Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25d53d85 authored Jul 15, 2022 by Kuniyuki Iwashima Committed by Greg Kroah-Hartman Jul 29, 2022

tcp: Fix data-races around sysctl_tcp_fastopen.



[ Upstream commit 5a54213318c43f4009ae158347aa6016e3b9b55a ]

While reading sysctl_tcp_fastopen, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.

Fixes: 2100c8d2 ("net-tcp: Fast Open base")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 78420d8e

net/ipv4/af_inet.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -219,7 +219,7 @@ int inet_listen(struct socket *sock, int backlog)
	* because the socket was in TCP_LISTEN state previously but		* because the socket was in TCP_LISTEN state previously but
	* was shutdown() rather than close().		* was shutdown() rather than close().
	*/		*/
	tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;		tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
	if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&		if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
	(tcp_fastopen & TFO_SERVER_ENABLE) &&		(tcp_fastopen & TFO_SERVER_ENABLE) &&
	!inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {		!inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {

net/ipv4/tcp.c

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1148,7 +1148,8 @@ static int tcp_sendmsg_fastopen(struct sock sk, struct msghdr msg,
	struct sockaddr *uaddr = msg->msg_name;		struct sockaddr *uaddr = msg->msg_name;
	int err, flags;		int err, flags;

	if (!(sock_net(sk)->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) \|\|		if (!(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) &
			TFO_CLIENT_ENABLE) \|\|
	(uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&		(uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&
	uaddr->sa_family == AF_UNSPEC))		uaddr->sa_family == AF_UNSPEC))
	return -EOPNOTSUPP;		return -EOPNOTSUPP;
	@@ -3127,7 +3128,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
	case TCP_FASTOPEN_CONNECT:		case TCP_FASTOPEN_CONNECT:
	if (val > 1 \|\| val < 0) {		if (val > 1 \|\| val < 0) {
	err = -EINVAL;		err = -EINVAL;
	} else if (net->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) {		} else if (READ_ONCE(net->ipv4.sysctl_tcp_fastopen) &
			TFO_CLIENT_ENABLE) {
	if (sk->sk_state == TCP_CLOSE)		if (sk->sk_state == TCP_CLOSE)
	tp->fastopen_connect = val;		tp->fastopen_connect = val;
	else		else

net/ipv4/tcp_fastopen.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -349,7 +349,7 @@ static bool tcp_fastopen_no_cookie(const struct sock *sk,
	const struct dst_entry *dst,		const struct dst_entry *dst,
	int flag)		int flag)
	{		{
	return (sock_net(sk)->ipv4.sysctl_tcp_fastopen & flag) \|\|		return (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) & flag) \|\|
	tcp_sk(sk)->fastopen_no_cookie \|\|		tcp_sk(sk)->fastopen_no_cookie \|\|
	(dst && dst_metric(dst, RTAX_FASTOPEN_NO_COOKIE));		(dst && dst_metric(dst, RTAX_FASTOPEN_NO_COOKIE));
	}		}
	@@ -364,7 +364,7 @@ struct sock tcp_try_fastopen(struct sock sk, struct sk_buff *skb,
	const struct dst_entry *dst)		const struct dst_entry *dst)
	{		{
	bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;		bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
	int tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;		int tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
	struct tcp_fastopen_cookie valid_foc = { .len = -1 };		struct tcp_fastopen_cookie valid_foc = { .len = -1 };
	struct sock *child;		struct sock *child;
	int ret = 0;		int ret = 0;