ip: Fix data-races around sysctl_ip_default_ttl.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

While reading sysctl_ip_default_ttl, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Kuniyuki Iwashima and committed by

David S. Miller 3 years ago 8281b7ec db886979

+7 -7

6 changed files

expand all

drivers

net

ethernet

netronome

nfp

flower

action.c

include

net

route.h

net

ipv4

ip_sockglue.c

netfilter

nf_reject_ipv4.c

proc.c

netfilter

nf_synproxy_core.c

+1 -1

drivers/net/ethernet/netronome/nfp/flower/action.c

··· 474 474 set_tun->ttl = ip4_dst_hoplimit(&rt->dst); 475 475 ip_rt_put(rt); 476 476 } else { 477 - set_tun->ttl = net->ipv4.sysctl_ip_default_ttl; 477 + set_tun->ttl = READ_ONCE(net->ipv4.sysctl_ip_default_ttl); 478 478 } 479 479 } 480 480

+1 -1

include/net/route.h

··· 373 373 struct net *net = dev_net(dst->dev); 374 374 375 375 if (hoplimit == 0) 376 - hoplimit = net->ipv4.sysctl_ip_default_ttl; 376 + hoplimit = READ_ONCE(net->ipv4.sysctl_ip_default_ttl); 377 377 return hoplimit; 378 378 } 379 379

+1 -1

net/ipv4/ip_sockglue.c

··· 1606 1606 { 1607 1607 struct net *net = sock_net(sk); 1608 1608 val = (inet->uc_ttl == -1 ? 1609 - net->ipv4.sysctl_ip_default_ttl : 1609 + READ_ONCE(net->ipv4.sysctl_ip_default_ttl) : 1610 1610 inet->uc_ttl); 1611 1611 break; 1612 1612 }

+2 -2

net/ipv4/netfilter/nf_reject_ipv4.c

··· 62 62 63 63 skb_reserve(nskb, LL_MAX_HEADER); 64 64 niph = nf_reject_iphdr_put(nskb, oldskb, IPPROTO_TCP, 65 - net->ipv4.sysctl_ip_default_ttl); 65 + READ_ONCE(net->ipv4.sysctl_ip_default_ttl)); 66 66 nf_reject_ip_tcphdr_put(nskb, oldskb, oth); 67 67 niph->tot_len = htons(nskb->len); 68 68 ip_send_check(niph); ··· 117 117 118 118 skb_reserve(nskb, LL_MAX_HEADER); 119 119 niph = nf_reject_iphdr_put(nskb, oldskb, IPPROTO_ICMP, 120 - net->ipv4.sysctl_ip_default_ttl); 120 + READ_ONCE(net->ipv4.sysctl_ip_default_ttl)); 121 121 122 122 skb_reset_transport_header(nskb); 123 123 icmph = skb_put_zero(nskb, sizeof(struct icmphdr));

+1 -1

net/ipv4/proc.c

··· 387 387 388 388 seq_printf(seq, "\nIp: %d %d", 389 389 IPV4_DEVCONF_ALL(net, FORWARDING) ? 1 : 2, 390 - net->ipv4.sysctl_ip_default_ttl); 390 + READ_ONCE(net->ipv4.sysctl_ip_default_ttl)); 391 391 392 392 BUILD_BUG_ON(offsetof(struct ipstats_mib, mibs) != 0); 393 393 snmp_get_cpu_field64_batch(buff64, snmp4_ipstats_list,

+1 -1

net/netfilter/nf_synproxy_core.c

··· 405 405 iph->tos = 0; 406 406 iph->id = 0; 407 407 iph->frag_off = htons(IP_DF); 408 - iph->ttl = net->ipv4.sysctl_ip_default_ttl; 408 + iph->ttl = READ_ONCE(net->ipv4.sysctl_ip_default_ttl); 409 409 iph->protocol = IPPROTO_TCP; 410 410 iph->check = 0; 411 411 iph->saddr = saddr;