (ORCPT ); Mon, 26 Aug 2019 02:11:31 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:42660 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729348AbfHZGLa (ORCPT ); Mon, 26 Aug 2019 02:11:30 -0400 Received: by mail-pf1-f193.google.com with SMTP id i30so11081354pfk.9; Sun, 25 Aug 2019 23:11:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MXb24woiG3vysdnh2s/h7S9B75FkjdRNzF9eK8dEZkQ=; b=Em844pTpiX2dTIuGbxD5rHts6qiIuBWjFNpE63v90SbvL/nmEuOjCNW4RSSuO+7tHc 54aNcRRDilJtY3naKW5iXRlMoOuUzJ8O3xWVNSJvgdwfFACf/A6ADSpc/G3ouhNFZP6+ B6FeWFHMNsyk9x3MGvzop+vIRCec0TU3WJ19G7vzRdPXjNq97xQtNUj9seokb6d2ZgTX VAohEHVkZvz/OLwegWGwNRuGMHOzGzh13pLGZmgMFCZ1gJYdMAy9VdeJRlXPDC33gFxr Q/96FODxity/7nf8qtC4Pkng4m93fsg2DD/bFm3m3Cu0/+12yPeeGEN/pwDYCFQDY+gr 2x9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MXb24woiG3vysdnh2s/h7S9B75FkjdRNzF9eK8dEZkQ=; b=V5wN8kKSl1oyLFgJ5Q/JLjaF+//+De8plgqkVIVIO6Qt3ovSBWQdOMXWINbAoRf9zS 5NGlDRQ6gvyAt3iOXqCWrgDQxwFyOAhyIyNFvFGI7JcRwt46R7dWSMJIFN6+ouXjFLfg ljo5WrCbSkXKf6cu/xv0s45RP3064y75n1znCpgDbp62UfjRBi8o69Fpmpwk15aMPmJf 8XhKOcTEJGVuZZuqDeGpDbjuz+0mAAJMVdKWqDekxwHXJcrsR8p94Lloqqa+YCwCkxfE vwAtrIvAV7NKZ80tb53h8yUovNROha0xjnDfcLMvj80dkoVcop4YKqgeL0Wu0PlQ7xZb 1V8Q== X-Gm-Message-State: APjAAAUhIymgj8l6sqy4n8Akl8EqiSUVwEwuPLMzCKvNrO2k5q5I/r0k q6WGlSDFCwWxqN6gxY5UZVY= X-Google-Smtp-Source: APXvYqwWSpmSNI8hJ5viwyWNEVsstNYclKqJDblCk4pRLmfn1+UYo4DMOprkxnHkxFRjPS/UxAlTNA== X-Received: by 2002:a17:90a:a78b:: with SMTP id f11mr16676229pjq.16.1566799890173; Sun, 25 Aug 2019 23:11:30 -0700 (PDT) Received: from btopel-mobl.ger.intel.com ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id d2sm9567452pjs.21.2019.08.25.23.11.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Aug 2019 23:11:29 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v2 3/4] xsk: avoid store-tearing when assigning umem Date: Mon, 26 Aug 2019 08:10:52 +0200 Message-Id: <20190826061053.15996-4-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190826061053.15996-1-bjorn.topel@gmail.com> References: <20190826061053.15996-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: Björn Töpel The umem member of struct xdp_sock is read outside of the control mutex, in the mmap implementation, and needs a WRITE_ONCE to avoid potentional store-tearing. Acked-by: Jonathan Lemon Fixes: 423f38329d26 ("xsk: add umem fill queue support and mmap") Signed-off-by: Björn Töpel --- net/xdp/xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index 8fafa3ce3ae6..e3e99ee5631b 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -716,7 +716,7 @@ static int xsk_setsockopt(struct socket *sock, int level, int optname, /* Make sure umem is ready before it can be seen by others */ smp_wmb(); - xs->umem = umem; + WRITE_ONCE(xs->umem, umem); mutex_unlock(&xs->mutex); return 0; } From patchwork Mon Aug 26 06:10:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1152949 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Zb1nxp/G"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46H1qD0L7nz9sMr for ; Mon, 26 Aug 2019 16:11:36 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729400AbfHZGLf (ORCPT ); Mon, 26 Aug 2019 02:11:35 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:36646 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729401AbfHZGLf (ORCPT ); Mon, 26 Aug 2019 02:11:35 -0400 Received: by mail-pl1-f194.google.com with SMTP id f19so9481291plr.3; Sun, 25 Aug 2019 23:11:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SuPxf7vPZ6Wfti2MLSRAa3Lehd0GSwA37ANyIF77LOU=; b=Zb1nxp/GCbiYm9WzNsl/aGXiekKIksjhmNedAbh8EKojnV1zKHDI86tRwSHctswoJk V/eb4mp3MpoKDfcE18BK+SWI3R8iyCb2vGqgQnI9kcI+9zaY4gzLEa2L+6nULT+tim5L NMAS5AMKouF4X+JtwT7G54wq8Fy3FlmzVXIlmTWNhQXhBXfjPfe+iP5x7D+5kZHfk2Wu G8bvSGvNq04l7+xnZegOIz3tg7PKxtaFR74X1uXPx28DRQVAYz1SVkQXE/tV6+LwgV5f i2yR4+P4WAtxT9ZHS3t5hAxh9fhELLF4NOXW4HBgYTeJr5jkRnU8rzlc9RqVX/Qqkrbs s52A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SuPxf7vPZ6Wfti2MLSRAa3Lehd0GSwA37ANyIF77LOU=; b=UKaUG3Sc7yfI0KPu9OH3NlLJlAhIfEQz7g+38r4uApzOAFaaun+z05X8uTIS8qx1az 2gGC198/ZtM6Wau7kYAd1cGkaAVVfl6KteUhY2YekNZ9xdnqRhvDleh7VsgQxuCK/sFt Bm0hI/DygPQxfXRFzyb1adQytfVOMaquNedEz9HHkazoOANtul5g6xuOdeA+qGSOQKq1 DyZuU2I9We+JbRV7+23R2b5Mt6q7CGPGacl6zjcwIkBZxfJh+cvWlulmuOkqa3Eddb1F kfodxoClsyj4lXTU+MsMLsVqhDEinj5qBTbi4jbJNyjs87Aq89qpRz8haOiaW3jODoEB irFg== X-Gm-Message-State: APjAAAU6m75jIj4INtgHkRiGWa0zuT4eifrrIqxPMJXM9ksYDS8mrcz1 5rm3Jl2TIUDw3wAOvymf8Eo= X-Google-Smtp-Source: APXvYqwADWytIZ3mlDQpNOTwjD99VoCrat4RKVOpxY9Z4zAkaF87iunzQvSn8W1Z0XUHRE0CgSwlJg== X-Received: by 2002:a17:902:8f90:: with SMTP id z16mr5186468plo.138.1566799894900; Sun, 25 Aug 2019 23:11:34 -0700 (PDT) Received: from btopel-mobl.ger.intel.com ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id d2sm9567452pjs.21.2019.08.25.23.11.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Aug 2019 23:11:34 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v2 4/4] xsk: lock the control mutex in sock_diag interface Date: Mon, 26 Aug 2019 08:10:53 +0200 Message-Id: <20190826061053.15996-5-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190826061053.15996-1-bjorn.topel@gmail.com> References: <20190826061053.15996-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: Björn Töpel When accessing the members of an XDP socket, the control mutex should be held. This commit fixes that. Acked-by: Jonathan Lemon Fixes: a36b38aa2af6 ("xsk: add sock_diag interface for AF_XDP") Signed-off-by: Björn Töpel --- net/xdp/xsk_diag.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/xdp/xsk_diag.c b/net/xdp/xsk_diag.c index d5e06c8e0cbf..c8f4f11edbbc 100644 --- a/net/xdp/xsk_diag.c +++ b/net/xdp/xsk_diag.c @@ -97,6 +97,7 @@ static int xsk_diag_fill(struct sock *sk, struct sk_buff *nlskb, msg->xdiag_ino = sk_ino; sock_diag_save_cookie(sk, msg->xdiag_cookie); + mutex_lock(&xs->mutex); if ((req->xdiag_show & XDP_SHOW_INFO) && xsk_diag_put_info(xs, nlskb)) goto out_nlmsg_trim; @@ -117,10 +118,12 @@ static int xsk_diag_fill(struct sock *sk, struct sk_buff *nlskb, sock_diag_put_meminfo(sk, nlskb, XDP_DIAG_MEMINFO)) goto out_nlmsg_trim; + mutex_unlock(&xs->mutex); nlmsg_end(nlskb, nlh); return 0; out_nlmsg_trim: + mutex_unlock(&xs->mutex); nlmsg_cancel(nlskb, nlh); return -EMSGSIZE; }