This is a note to let you know that I've just added the patch titled net/packet: annotate data race in packet_sendmsg() to the 5.12-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-packet-annotate-data-race-in-packet_sendmsg.patch and it can be found in the queue-5.12 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 3330f6df0f4ee6e7f378e2b5c9a6988b4885335d Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Jun 10 09:00:12 2021 -0700 net/packet: annotate data race in packet_sendmsg() [ Upstream commit d1b5bee4c8be01585033be9b3a8878789285285f ] There is a known race in packet_sendmsg(), addressed in commit 32d3182cd2cd ("net/packet: fix race in tpacket_snd()") Now we have data_race(), we can use it to avoid a future KCSAN warning, as syzbot loves stressing af_packet sockets :) Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index c52557ec7fb3..84d8921391c3 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -3034,10 +3034,13 @@ static int packet_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) struct sock *sk = sock->sk; struct packet_sock *po = pkt_sk(sk); - if (po->tx_ring.pg_vec) + /* Reading tx_ring.pg_vec without holding pg_vec_lock is racy. + * tpacket_snd() will redo the check safely. + */ + if (data_race(po->tx_ring.pg_vec)) return tpacket_snd(po, msg); - else - return packet_snd(sock, msg, len); + + return packet_snd(sock, msg, len); } /*