net: annotate data-races around sk->sk_dst_pending_confirm

[ Upstream commit eb44ad4e635132754bfbcb18103f1dcb7058aedd ]

This field can be read or written without socket lock being held.

Add annotations to avoid load-store tearing.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/include/net/sock.h b/include/net/sock.h
index 97f7fbc..7753354 100644 (file)
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2181,7 +2181,7 @@ static inline void __dst_negative_advice(struct sock *sk)
                if (ndst != dst) {
                        rcu_assign_pointer(sk->sk_dst_cache, ndst);
                        sk_tx_queue_clear(sk);
                if (ndst != dst) {
                        rcu_assign_pointer(sk->sk_dst_cache, ndst);
                        sk_tx_queue_clear(sk);

-                       sk->sk_dst_pending_confirm = 0;
+                       WRITE_ONCE(sk->sk_dst_pending_confirm, 0);

                }
        }
 }
                }
        }
 }


@@ -2198,7 +2198,7 @@ __sk_dst_set(struct sock *sk, struct dst_entry *dst)
        struct dst_entry *old_dst;
 
        sk_tx_queue_clear(sk);
        struct dst_entry *old_dst;
 
        sk_tx_queue_clear(sk);

-       sk->sk_dst_pending_confirm = 0;
+       WRITE_ONCE(sk->sk_dst_pending_confirm, 0);

        old_dst = rcu_dereference_protected(sk->sk_dst_cache,
                                            lockdep_sock_is_held(sk));
        rcu_assign_pointer(sk->sk_dst_cache, dst);
        old_dst = rcu_dereference_protected(sk->sk_dst_cache,
                                            lockdep_sock_is_held(sk));
        rcu_assign_pointer(sk->sk_dst_cache, dst);


@@ -2211,7 +2211,7 @@ sk_dst_set(struct sock *sk, struct dst_entry *dst)
        struct dst_entry *old_dst;
 
        sk_tx_queue_clear(sk);
        struct dst_entry *old_dst;
 
        sk_tx_queue_clear(sk);

-       sk->sk_dst_pending_confirm = 0;
+       WRITE_ONCE(sk->sk_dst_pending_confirm, 0);

        old_dst = xchg((__force struct dst_entry **)&sk->sk_dst_cache, dst);
        dst_release(old_dst);
 }
        old_dst = xchg((__force struct dst_entry **)&sk->sk_dst_cache, dst);
        dst_release(old_dst);
 }

diff --git a/net/core/sock.c b/net/core/sock.c
index 16584e2..bfaf47b 100644 (file)
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -600,7 +600,7 @@ struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
            INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
                               dst, cookie) == NULL) {
                sk_tx_queue_clear(sk);
            INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
                               dst, cookie) == NULL) {
                sk_tx_queue_clear(sk);

-               sk->sk_dst_pending_confirm = 0;
+               WRITE_ONCE(sk->sk_dst_pending_confirm, 0);

                RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
                dst_release(dst);
                return NULL;
                RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
                dst_release(dst);
                return NULL;

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index f072346..9ccfdc8 100644 (file)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1331,7 +1331,7 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
        skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree;
        refcount_add(skb->truesize, &sk->sk_wmem_alloc);
 
        skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree;
        refcount_add(skb->truesize, &sk->sk_wmem_alloc);
 

-       skb_set_dst_pending_confirm(skb, sk->sk_dst_pending_confirm);
+       skb_set_dst_pending_confirm(skb, READ_ONCE(sk->sk_dst_pending_confirm));

 
        /* Build TCP header and checksum it. */
        th = (struct tcphdr *)skb->data;
 
        /* Build TCP header and checksum it. */
        th = (struct tcphdr *)skb->data;