net: udp: annotate data race around udp_sk(sk)->corkflag
commit a9f5970767d11eadc805d5283f202612c7ba1f59 upstream.
up->corkflag field can be read or written without any lock.
Annotate accesses to avoid possible syzbot/KCSAN reports.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Eric Dumazet
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
a7f4c633ae
commit
5c3a90b6ff
@@ -1035,7 +1035,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
|
|||||||
__be16 dport;
|
__be16 dport;
|
||||||
u8 tos;
|
u8 tos;
|
||||||
int err, is_udplite = IS_UDPLITE(sk);
|
int err, is_udplite = IS_UDPLITE(sk);
|
||||||
int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
|
int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
|
||||||
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
|
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
struct ip_options_data opt_copy;
|
struct ip_options_data opt_copy;
|
||||||
@@ -1343,7 +1343,7 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset,
|
|||||||
}
|
}
|
||||||
|
|
||||||
up->len += size;
|
up->len += size;
|
||||||
if (!(up->corkflag || (flags&MSG_MORE)))
|
if (!(READ_ONCE(up->corkflag) || (flags&MSG_MORE)))
|
||||||
ret = udp_push_pending_frames(sk);
|
ret = udp_push_pending_frames(sk);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
ret = size;
|
ret = size;
|
||||||
@@ -2609,9 +2609,9 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
|
|||||||
switch (optname) {
|
switch (optname) {
|
||||||
case UDP_CORK:
|
case UDP_CORK:
|
||||||
if (val != 0) {
|
if (val != 0) {
|
||||||
up->corkflag = 1;
|
WRITE_ONCE(up->corkflag, 1);
|
||||||
} else {
|
} else {
|
||||||
up->corkflag = 0;
|
WRITE_ONCE(up->corkflag, 0);
|
||||||
lock_sock(sk);
|
lock_sock(sk);
|
||||||
push_pending_frames(sk);
|
push_pending_frames(sk);
|
||||||
release_sock(sk);
|
release_sock(sk);
|
||||||
@@ -2734,7 +2734,7 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
|
|||||||
|
|
||||||
switch (optname) {
|
switch (optname) {
|
||||||
case UDP_CORK:
|
case UDP_CORK:
|
||||||
val = up->corkflag;
|
val = READ_ONCE(up->corkflag);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UDP_ENCAP:
|
case UDP_ENCAP:
|
||||||
|
|||||||
@@ -1288,7 +1288,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
|
|||||||
int addr_len = msg->msg_namelen;
|
int addr_len = msg->msg_namelen;
|
||||||
bool connected = false;
|
bool connected = false;
|
||||||
int ulen = len;
|
int ulen = len;
|
||||||
int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
|
int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
|
||||||
int err;
|
int err;
|
||||||
int is_udplite = IS_UDPLITE(sk);
|
int is_udplite = IS_UDPLITE(sk);
|
||||||
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
|
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
|
||||||
|
|||||||
Reference in New Issue
Block a user