[PATCH v1 net 07/15] af_unix: Annotate data-races around sk->sk_state in... | netdev

[PATCH v1 net 00/15] af_unix: Fix lockless access of sk->sk_state and others fields. · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-03
Re: [PATCH v1 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Cong Wang <hidden> · 2024-06-03
Re: [PATCH v1 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 02/15] af_unix: Annodate data-races around sk->sk_state for writers. · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 03/15] af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 04/15] af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 05/15] af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 06/15] af_unix: Annotate data-race of sk->sk_state in unix_accept(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 07/15] af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 08/15] af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 09/15] af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 10/15] af_unix: Annotate data-races around sk->sk_sndbuf. · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 11/15] af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 12/15] af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 13/15] af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 14/15] af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). · Kuniyuki Iwashima <hidden> · 2024-06-03
[PATCH v1 net 15/15] af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). · Kuniyuki Iwashima <hidden> · 2024-06-03

STALE729d

Revisions (2)

2024-06-03 v1 current
2024-06-04 v2 [diff vs current]

[PATCH v1 net 07/15] af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().

From: Kuniyuki Iwashima <hidden>
Date: 2024-06-03 14:35:47
Subsystem: networking [general], networking [unix sockets], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Kuniyuki Iwashima, Linus Torvalds

The following functions read sk->sk_state locklessly and proceed only if
the state is TCP_ESTABLISHED.

  * unix_stream_sendmsg
  * unix_stream_read_generic
  * unix_seqpacket_sendmsg
  * unix_seqpacket_recvmsg

Let's use READ_ONCE() there.

Fixes: a05d2ad1c1f3 ("af_unix: Only allow recv on connected seqpacket sockets.")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <redacted>
---
 net/unix/af_unix.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index a97f4305b74f..43605bed0ef7 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c

@@ -2226,7 +2226,7 @@ static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
 	}
 
 	if (msg->msg_namelen) {
-		err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
+		err = READ_ONCE(sk->sk_state) == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
 		goto out_err;
 	} else {
 		err = -ENOTCONN;

@@ -2340,7 +2340,7 @@ static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
 	if (err)
 		return err;
 
-	if (sk->sk_state != TCP_ESTABLISHED)
+	if (READ_ONCE(sk->sk_state) != TCP_ESTABLISHED)
 		return -ENOTCONN;
 
 	if (msg->msg_namelen)

@@ -2354,7 +2354,7 @@ static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
 {
 	struct sock *sk = sock->sk;
 
-	if (sk->sk_state != TCP_ESTABLISHED)
+	if (READ_ONCE(sk->sk_state) != TCP_ESTABLISHED)
 		return -ENOTCONN;
 
 	return unix_dgram_recvmsg(sock, msg, size, flags);

@@ -2683,7 +2683,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state,
 	size_t size = state->size;
 	unsigned int last_len;
 
-	if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
+	if (unlikely(READ_ONCE(sk->sk_state) != TCP_ESTABLISHED)) {
 		err = -EINVAL;
 		goto out;
 	}

-- 
2.30.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help