linux-sg2042/net/netfilter/ipvs
Eric Dumazet c24b75e0f9 ipvs: move old_secure_tcp into struct netns_ipvs
syzbot reported the following issue :

BUG: KCSAN: data-race in update_defense_level / update_defense_level

read to 0xffffffff861a6260 of 4 bytes by task 3006 on cpu 1:
 update_defense_level+0x621/0xb30 net/netfilter/ipvs/ip_vs_ctl.c:177
 defense_work_handler+0x3d/0xd0 net/netfilter/ipvs/ip_vs_ctl.c:225
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

write to 0xffffffff861a6260 of 4 bytes by task 7333 on cpu 0:
 update_defense_level+0xa62/0xb30 net/netfilter/ipvs/ip_vs_ctl.c:205
 defense_work_handler+0x3d/0xd0 net/netfilter/ipvs/ip_vs_ctl.c:225
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7333 Comm: kworker/0:5 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events defense_work_handler

Indeed, old_secure_tcp is currently a static variable, while it
needs to be a per netns variable.

Fixes: a0840e2e16 ("IPVS: netns, ip_vs_ctl local vars moved to ipvs struct.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
2019-10-24 11:56:02 +02:00
..
Kconfig net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
Makefile netfilter: ipvs: Add configurations of Maglev hashing 2018-04-09 10:11:18 +03:00
ip_vs_app.c ipvs: don't ignore errors in case refcounting ip_vs module fails 2019-10-24 11:53:19 +02:00
ip_vs_conn.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_core.c netfilter: remove unnecessary spaces 2019-08-13 12:08:48 +02:00
ip_vs_ctl.c ipvs: move old_secure_tcp into struct netns_ipvs 2019-10-24 11:56:02 +02:00
ip_vs_dh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_est.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_fo.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_ftp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 11:00:14 -07:00
ip_vs_lblc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_lblcr.c net: delete "register" keyword 2019-08-08 18:03:42 -07:00
ip_vs_lc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_mh.c netfilter: remove unnecessary spaces 2019-08-13 12:08:48 +02:00
ip_vs_nfct.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
ip_vs_nq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_ovf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_pe.c ipvs: don't ignore errors in case refcounting ip_vs module fails 2019-10-24 11:53:19 +02:00
ip_vs_pe_sip.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ip_vs_proto.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_proto_ah_esp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip_vs_proto_sctp.c netfilter: ipvs: prefer skb_ensure_writable 2019-05-31 18:02:44 +02:00
ip_vs_proto_tcp.c netfilter: remove unnecessary spaces 2019-08-13 12:08:48 +02:00
ip_vs_proto_udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 11:00:14 -07:00
ip_vs_rr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_sched.c ipvs: don't ignore errors in case refcounting ip_vs module fails 2019-10-24 11:53:19 +02:00
ip_vs_sed.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_sh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_sync.c ipvs: don't ignore errors in case refcounting ip_vs module fails 2019-10-24 11:53:19 +02:00
ip_vs_wlc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_wrr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip_vs_xmit.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00