static void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m,
struct sock *sk)
{
+ const struct socket *sock;
+ const struct file *file;
+
if (!sk || !sk_fullsock(sk) || !net_eq(net, sock_net(sk)))
return;
- read_lock_bh(&sk->sk_callback_lock);
- if (sk->sk_socket && sk->sk_socket->file) {
- const struct cred *cred = sk->sk_socket->file->f_cred;
+ /* The sk pointer remains valid as long as the skb is. The sk_socket and
+ * file pointer may become NULL if the socket is closed. Both structures
+ * (including file->cred) are RCU freed which means they can be accessed
+ * within a RCU read section.
+ */
+ sock = READ_ONCE(sk->sk_socket);
+ file = sock ? READ_ONCE(sock->file) : NULL;
+ if (file) {
+ const struct cred *cred = file->f_cred;
nf_log_buf_add(m, "UID=%u GID=%u ",
from_kuid_munged(&init_user_ns, cred->fsuid),
from_kgid_munged(&init_user_ns, cred->fsgid));
}
- read_unlock_bh(&sk->sk_callback_lock);
}
static noinline_for_stack int