From: Kuniyuki Iwashima <kuniyu@amazon.com>
Date: Sat, 2 Sep 2023 00:27:08 +0000 (-0700)
Subject: af_unix: Fix data race around sk->sk_err.
X-Git-Tag: v4.14.326~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f0723b371bf65b10b56b01c7d1f53fe5805581a;p=thirdparty%2Fkernel%2Fstable.git

af_unix: Fix data race around sk->sk_err.

[ Upstream commit b192812905e4b134f7b7994b079eb647e9d2d37e ]

As with sk->sk_shutdown shown in the previous patch, sk->sk_err can be
read locklessly by unix_dgram_sendmsg().

Let's use READ_ONCE() for sk_err as well.

Note that the writer side is marked by commit cc04410af7de ("af_unix:
annotate lockless accesses to sk->sk_err").

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/core/sock.c b/net/core/sock.c
index 846d4cec79903..5b9f51a27dc0d 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2067,7 +2067,7 @@ static long sock_wait_for_wmem(struct sock *sk, long timeo)
 			break;
 		if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
 			break;
-		if (sk->sk_err)
+		if (READ_ONCE(sk->sk_err))
 			break;
 		timeo = schedule_timeout(timeo);
 	}