sock_diag: annotate data-races around sock_diag_handlers[family] (4bdfc38a) · Commits · e / devices / android_kernel_fairphone_FP5

net/core/sock_diag.c

+5 −5

Original line number	Diff line number	Diff line
		@@ -188,7 +188,7 @@ int sock_diag_register(const struct sock_diag_handler *hndl)
		if (sock_diag_handlers[hndl->family])
		err = -EBUSY;
		else
		sock_diag_handlers[hndl->family] = hndl;
		WRITE_ONCE(sock_diag_handlers[hndl->family], hndl);
		mutex_unlock(&sock_diag_table_mutex);

		return err;
		@@ -204,7 +204,7 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)

		mutex_lock(&sock_diag_table_mutex);
		BUG_ON(sock_diag_handlers[family] != hnld);
		sock_diag_handlers[family] = NULL;
		WRITE_ONCE(sock_diag_handlers[family], NULL);
		mutex_unlock(&sock_diag_table_mutex);
		}
		EXPORT_SYMBOL_GPL(sock_diag_unregister);
		@@ -222,7 +222,7 @@ static int __sock_diag_cmd(struct sk_buff skb, struct nlmsghdr nlh)
		return -EINVAL;
		req->sdiag_family = array_index_nospec(req->sdiag_family, AF_MAX);

		if (sock_diag_handlers[req->sdiag_family] == NULL)
		if (READ_ONCE(sock_diag_handlers[req->sdiag_family]) == NULL)
		sock_load_diag_module(req->sdiag_family, 0);

		mutex_lock(&sock_diag_table_mutex);
		@@ -281,12 +281,12 @@ static int sock_diag_bind(struct net *net, int group)
		switch (group) {
		case SKNLGRP_INET_TCP_DESTROY:
		case SKNLGRP_INET_UDP_DESTROY:
		if (!sock_diag_handlers[AF_INET])
		if (!READ_ONCE(sock_diag_handlers[AF_INET]))
		sock_load_diag_module(AF_INET, 0);
		break;
		case SKNLGRP_INET6_TCP_DESTROY:
		case SKNLGRP_INET6_UDP_DESTROY:
		if (!sock_diag_handlers[AF_INET6])
		if (!READ_ONCE(sock_diag_handlers[AF_INET6]))
		sock_load_diag_module(AF_INET6, 0);
		break;
		}