tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

sock_diag: annotate data-races around sock_diag_handlers[family]

__sock_diag_cmd() and sock_diag_bind() read sock_diag_handlers[family]
without a lock held.

Use READ_ONCE()/WRITE_ONCE() annotations to avoid potential issues.

Fixes: 8ef874bfc729 ("sock_diag: Move the sock_ code to net/core/")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Eric Dumazet and committed by
Paolo Abeni efd40253 736b5545

+5 -5
+5 -5
net/core/sock_diag.c
··· 193 193 if (sock_diag_handlers[hndl->family]) 194 194 err = -EBUSY; 195 195 else 196 - sock_diag_handlers[hndl->family] = hndl; 196 + WRITE_ONCE(sock_diag_handlers[hndl->family], hndl); 197 197 mutex_unlock(&sock_diag_table_mutex); 198 198 199 199 return err; ··· 209 209 210 210 mutex_lock(&sock_diag_table_mutex); 211 211 BUG_ON(sock_diag_handlers[family] != hnld); 212 - sock_diag_handlers[family] = NULL; 212 + WRITE_ONCE(sock_diag_handlers[family], NULL); 213 213 mutex_unlock(&sock_diag_table_mutex); 214 214 } 215 215 EXPORT_SYMBOL_GPL(sock_diag_unregister); ··· 227 227 return -EINVAL; 228 228 req->sdiag_family = array_index_nospec(req->sdiag_family, AF_MAX); 229 229 230 - if (sock_diag_handlers[req->sdiag_family] == NULL) 230 + if (READ_ONCE(sock_diag_handlers[req->sdiag_family]) == NULL) 231 231 sock_load_diag_module(req->sdiag_family, 0); 232 232 233 233 mutex_lock(&sock_diag_table_mutex); ··· 286 286 switch (group) { 287 287 case SKNLGRP_INET_TCP_DESTROY: 288 288 case SKNLGRP_INET_UDP_DESTROY: 289 - if (!sock_diag_handlers[AF_INET]) 289 + if (!READ_ONCE(sock_diag_handlers[AF_INET])) 290 290 sock_load_diag_module(AF_INET, 0); 291 291 break; 292 292 case SKNLGRP_INET6_TCP_DESTROY: 293 293 case SKNLGRP_INET6_UDP_DESTROY: 294 - if (!sock_diag_handlers[AF_INET6]) 294 + if (!READ_ONCE(sock_diag_handlers[AF_INET6])) 295 295 sock_load_diag_module(AF_INET6, 0); 296 296 break; 297 297 }