CVE-2023-52578

In the Linux kernel, the following vulnerability has been resolved: net:
bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in
br_handle_frame_finish() [1] This function can run from multiple cpus
without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update
dev->stats fields. Handles updates to dev->stats.tx_dropped while we are at
it. [1] BUG: KCSAN: data-race in br_handle_frame_finish /
br_handle_frame_finish read-write to 0xffff8881374b2178 of 8 bytes by
interrupt on cpu 1: br_handle_frame_finish+0xd4f/0xef0
net/bridge/br_input.c:189 br_nf_hook_thresh+0x1ed/0x220
br_nf_pre_routing_finish_ipv6+0x50f/0x540 NF_HOOK
include/linux/netfilter.h:304 [inline] br_nf_pre_routing_ipv6+0x1e3/0x2a0
net/bridge/br_netfilter_ipv6.c:178 br_nf_pre_routing+0x526/0xba0
net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn
include/linux/netfilter.h:144 [inline] nf_hook_bridge_pre
net/bridge/br_input.c:272 [inline] br_handle_frame+0x4c9/0x940
net/bridge/br_input.c:417 __netif_receive_skb_core+0xa8a/0x21e0
net/core/dev.c:5417 __netif_receive_skb_one_core net/core/dev.c:5521
[inline] __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637
process_backlog+0x21f/0x380 net/core/dev.c:5965 __napi_poll+0x60/0x3b0
net/core/dev.c:6527 napi_poll net/core/dev.c:6594 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6727 __do_softirq+0xc1/0x265
kernel/softirq.c:553 run_ksoftirqd+0x17/0x20 kernel/softirq.c:921
smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164 kthread+0x1d7/0x210
kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 read-write to
0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:
br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
br_nf_hook_thresh+0x1ed/0x220 br_nf_pre_routing_finish_ipv6+0x50f/0x540
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417
__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417
__netif_receive_skb_one_core net/core/dev.c:5521 [inline]
__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637
process_backlog+0x21f/0x380 net/core/dev.c:5965 __napi_poll+0x60/0x3b0
net/core/dev.c:6527 napi_poll net/core/dev.c:6594 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6727 __do_softirq+0xc1/0x265
kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454
__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh
include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40
kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396
[inline] batadv_tt_local_purge+0x1a8/0x1f0
net/batman-adv/translation-table.c:1356 batadv_tt_purge+0x2b/0x630
net/batman-adv/translation-table.c:3560 process_one_work
kernel/workqueue.c:2630 [inline] process_scheduled_works+0x5b8/0xa30
kernel/workqueue.c:2703 worker_thread+0x525/0x730 kernel/workqueue.c:2784
kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60
arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20
arch/x86/entry/entry_64.S:304 value changed: 0x00000000000d7190 ->
0x00000000000d7191 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID:
14848 Comm: kworker/u4:11 Not tainted
6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0