release/5.2.41/tcp-annotate-tp-urg_seq-lockless-reads.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From 50c5e28a3cc9a68d59ead03cef82aea38b7a1707 Mon Sep 17 00:00:00 2001
 From: Eric Dumazet <edumazet@google.com>
 Date: Thu, 10 Oct 2019 20:17:43 -0700
 Subject: [PATCH] tcp: annotate tp->urg_seq lockless reads

 commit d9b55bf7b6788ec0bd1db1acefbc4feb1399144a upstream.

 There two places where we fetch tp->urg_seq while
 this field can change from IRQ or other cpu.

 We need to add READ_ONCE() annotations, and also make
 sure write side use corresponding WRITE_ONCE() to avoid
 store-tearing.

 Signed-off-by: Eric Dumazet <edumazet@google.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
 index 3ce531ba6f4f..bcdcca023972 100644
 --- a/net/ipv4/tcp.c
 +++ b/net/ipv4/tcp.c
 @@ -546,7 +546,7 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
  	    (state != TCP_SYN_RECV || rcu_access_pointer(tp->fastopen_rsk))) {
  		int target = sock_rcvlowat(sk, 0, INT_MAX);

 -		if (tp->urg_seq == READ_ONCE(tp->copied_seq) &&
 +		if (READ_ONCE(tp->urg_seq) == READ_ONCE(tp->copied_seq) &&
  		    !sock_flag(sk, SOCK_URGINLINE) &&
  		    tp->urg_data)
  			target++;
 @@ -607,7 +607,8 @@ int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
  		unlock_sock_fast(sk, slow);
  		break;
  	case SIOCATMARK:
 -		answ = tp->urg_data && tp->urg_seq == READ_ONCE(tp->copied_seq);
 +		answ = tp->urg_data &&
 +		       READ_ONCE(tp->urg_seq) == READ_ONCE(tp->copied_seq);
  		break;
  	case SIOCOUTQ:
  		if (sk->sk_state == TCP_LISTEN)
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
 index 7fb81ca86612..f9e6cc739d68 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
 @@ -5313,7 +5313,7 @@ static void tcp_check_urg(struct sock *sk, const struct tcphdr *th)
  	}

  	tp->urg_data = TCP_URG_NOTYET;
 -	tp->urg_seq = ptr;
 +	WRITE_ONCE(tp->urg_seq, ptr);

  	/* Disable header prediction. */
  	tp->pred_flags = 0;
 --
 2.7.4
	From 50c5e28a3cc9a68d59ead03cef82aea38b7a1707 Mon Sep 17 00:00:00 2001
	From: Eric Dumazet <edumazet@google.com>
	Date: Thu, 10 Oct 2019 20:17:43 -0700
	Subject: [PATCH] tcp: annotate tp->urg_seq lockless reads

	commit d9b55bf7b6788ec0bd1db1acefbc4feb1399144a upstream.

	There two places where we fetch tp->urg_seq while
	this field can change from IRQ or other cpu.

	We need to add READ_ONCE() annotations, and also make
	sure write side use corresponding WRITE_ONCE() to avoid
	store-tearing.

	Signed-off-by: Eric Dumazet <edumazet@google.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
	index 3ce531ba6f4f..bcdcca023972 100644
	--- a/net/ipv4/tcp.c
	+++ b/net/ipv4/tcp.c
	@@ -546,7 +546,7 @@ __poll_t tcp_poll(struct file file, struct socket sock, poll_table *wait)
	(state != TCP_SYN_RECV \|\| rcu_access_pointer(tp->fastopen_rsk))) {
	int target = sock_rcvlowat(sk, 0, INT_MAX);

	- if (tp->urg_seq == READ_ONCE(tp->copied_seq) &&
	+ if (READ_ONCE(tp->urg_seq) == READ_ONCE(tp->copied_seq) &&
	!sock_flag(sk, SOCK_URGINLINE) &&
	tp->urg_data)
	target++;
	@@ -607,7 +607,8 @@ int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
	unlock_sock_fast(sk, slow);
	break;
	case SIOCATMARK:
	- answ = tp->urg_data && tp->urg_seq == READ_ONCE(tp->copied_seq);
	+ answ = tp->urg_data &&
	+ READ_ONCE(tp->urg_seq) == READ_ONCE(tp->copied_seq);
	break;
	case SIOCOUTQ:
	if (sk->sk_state == TCP_LISTEN)
	diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
	index 7fb81ca86612..f9e6cc739d68 100644
	--- a/net/ipv4/tcp_input.c
	+++ b/net/ipv4/tcp_input.c
	@@ -5313,7 +5313,7 @@ static void tcp_check_urg(struct sock sk, const struct tcphdr th)
	}

	tp->urg_data = TCP_URG_NOTYET;
	- tp->urg_seq = ptr;
	+ WRITE_ONCE(tp->urg_seq, ptr);

	/* Disable header prediction. */
	tp->pred_flags = 0;
	--
	2.7.4