| From a9f5970767d11eadc805d5283f202612c7ba1f59 Mon Sep 17 00:00:00 2001 |
| From: Eric Dumazet <edumazet@google.com> |
| Date: Mon, 27 Sep 2021 17:29:24 -0700 |
| Subject: net: udp: annotate data race around udp_sk(sk)->corkflag |
| |
| From: Eric Dumazet <edumazet@google.com> |
| |
| commit a9f5970767d11eadc805d5283f202612c7ba1f59 upstream. |
| |
| up->corkflag field can be read or written without any lock. |
| Annotate accesses to avoid possible syzbot/KCSAN reports. |
| |
| Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") |
| Signed-off-by: Eric Dumazet <edumazet@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv4/udp.c | 10 +++++----- |
| net/ipv6/udp.c | 2 +- |
| 2 files changed, 6 insertions(+), 6 deletions(-) |
| |
| --- a/net/ipv4/udp.c |
| +++ b/net/ipv4/udp.c |
| @@ -1035,7 +1035,7 @@ int udp_sendmsg(struct sock *sk, struct |
| __be16 dport; |
| u8 tos; |
| int err, is_udplite = IS_UDPLITE(sk); |
| - int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; |
| + int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE; |
| int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); |
| struct sk_buff *skb; |
| struct ip_options_data opt_copy; |
| @@ -1343,7 +1343,7 @@ int udp_sendpage(struct sock *sk, struct |
| } |
| |
| up->len += size; |
| - if (!(up->corkflag || (flags&MSG_MORE))) |
| + if (!(READ_ONCE(up->corkflag) || (flags&MSG_MORE))) |
| ret = udp_push_pending_frames(sk); |
| if (!ret) |
| ret = size; |
| @@ -2609,9 +2609,9 @@ int udp_lib_setsockopt(struct sock *sk, |
| switch (optname) { |
| case UDP_CORK: |
| if (val != 0) { |
| - up->corkflag = 1; |
| + WRITE_ONCE(up->corkflag, 1); |
| } else { |
| - up->corkflag = 0; |
| + WRITE_ONCE(up->corkflag, 0); |
| lock_sock(sk); |
| push_pending_frames(sk); |
| release_sock(sk); |
| @@ -2734,7 +2734,7 @@ int udp_lib_getsockopt(struct sock *sk, |
| |
| switch (optname) { |
| case UDP_CORK: |
| - val = up->corkflag; |
| + val = READ_ONCE(up->corkflag); |
| break; |
| |
| case UDP_ENCAP: |
| --- a/net/ipv6/udp.c |
| +++ b/net/ipv6/udp.c |
| @@ -1288,7 +1288,7 @@ int udpv6_sendmsg(struct sock *sk, struc |
| int addr_len = msg->msg_namelen; |
| bool connected = false; |
| int ulen = len; |
| - int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; |
| + int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE; |
| int err; |
| int is_udplite = IS_UDPLITE(sk); |
| int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); |