Qian Cai 86b18aaa2b skbuff: fix a data race in skb_queue_len() ... sk_buff.qlen can be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in __skb_try_recv_from_queue / unix_dgram_sendmsg read to 0xffff8a1b1d8a81c0 of 4 bytes by task 5371 on cpu 96: unix_dgram_sendmsg+0x9a9/0xb70 include/linux/skbuff.h:1821 net/unix/af_unix.c:1761 ____sys_sendmsg+0x33e/0x370 ___sys_sendmsg+0xa6/0xf0 __sys_sendmsg+0x69/0xf0 __x64_sys_sendmsg+0x51/0x70 do_syscall_64+0x91/0xb47 entry_SYSCALL_64_after_hwframe+0x49/0xbe write to 0xffff8a1b1d8a81c0 of 4 bytes by task 1 on cpu 99: __skb_try_recv_from_queue+0x327/0x410 include/linux/skbuff.h:2029 __skb_try_recv_datagram+0xbe/0x220 unix_dgram_recvmsg+0xee/0x850 ____sys_recvmsg+0x1fb/0x210 ___sys_recvmsg+0xa2/0xf0 __sys_recvmsg+0x66/0xf0 __x64_sys_recvmsg+0x51/0x70 do_syscall_64+0x91/0xb47 entry_SYSCALL_64_after_hwframe+0x49/0xbe Since only the read is operating as lockless, it could introduce a logic bug in unix_recvq_full() due to the load tearing. Fix it by adding a lockless variant of skb_queue_len() and unix_recvq_full() where READ_ONCE() is on the read while WRITE_ONCE() is on the write similar to the commit d7d16a8935 ("net: add skb_queue_empty_lockless()"). Signed-off-by: Qian Cai <cai@lca.pw> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-02-06 13:59:10 +01:00
..
6lowpan
9p
802
8021q
appletalk
atm	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
ax25
batman-adv	Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net	2020-01-19 22:10:04 +01:00
bluetooth	Bluetooth: Fix race condition in hci_release_sock()	2020-01-26 10:34:17 +02:00
bpf
bpfilter
bridge	net: bridge: vlan: add per-vlan state	2020-01-24 12:58:14 +01:00
caif	caif_usb: fix spelling mistake "to" -> "too"	2020-01-24 08:12:06 +01:00
can
ceph
core	devlink: report 0 after hitting end in region read	2020-02-05 14:23:20 +01:00
dcb
dccp
decnet
dns_resolver
dsa	net: dsa: Fix use-after-free in probing of DSA switch tree	2020-01-27 11:12:46 +01:00
ethernet	net: remove eth_change_mtu	2020-01-27 11:09:31 +01:00
ethtool	net/core: Replace driver version to be kernel version	2020-01-27 13:47:22 +01:00
hsr	net: hsr: fix possible NULL deref in hsr_handle_frame()	2020-02-04 09:27:07 +01:00
ieee802154
ife
ipv4	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-02-04 13:32:20 +00:00
ipv6	mptcp: Fix undefined mptcp_handle_ipv6_mapped for modular IPV6	2020-01-30 10:55:54 +01:00
iucv
kcm
key
l2tp	l2tp: Allow duplicate session creation with UDP	2020-02-04 12:35:49 +01:00
l3mdev
lapb
llc
mac80211	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-01-28 16:02:33 -08:00
mac802154
mpls
mptcp	mptcp: fix use-after-free for ipv6	2020-02-06 11:25:09 +01:00
ncsi
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-02-04 13:32:20 +00:00
netlabel
netlink
netrom
nfc
nsh
openvswitch
packet	y2038: core, driver and file system changes	2020-01-29 14:55:47 -08:00
phonet
psample
qrtr
rds	net/rds: Use prefetch for On-Demand-Paging MR	2020-01-18 11:48:19 +02:00
rfkill
rose	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-26 10:40:21 +01:00
rxrpc	rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect	2020-02-03 10:25:30 +00:00
sched	net_sched: fix a resource leak in tcindex_set_parms()	2020-02-05 14:11:57 +01:00
sctp
smc	net/smc: allow unprivileged users to read pnet table	2020-01-21 11:39:56 +01:00
strparser
sunrpc	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
switchdev
tipc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-01-28 16:02:33 -08:00
tls	Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net	2020-01-19 22:10:04 +01:00
unix	skbuff: fix a data race in skb_queue_len()	2020-02-06 13:59:10 +01:00
vmw_vsock	Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net	2020-01-19 22:10:04 +01:00
wimax
wireless	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-01-28 16:02:33 -08:00
x25
xdp	mm, tree-wide: rename put_user_page*() to unpin_user_page*()	2020-01-31 10:30:38 -08:00
xfrm	treewide: remove redundant IS_ERR() before error code check	2020-02-04 03:05:27 +00:00
compat.c
Kconfig	mptcp: Add MPTCP socket stubs	2020-01-24 13:44:07 +01:00
Makefile	mptcp: Add MPTCP socket stubs	2020-01-24 13:44:07 +01:00
socket.c
sysctl_net.c