diff mbox series

[v1,net,14/15] tcp: Fix data-races around sysctl_tcp_fastopen.

Message ID 20220715171755.38497-15-kuniyu@amazon.com (mailing list archive)
State Accepted
Commit 5a54213318c43f4009ae158347aa6016e3b9b55a
Delegated to: Netdev Maintainers
Headers show
Series sysctl: Fix data-races around ipv4_net_table (Round 3). | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net, async
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 3 this patch: 3
netdev/cc_maintainers warning 1 maintainers not CCed: yoshfuji@linux-ipv6.org
netdev/build_clang success Errors and warnings before: 6 this patch: 6
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 3 this patch: 3
netdev/checkpatch warning WARNING: line length of 81 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Kuniyuki Iwashima July 15, 2022, 5:17 p.m. UTC 
While reading sysctl_tcp_fastopen, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.

Fixes: 2100c8d2d9db ("net-tcp: Fast Open base")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
CC: Yuchung Cheng <ycheng@google.com>
---
 net/ipv4/af_inet.c      | 2 +-
 net/ipv4/tcp.c          | 6 ++++--
 net/ipv4/tcp_fastopen.c | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

Comments

Yuchung Cheng July 17, 2022, 3:20 p.m. UTC | #1 
On Fri, Jul 15, 2022 at 10:21 AM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>
> While reading sysctl_tcp_fastopen, it can be changed concurrently.
> Thus, we need to add READ_ONCE() to its readers.
>
> Fixes: 2100c8d2d9db ("net-tcp: Fast Open base")
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> ---
> CC: Yuchung Cheng <ycheng@google.com>
Thanks for the improvement

Acked-by: Yuchung Cheng <ycheng@google.com>

> ---
>  net/ipv4/af_inet.c      | 2 +-
>  net/ipv4/tcp.c          | 6 ++++--
>  net/ipv4/tcp_fastopen.c | 4 ++--
>  3 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index 4bc24f9e38b3..59a0c5406fc1 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -217,7 +217,7 @@ int inet_listen(struct socket *sock, int backlog)
>                  * because the socket was in TCP_LISTEN state previously but
>                  * was shutdown() rather than close().
>                  */
> -               tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
> +               tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
>                 if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
>                     (tcp_fastopen & TFO_SERVER_ENABLE) &&
>                     !inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index b1b1bcbc4f60..2faaaaf540ac 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -1150,7 +1150,8 @@ static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
>         struct sockaddr *uaddr = msg->msg_name;
>         int err, flags;
>
> -       if (!(sock_net(sk)->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) ||
> +       if (!(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) &
> +             TFO_CLIENT_ENABLE) ||
>             (uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&
>              uaddr->sa_family == AF_UNSPEC))
>                 return -EOPNOTSUPP;
> @@ -3617,7 +3618,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, int optname,
>         case TCP_FASTOPEN_CONNECT:
>                 if (val > 1 || val < 0) {
>                         err = -EINVAL;
> -               } else if (net->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) {
> +               } else if (READ_ONCE(net->ipv4.sysctl_tcp_fastopen) &
> +                          TFO_CLIENT_ENABLE) {
>                         if (sk->sk_state == TCP_CLOSE)
>                                 tp->fastopen_connect = val;
>                         else
> diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
> index fdbcf2a6d08e..0acdb5473850 100644
> --- a/net/ipv4/tcp_fastopen.c
> +++ b/net/ipv4/tcp_fastopen.c
> @@ -332,7 +332,7 @@ static bool tcp_fastopen_no_cookie(const struct sock *sk,
>                                    const struct dst_entry *dst,
>                                    int flag)
>  {
> -       return (sock_net(sk)->ipv4.sysctl_tcp_fastopen & flag) ||
> +       return (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) & flag) ||
>                tcp_sk(sk)->fastopen_no_cookie ||
>                (dst && dst_metric(dst, RTAX_FASTOPEN_NO_COOKIE));
>  }
> @@ -347,7 +347,7 @@ struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
>                               const struct dst_entry *dst)
>  {
>         bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
> -       int tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
> +       int tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
>         struct tcp_fastopen_cookie valid_foc = { .len = -1 };
>         struct sock *child;
>         int ret = 0;
> --
> 2.30.2
>
diff mbox series

Patch

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 4bc24f9e38b3..59a0c5406fc1 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -217,7 +217,7 @@  int inet_listen(struct socket *sock, int backlog)
 		 * because the socket was in TCP_LISTEN state previously but
 		 * was shutdown() rather than close().
 		 */
-		tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
+		tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
 		if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
 		    (tcp_fastopen & TFO_SERVER_ENABLE) &&
 		    !inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index b1b1bcbc4f60..2faaaaf540ac 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1150,7 +1150,8 @@  static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
 	struct sockaddr *uaddr = msg->msg_name;
 	int err, flags;
 
-	if (!(sock_net(sk)->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) ||
+	if (!(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) &
+	      TFO_CLIENT_ENABLE) ||
 	    (uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&
 	     uaddr->sa_family == AF_UNSPEC))
 		return -EOPNOTSUPP;
@@ -3617,7 +3618,8 @@  static int do_tcp_setsockopt(struct sock *sk, int level, int optname,
 	case TCP_FASTOPEN_CONNECT:
 		if (val > 1 || val < 0) {
 			err = -EINVAL;
-		} else if (net->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) {
+		} else if (READ_ONCE(net->ipv4.sysctl_tcp_fastopen) &
+			   TFO_CLIENT_ENABLE) {
 			if (sk->sk_state == TCP_CLOSE)
 				tp->fastopen_connect = val;
 			else
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index fdbcf2a6d08e..0acdb5473850 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -332,7 +332,7 @@  static bool tcp_fastopen_no_cookie(const struct sock *sk,
 				   const struct dst_entry *dst,
 				   int flag)
 {
-	return (sock_net(sk)->ipv4.sysctl_tcp_fastopen & flag) ||
+	return (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) & flag) ||
 	       tcp_sk(sk)->fastopen_no_cookie ||
 	       (dst && dst_metric(dst, RTAX_FASTOPEN_NO_COOKIE));
 }
@@ -347,7 +347,7 @@  struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
 			      const struct dst_entry *dst)
 {
 	bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
-	int tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
+	int tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
 	struct tcp_fastopen_cookie valid_foc = { .len = -1 };
 	struct sock *child;
 	int ret = 0;