net: udp: annotate data race around udp_sk(sk)->corkflag
commit a9f5970767d11eadc805d5283f202612c7ba1f59 upstream.
up->corkflag field can be read or written without any lock.
Annotate accesses to avoid possible syzbot/KCSAN reports.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Eric Dumazet
Greg Kroah-Hartman
parent
9dbf7e343b
commit
f8ffde0bb9
|
|
@ -981,7 +981,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
|
|||
__be16 dport;
|
||||
u8 tos;
|
||||
int err, is_udplite = IS_UDPLITE(sk);
|
||||
int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
|
||||
int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
|
||||
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
|
||||
struct sk_buff *skb;
|
||||
struct ip_options_data opt_copy;
|
||||
|
|
@ -1289,7 +1289,7 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset,
|
|||
}
|
||||
|
||||
up->len += size;
|
||||
if (!(up->corkflag || (flags&MSG_MORE)))
|
||||
if (!(READ_ONCE(up->corkflag) || (flags&MSG_MORE)))
|
||||
ret = udp_push_pending_frames(sk);
|
||||
if (!ret)
|
||||
ret = size;
|
||||
|
|
@ -2551,9 +2551,9 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
|
|||
switch (optname) {
|
||||
case UDP_CORK:
|
||||
if (val != 0) {
|
||||
up->corkflag = 1;
|
||||
WRITE_ONCE(up->corkflag, 1);
|
||||
} else {
|
||||
up->corkflag = 0;
|
||||
WRITE_ONCE(up->corkflag, 0);
|
||||
lock_sock(sk);
|
||||
push_pending_frames(sk);
|
||||
release_sock(sk);
|
||||
|
|
@ -2676,7 +2676,7 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
|
|||
|
||||
switch (optname) {
|
||||
case UDP_CORK:
|
||||
val = up->corkflag;
|
||||
val = READ_ONCE(up->corkflag);
|
||||
break;
|
||||
|
||||
case UDP_ENCAP:
|
||||
|
|
|
|||
|
|
@ -1231,7 +1231,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
|
|||
int addr_len = msg->msg_namelen;
|
||||
bool connected = false;
|
||||
int ulen = len;
|
||||
int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
|
||||
int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
|
||||
int err;
|
||||
int is_udplite = IS_UDPLITE(sk);
|
||||
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
|
||||
|
|
|
|||
Loading…
Reference in New Issue