diff mbox series

[net] net: datagram: fix data-races in datagram_poll()

Message ID 20230509173131.3263780-1-edumazet@google.com (mailing list archive)
State Accepted
Commit 5bca1d081f44c9443e61841842ce4e9179d327b6
Delegated to: Netdev Maintainers
Headers show
Series [net] net: datagram: fix data-races in datagram_poll() | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 10 this patch: 10
netdev/cc_maintainers warning 4 maintainers not CCed: lixiaoyan@google.com shakeelb@google.com asml.silence@gmail.com dsahern@kernel.org
netdev/build_clang success Errors and warnings before: 8 this patch: 8
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 10 this patch: 10
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 38 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Eric Dumazet May 9, 2023, 5:31 p.m. UTC 
datagram_poll() runs locklessly, we should add READ_ONCE()
annotations while reading sk->sk_err, sk->sk_shutdown and sk->sk_state.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 net/core/datagram.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

Comments

Kuniyuki Iwashima May 9, 2023, 10:50 p.m. UTC | #1 
From: Eric Dumazet <edumazet@google.com>
Date: Tue,  9 May 2023 17:31:31 +0000
> datagram_poll() runs locklessly, we should add READ_ONCE()
> annotations while reading sk->sk_err, sk->sk_shutdown and sk->sk_state.
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Eric Dumazet <edumazet@google.com>

Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>


> ---
>  net/core/datagram.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/net/core/datagram.c b/net/core/datagram.c
> index 5662dff3d381a92b271d9cba38a28a6a8478c114..176eb58347461b160890ce2d6b2d3cbc7412e321 100644
> --- a/net/core/datagram.c
> +++ b/net/core/datagram.c
> @@ -807,18 +807,21 @@ __poll_t datagram_poll(struct file *file, struct socket *sock,
>  {
>  	struct sock *sk = sock->sk;
>  	__poll_t mask;
> +	u8 shutdown;
>  
>  	sock_poll_wait(file, sock, wait);
>  	mask = 0;
>  
>  	/* exceptional events? */
> -	if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
> +	if (READ_ONCE(sk->sk_err) ||
> +	    !skb_queue_empty_lockless(&sk->sk_error_queue))
>  		mask |= EPOLLERR |
>  			(sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
>  
> -	if (sk->sk_shutdown & RCV_SHUTDOWN)
> +	shutdown = READ_ONCE(sk->sk_shutdown);
> +	if (shutdown & RCV_SHUTDOWN)
>  		mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
> -	if (sk->sk_shutdown == SHUTDOWN_MASK)
> +	if (shutdown == SHUTDOWN_MASK)
>  		mask |= EPOLLHUP;
>  
>  	/* readable? */
> @@ -827,10 +830,12 @@ __poll_t datagram_poll(struct file *file, struct socket *sock,
>  
>  	/* Connection-based need to check for termination and startup */
>  	if (connection_based(sk)) {
> -		if (sk->sk_state == TCP_CLOSE)
> +		int state = READ_ONCE(sk->sk_state);
> +
> +		if (state == TCP_CLOSE)
>  			mask |= EPOLLHUP;
>  		/* connection hasn't started yet? */
> -		if (sk->sk_state == TCP_SYN_SENT)
> +		if (state == TCP_SYN_SENT)
>  			return mask;
>  	}
>  
> -- 
> 2.40.1.521.gf1e218fcd8-goog
patchwork-bot+netdevbpf@kernel.org May 11, 2023, 2:10 a.m. UTC | #2 
Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue,  9 May 2023 17:31:31 +0000 you wrote:
> datagram_poll() runs locklessly, we should add READ_ONCE()
> annotations while reading sk->sk_err, sk->sk_shutdown and sk->sk_state.
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
>  net/core/datagram.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)

Here is the summary with links:
  - [net] net: datagram: fix data-races in datagram_poll()
    https://git.kernel.org/netdev/net/c/5bca1d081f44

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/core/datagram.c b/net/core/datagram.c
index 5662dff3d381a92b271d9cba38a28a6a8478c114..176eb58347461b160890ce2d6b2d3cbc7412e321 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -807,18 +807,21 @@  __poll_t datagram_poll(struct file *file, struct socket *sock,
 {
 	struct sock *sk = sock->sk;
 	__poll_t mask;
+	u8 shutdown;
 
 	sock_poll_wait(file, sock, wait);
 	mask = 0;
 
 	/* exceptional events? */
-	if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
+	if (READ_ONCE(sk->sk_err) ||
+	    !skb_queue_empty_lockless(&sk->sk_error_queue))
 		mask |= EPOLLERR |
 			(sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
 
-	if (sk->sk_shutdown & RCV_SHUTDOWN)
+	shutdown = READ_ONCE(sk->sk_shutdown);
+	if (shutdown & RCV_SHUTDOWN)
 		mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
-	if (sk->sk_shutdown == SHUTDOWN_MASK)
+	if (shutdown == SHUTDOWN_MASK)
 		mask |= EPOLLHUP;
 
 	/* readable? */
@@ -827,10 +830,12 @@  __poll_t datagram_poll(struct file *file, struct socket *sock,
 
 	/* Connection-based need to check for termination and startup */
 	if (connection_based(sk)) {
-		if (sk->sk_state == TCP_CLOSE)
+		int state = READ_ONCE(sk->sk_state);
+
+		if (state == TCP_CLOSE)
 			mask |= EPOLLHUP;
 		/* connection hasn't started yet? */
-		if (sk->sk_state == TCP_SYN_SENT)
+		if (state == TCP_SYN_SENT)
 			return mask;
 	}