From patchwork Wed Aug 23 17:38:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikita Zhandarovich X-Patchwork-Id: 136736 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a7d1:0:b0:3f2:4152:657d with SMTP id p17csp821456vqm; Wed, 23 Aug 2023 18:18:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFShOR1i0F8cMeQkLjt6QMbVRtm7KglVGeJAlG6gRKMzU9ADJ+kDGHqvgGO7gaYBhOAhzgH X-Received: by 2002:a05:6358:441e:b0:13a:1e90:4813 with SMTP id z30-20020a056358441e00b0013a1e904813mr12536157rwc.29.1692839901755; Wed, 23 Aug 2023 18:18:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692839901; cv=none; d=google.com; s=arc-20160816; b=w6UHts0WSi8PSVVY3KgNri6dmPSB6UGJOLDCh46eUJHx/KrdEhk4a5jvhlkN2ygS8+ 2mC35GpVrU1eWdFPR2TFyxcgwZSivflzffG+Cyd6ST7bsgqbujUUB6tzwS41mKEZhw+9 +WOylwouEa+Hfwv57j0BUZ/iGumqwFEva19JYmx+ORo2w3ni9bYTjtr9Q7yY7H1cTQGW voub8JqgW/eZDjLTWNGoyNFV6ODMqiob0IPQBgmkEtPXF+nFJZyiz9Q4uLHrgXPMeW5R RQWia2qlkTHgkaTnd4FfywQw3IHMol9U4Ewma8s9mKatGddPP5VE+c4NjY5I1ZenqeOB sIGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=s3SWS4HnR+qO/cX1A2KTEHebycFziEMudDURae6etq8=; fh=YZr1umhG/pOXWLKInsmCIxk4KzBh6hRFmOUP6Z27Ocs=; b=av6NtTjaC68IY4RHpkXjuLYKoUBzZxCuX1pJLTbbB6f2fgtuyMn6B0y+CaKDyuhGaT HbTV+IlV43yn2nA6fJbxjGOWAKymBz8upX7LNkqE17Qg8JGeJcWN+r7IjSyCIAPopOHd zplgoRhoZJugeUlU82ZFenChOhoerwesSRaP/7ZrR8P+jTmWMzDnY+7KuTexvfBJxLPV GDK4cDGLXSunvUeYcpWmeWMth8vlIcUQ1SvYuX08/6unzi/gHa9CO25ZVBsQhOsiER1Z IOhMBslxPvkUMndksbsKnqm+3Qiz2grsGMNnlA/NKAM+3eWsnojaOeCs21KdC3QLic+C zUXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w185-20020a6382c2000000b00566069f730esi9816086pgd.758.2023.08.23.18.18.09; Wed, 23 Aug 2023 18:18:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237857AbjHWRjB (ORCPT + 88 others); Wed, 23 Aug 2023 13:39:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236177AbjHWRjA (ORCPT ); Wed, 23 Aug 2023 13:39:00 -0400 Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50547E5A for ; Wed, 23 Aug 2023 10:38:56 -0700 (PDT) Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 23 Aug 2023 20:38:53 +0300 Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 23 Aug 2023 20:38:52 +0300 From: Nikita Zhandarovich To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet CC: Nikita Zhandarovich , Jakub Kicinski , Paolo Abeni , , , , syzbot , , Subject: [PATCH net] wireguard: receive: fix data-race around receiving_counter.counter Date: Wed, 23 Aug 2023 10:38:39 -0700 Message-ID: <20230823173839.43938-1-n.zhandarovich@fintech.ru> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [10.0.253.138] X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru (10.0.10.18) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1775071293109282695 X-GMAIL-MSGID: 1775071293109282695 Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. This patch uses READ_ONCE() and WRITE_ONCE() annotations to fix the problem. Fixes: a9e90d9931f3 ("wireguard: noise: separate receive counter from send counter") Reported-by: syzbot+d1de830e4ecdaac83d89@syzkaller.appspotmail.com Signed-off-by: Nikita Zhandarovich --- drivers/net/wireguard/receive.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c index 0b3f0c843550..b5232ffa8bc7 100644 --- a/drivers/net/wireguard/receive.c +++ b/drivers/net/wireguard/receive.c @@ -251,7 +251,7 @@ static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) if (unlikely(!READ_ONCE(keypair->receiving.is_valid) || wg_birthdate_has_expired(keypair->receiving.birthdate, REJECT_AFTER_TIME) || - keypair->receiving_counter.counter >= REJECT_AFTER_MESSAGES)) { + READ_ONCE(keypair->receiving_counter.counter) >= REJECT_AFTER_MESSAGES)) { WRITE_ONCE(keypair->receiving.is_valid, false); return false; } @@ -318,7 +318,7 @@ static bool counter_validate(struct noise_replay_counter *counter, u64 their_cou for (i = 1; i <= top; ++i) counter->backtrack[(i + index_current) & ((COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1)] = 0; - counter->counter = their_counter; + WRITE_ONCE(counter->counter, their_counter); } index &= (COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1;