inet_diag: annotate data-races in inet_diag_bc_sk()

inet_diag_bc_sk() runs with an unlocked socket,
annotate potential races with READ_ONCE().

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20250828102738.2065992-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 7a9c347bc66fe35fa9771649db2f205af30e2a44..3827e9979d4f9a4b33665e08ce69eb803fe4f948 100644 (file)
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -580,7 +580,7 @@ static void entry_fill_addrs(struct inet_diag_entry *entry,
                             const struct sock *sk)
 {
 #if IS_ENABLED(CONFIG_IPV6)
-       if (sk->sk_family == AF_INET6) {
+       if (entry->family == AF_INET6) {
                entry->saddr = sk->sk_v6_rcv_saddr.s6_addr32;
                entry->daddr = sk->sk_v6_daddr.s6_addr32;
        } else
@@ -593,18 +593,18 @@ static void entry_fill_addrs(struct inet_diag_entry *entry,
 
 int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
 {
-       struct inet_sock *inet = inet_sk(sk);
+       const struct inet_sock *inet = inet_sk(sk);
        struct inet_diag_entry entry;
 
        if (!bc)
                return 1;
 
-       entry.family = sk->sk_family;
+       entry.family = READ_ONCE(sk->sk_family);
        entry_fill_addrs(&entry, sk);
-       entry.sport = inet->inet_num;
-       entry.dport = ntohs(inet->inet_dport);
-       entry.ifindex = sk->sk_bound_dev_if;
-       entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0;
+       entry.sport = READ_ONCE(inet->inet_num);
+       entry.dport = ntohs(READ_ONCE(inet->inet_dport));
+       entry.ifindex = READ_ONCE(sk->sk_bound_dev_if);
+       entry.userlocks = sk_fullsock(sk) ? READ_ONCE(sk->sk_userlocks) : 0;
        if (sk_fullsock(sk))
                entry.mark = READ_ONCE(sk->sk_mark);
        else if (sk->sk_state == TCP_NEW_SYN_RECV)