linux-IllusionX

History

Eric Dumazet b3c9e65eb2 net: hsr: remove seqnr_lock syzbot found a new splat [1]. Instead of adding yet another spin_lock_bh(&hsr->seqnr_lock) / spin_unlock_bh(&hsr->seqnr_lock) pair, remove seqnr_lock and use atomic_t for hsr->sequence_nr and hsr->sup_sequence_nr. This also avoid a race in hsr_fill_info(). Also remove interlink_sequence_nr which is unused. [1] WARNING: CPU: 1 PID: 9723 at net/hsr/hsr_forward.c:602 handle_std_frame+0x247/0x2c0 net/hsr/hsr_forward.c:602 Modules linked in: CPU: 1 UID: 0 PID: 9723 Comm: syz.0.1657 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:handle_std_frame+0x247/0x2c0 net/hsr/hsr_forward.c:602 Code: 49 8d bd b0 01 00 00 be ff ff ff ff e8 e2 58 25 00 31 ff 89 c5 89 c6 e8 47 53 a8 f6 85 ed 0f 85 5a ff ff ff e8 fa 50 a8 f6 90 <0f> 0b 90 e9 4c ff ff ff e8 cc e7 06 f7 e9 8f fe ff ff e8 52 e8 06 RSP: 0018:ffffc90000598598 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc90000598670 RCX: ffffffff8ae2c919 RDX: ffff888024e94880 RSI: ffffffff8ae2c926 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000003 R13: ffff8880627a8cc0 R14: 0000000000000000 R15: ffff888012b03c3a FS: 0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f5696b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000020010000 CR3: 00000000768b4000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> hsr_fill_frame_info+0x2c8/0x360 net/hsr/hsr_forward.c:630 fill_frame_info net/hsr/hsr_forward.c:700 [inline] hsr_forward_skb+0x7df/0x25c0 net/hsr/hsr_forward.c:715 hsr_handle_frame+0x603/0x850 net/hsr/hsr_slave.c:70 __netif_receive_skb_core.constprop.0+0xa3d/0x4330 net/core/dev.c:5555 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737 __netif_receive_skb_list net/core/dev.c:5804 [inline] netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896 gro_normal_list include/net/gro.h:515 [inline] gro_normal_list include/net/gro.h:511 [inline] napi_complete_done+0x23f/0x9a0 net/core/dev.c:6247 gro_cell_poll+0x162/0x210 net/core/gro_cells.c:66 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0xa92/0x1010 net/core/dev.c:6963 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554 do_softirq kernel/softirq.c:455 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:442 </IRQ> <TASK> Fixes: `06afd2c31d` ("hsr: Synchronize sending frames to have always incremented outgoing seq nr.") Fixes: `f421436a59` ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>		2024-09-09 10:25:01 +01:00
..
6lowpan
9p	Two fixes headed to stable trees:	2024-05-29 09:25:15 -07:00
802
8021q	net: Add struct kernel_ethtool_ts_info	2024-07-15 08:02:26 -07:00
appletalk
atm	atm: clean up a put_user() calls	2024-06-14 19:08:50 -07:00
ax25	ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()	2024-06-01 15:49:42 -07:00
batman-adv	Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks"	2024-06-12 20:18:00 +02:00
bluetooth	Bluetooth: MGMT: Ignore keys being loaded with invalid type	2024-08-30 17:57:11 -04:00
bpf	bpf-next-for-netdev	2024-07-09 17:01:46 +02:00
bridge	net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN	2024-09-04 16:36:21 -07:00
caif	net: caif: remove unused structs	2024-06-05 10:18:06 +01:00
can	can: bcm: Remove proc entry when dev is unregistered.	2024-08-06 09:25:12 +02:00
ceph	libceph: fix crush_choose_firstn() kernel-doc warnings	2024-07-11 16:33:07 +02:00
core	net: dqs: Do not use extern for unused dql_group	2024-09-03 12:01:38 -07:00
dcb
dccp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2024-06-27 12:14:11 -07:00
devlink	devlink: Constify the 'table_ops' parameter of devl_dpipe_table_register()	2024-06-05 10:24:57 +01:00
dns_resolver
dsa	net: dsa: provide a software untagging function on RX for VLAN-aware bridges	2024-08-16 09:59:32 +01:00
ethernet	netkit: Fix pkt_type override upon netkit pass verdict	2024-05-25 10:48:57 -07:00
ethtool	ethtool: check device is present when getting link settings	2024-08-26 14:03:02 -07:00
handshake
hsr	net: hsr: remove seqnr_lock	2024-09-09 10:25:01 +01:00
ieee802154	bpf-next-for-netdev	2024-05-28 07:27:29 -07:00
ife
ipv4	fou: Fix null-ptr-deref in GRO.	2024-09-04 16:31:00 -07:00
ipv6	ila: call nf_unregister_net_hooks() sooner	2024-09-05 14:57:12 -07:00
iucv	s390/iucv: Fix vargs handling in iucv_alloc_device()	2024-08-22 13:09:20 -07:00
kcm	kcm: Serialise kcm_sendmsg() for the same socket.	2024-08-19 18:36:12 -07:00
key
l2tp	l2tp: fix lockdep splat	2024-08-08 08:28:24 -07:00
l3mdev
lapb
llc	llc: Constify struct llc_sap_state_trans	2024-07-15 08:51:19 -07:00
mac80211	wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap()	2024-08-26 17:45:45 +02:00
mac802154	net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()	2024-06-03 11:20:56 +02:00
mctp	net: mctp: test: Use correct skb for route input check	2024-08-19 17:48:00 -07:00
mpls	sysctl: treewide: constify the ctl_table argument of proc_handlers	2024-07-24 20:59:29 +02:00
mptcp	mptcp: pm: ADD_ADDR 0 is not a new address	2024-08-29 10:39:50 +02:00
ncsi	net/ncsi: Fix the multi thread manner of NCSI driver	2024-06-01 16:21:44 -07:00
netfilter	netfilter: flowtable: validate vlan header	2024-08-22 12:14:18 +02:00
netlabel
netlink	net: netlink: remove the cb_mutex "injection" from netlink core	2024-06-10 13:15:40 +01:00
netrom	netrom: Fix a memory leak in nr_heartbeat_expiry()	2024-06-17 13:06:23 +01:00
nfc	Quite smaller than usual. Notably it includes the fix for the unix	2024-05-23 12:49:37 -07:00
nsh
openvswitch	net: ovs: fix ovs_drop_reasons error	2024-08-22 13:09:15 -07:00
packet	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2024-07-15 13:19:17 -07:00
phonet	sysctl: treewide: constify the ctl_table argument of proc_handlers	2024-07-24 20:59:29 +02:00
psample	net: psample: fix flag being set in wrong skb	2024-07-11 18:11:31 -07:00
qrtr	net: qrtr: ns: Ignore ENODEV failures in ns	2024-06-14 13:17:21 +02:00
rds	sysctl: treewide: constify the ctl_table argument of proc_handlers	2024-07-24 20:59:29 +02:00
rfkill	net: rfkill: Correct return value in invalid parameter case	2024-06-26 10:49:01 +02:00
rose
rxrpc
sched	sched: sch_cake: fix bulk flow accounting logic for host fairness	2024-09-05 11:49:57 +02:00
sctp	sctp: fix association labeling in the duplicate COOKIE-ECHO case	2024-08-27 16:07:12 -07:00
smc	net/smc: prevent NULL pointer dereference in txopt_get	2024-08-30 13:26:12 +01:00
strparser
sunrpc	rpcrdma: Trace connection registration and unregistration	2024-08-19 11:50:41 -04:00
switchdev
tipc	A lot of networking people were at a conference last week, busy	2024-07-25 13:32:25 -07:00
tls	net: tls: Pass union tls_crypto_context pointer to memzero_explicit	2024-07-09 11:14:47 -07:00
unix	af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash	2024-07-17 22:49:00 +02:00
vmw_vsock	vsock: fix recursive ->recvmsg calls	2024-08-15 12:07:04 +02:00
wireless	wifi: cfg80211: correct S1G beacon length calculation	2024-07-26 12:32:47 +02:00
x25
xdp	xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len	2024-07-25 11:57:27 +02:00
xfrm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2024-07-15 13:19:17 -07:00
compat.c
devres.c
Kconfig	ethtool: provide customized dim profile management	2024-06-25 17:15:06 -07:00
Kconfig.debug
Makefile
socket.c	bpf, net: Fix a potential race in do_sock_getsockopt()	2024-09-03 12:06:24 -07:00
sysctl_net.c	sysctl: Remove check for sentinel element in ctl_table arrays	2024-06-13 10:50:52 +02:00