af_unix: Fix data race around sk->sk_err.
authorKuniyuki Iwashima <kuniyu@amazon.com>
Sat, 2 Sep 2023 00:27:08 +0000 (17:27 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 4 Sep 2023 10:06:16 +0000 (11:06 +0100)
As with sk->sk_shutdown shown in the previous patch, sk->sk_err can be
read locklessly by unix_dgram_sendmsg().

Let's use READ_ONCE() for sk_err as well.

Note that the writer side is marked by commit cc04410af7de ("af_unix:
annotate lockless accesses to sk->sk_err").

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/sock.c

index e3da7eae9338e13de56aeccc9e15d16e860ae38a..16584e2dd6481a3fc28d796db785439f0446703b 100644 (file)
@@ -2749,7 +2749,7 @@ static long sock_wait_for_wmem(struct sock *sk, long timeo)
                        break;
                if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
                        break;
-               if (sk->sk_err)
+               if (READ_ONCE(sk->sk_err))
                        break;
                timeo = schedule_timeout(timeo);
        }