Commit a9f59707 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

net: udp: annotate data race around udp_sk(sk)->corkflag

up->corkflag field can be read or written without any lock.
Annotate accesses to avoid possible syzbot/KCSAN reports.

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 103bde37
...@@ -1053,7 +1053,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ...@@ -1053,7 +1053,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
__be16 dport; __be16 dport;
u8 tos; u8 tos;
int err, is_udplite = IS_UDPLITE(sk); int err, is_udplite = IS_UDPLITE(sk);
int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
struct sk_buff *skb; struct sk_buff *skb;
struct ip_options_data opt_copy; struct ip_options_data opt_copy;
...@@ -1361,7 +1361,7 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset, ...@@ -1361,7 +1361,7 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset,
} }
up->len += size; up->len += size;
if (!(up->corkflag || (flags&MSG_MORE))) if (!(READ_ONCE(up->corkflag) || (flags&MSG_MORE)))
ret = udp_push_pending_frames(sk); ret = udp_push_pending_frames(sk);
if (!ret) if (!ret)
ret = size; ret = size;
...@@ -2662,9 +2662,9 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname, ...@@ -2662,9 +2662,9 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
switch (optname) { switch (optname) {
case UDP_CORK: case UDP_CORK:
if (val != 0) { if (val != 0) {
up->corkflag = 1; WRITE_ONCE(up->corkflag, 1);
} else { } else {
up->corkflag = 0; WRITE_ONCE(up->corkflag, 0);
lock_sock(sk); lock_sock(sk);
push_pending_frames(sk); push_pending_frames(sk);
release_sock(sk); release_sock(sk);
...@@ -2787,7 +2787,7 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname, ...@@ -2787,7 +2787,7 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
switch (optname) { switch (optname) {
case UDP_CORK: case UDP_CORK:
val = up->corkflag; val = READ_ONCE(up->corkflag);
break; break;
case UDP_ENCAP: case UDP_ENCAP:
......
...@@ -1303,7 +1303,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ...@@ -1303,7 +1303,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
int addr_len = msg->msg_namelen; int addr_len = msg->msg_namelen;
bool connected = false; bool connected = false;
int ulen = len; int ulen = len;
int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
int err; int err;
int is_udplite = IS_UDPLITE(sk); int is_udplite = IS_UDPLITE(sk);
int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment