af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().

[ Upstream commit a9bf9c7dc6a5899c01cb8f6e773a66315a5cd4b7 ]

As small optimisation, unix_stream_connect() prefetches the client's
sk->sk_state without unix_state_lock() and checks if it's TCP_CLOSE.

Later, sk->sk_state is checked again under unix_state_lock().

Let's use READ_ONCE() for the first check and TCP_CLOSE directly for
the second check.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index a3eb241eb064ee5b74b4f6217d0e304dcd78403e..f95aba56425fa8b28363a4e9a6d88afe41ade6b0 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1481,7 +1481,6 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
        struct sk_buff *skb = NULL;
        long timeo;
        int err;
-       int st;
 
        err = unix_validate_addr(sunaddr, addr_len);
        if (err)
@@ -1571,9 +1570,7 @@ restart:
 
           Well, and we have to recheck the state after socket locked.
         */
-       st = sk->sk_state;
-
-       switch (st) {
+       switch (READ_ONCE(sk->sk_state)) {
        case TCP_CLOSE:
                /* This is ok... continue with connect */
                break;
@@ -1588,7 +1585,7 @@ restart:
 
        unix_state_lock_nested(sk, U_LOCK_SECOND);
 
-       if (sk->sk_state != st) {
+       if (sk->sk_state != TCP_CLOSE) {
                unix_state_unlock(sk);
                unix_state_unlock(other);
                sock_put(other);