netfilter: nf_log_syslog: no longer acquire sk_callback_lock in nf_log_dump_sk_uid_gid()

After commit 983512f3a87f ("net: Drop the lock in skb_may_tx_timestamp()")
from Sebastian Andrzej Siewior, apply the same logic in nf_log_dump_sk_uid_gid()
to avoid touching sk_callback_lock.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c
index 41503847d9d7fb21824fabb1b57b45f2622b9310..0507d67cad27530dd814aabaf806fdcd3583fe01 100644 (file)
--- a/net/netfilter/nf_log_syslog.c
+++ b/net/netfilter/nf_log_syslog.c
@@ -165,18 +165,26 @@ static struct nf_logger nf_arp_logger __read_mostly = {
 static void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m,
                                   struct sock *sk)
 {
+       const struct socket *sock;
+       const struct file *file;
+
        if (!sk || !sk_fullsock(sk) || !net_eq(net, sock_net(sk)))
                return;
 
-       read_lock_bh(&sk->sk_callback_lock);
-       if (sk->sk_socket && sk->sk_socket->file) {
-               const struct cred *cred = sk->sk_socket->file->f_cred;
+       /* The sk pointer remains valid as long as the skb is. The sk_socket and
+        * file pointer may become NULL if the socket is closed. Both structures
+        * (including file->cred) are RCU freed which means they can be accessed
+        * within a RCU read section.
+        */
+       sock = READ_ONCE(sk->sk_socket);
+       file = sock ? READ_ONCE(sock->file) : NULL;
+       if (file) {
+               const struct cred *cred = file->f_cred;
 
                nf_log_buf_add(m, "UID=%u GID=%u ",
                               from_kuid_munged(&init_user_ns, cred->fsuid),
                               from_kgid_munged(&init_user_ns, cred->fsgid));
        }
-       read_unlock_bh(&sk->sk_callback_lock);
 }
 
 static noinline_for_stack int