Description
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races around sk->sk_shutdown. KCSAN found a data race around sk->sk_shutdown where unix_release_sock() and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll() and unix_dgram_poll() read it locklessly. We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE(). BUG: KCSAN: data-race in unix_poll / unix_release_sock write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0: unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631 unix_release+0x59/0x80 net/unix/af_unix.c:1042 __sock_release+0x7d/0x170 net/socket.c:653 sock_close+0x19/0x30 net/socket.c:1397 __fput+0x179/0x5e0 fs/file_table.c:321 ____fput+0x15/0x20 fs/file_table.c:349 task_work_run+0x116/0x1a0 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297 do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffff88800d0f8aec of 1 bytes by task 222 on cpu 1: unix_poll+0xa3/0x2a0 net/unix/af_unix.c:3170 sock_poll+0xcf/0x2b0 net/socket.c:1385 vfs_poll include/linux/poll.h:88 [inline] ep_item_poll.isra.0+0x78/0xc0 fs/eventpoll.c:855 ep_send_events fs/eventpoll.c:1694 [inline] ep_poll fs/eventpoll.c:1823 [inline] do_epoll_wait+0x6c4/0xea0 fs/eventpoll.c:2258 __do_sys_epoll_wait fs/eventpoll.c:2270 [inline] __se_sys_epoll_wait fs/eventpoll.c:2265 [inline] __x64_sys_epoll_wait+0xcc/0x190 fs/eventpoll.c:2265 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0x00 -> 0x03 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 222 Comm: dbus-broker Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 1c488f4e95b498c977fbeae784983eb4cf6085e8
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 196528ad484443627779540697f4fb0ef0e01c52
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 8307e372e7445ec7d3cd2ff107ce5078eaa02815
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a41559ae3681975f1ced815d8d4c983b6b938499
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before e410895892f99700ce54347d42c8dbe962eea9f4
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f237f79b63c9242450e6869adcd2c10445859f28
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before e1d09c2c2f5793474556b60f83900e088d0d366d
2.6.12
Any version before 2.6.12
4.19.284 (semver)
5.4.244 (semver)
5.10.181 (semver)
5.15.113 (semver)
6.1.30 (semver)
6.3.4 (semver)
6.4 (original_commit_for_fix)
References
git.kernel.org/...c/1c488f4e95b498c977fbeae784983eb4cf6085e8
git.kernel.org/...c/196528ad484443627779540697f4fb0ef0e01c52
git.kernel.org/...c/8307e372e7445ec7d3cd2ff107ce5078eaa02815
git.kernel.org/...c/a41559ae3681975f1ced815d8d4c983b6b938499
git.kernel.org/...c/e410895892f99700ce54347d42c8dbe962eea9f4
git.kernel.org/...c/f237f79b63c9242450e6869adcd2c10445859f28
git.kernel.org/...c/e1d09c2c2f5793474556b60f83900e088d0d366d
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
