tcp: Fix data-races around some timeout sysctl knobs.

author Kuniyuki Iwashima <kuniyu@amazon.com>

Fri, 15 Jul 2022 17:17:50 +0000 (10:17 -0700)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 29 Jul 2022 15:10:33 +0000 (17:10 +0200)
author Kuniyuki Iwashima <kuniyu@amazon.com>
Fri, 15 Jul 2022 17:17:50 +0000 (10:17 -0700)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 29 Jul 2022 15:10:33 +0000 (17:10 +0200)
diff --git a/include/net/tcp.h b/include/net/tcp.h

index 5c5807ed66eef3bd6464b2e4da0a1433bfc00856..f92b93cf074c3a921685242a30d1fada391a827a 100644 (file)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1430,7 +1430,8 @@ static inline u32 keepalive_time_elapsed(const struct tcp_sock *tp)
  
  static inline int tcp_fin_time(const struct sock *sk)
  {
-       int fin_timeout = tcp_sk(sk)->linger2 ? : sock_net(sk)->ipv4.sysctl_tcp_fin_timeout;
+       int fin_timeout = tcp_sk(sk)->linger2 ? :
+               READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fin_timeout);
         const int rto = inet_csk(sk)->icsk_rto;
  
         if (fin_timeout < (rto << 2) - (rto >> 1))
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c

index b1b121d5076ca15a6ab1172a7e9d36fc3256d864..0f89d0f2c21f6e46b08e8a9aed9ff557207c4f94 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3386,7 +3386,7 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
         case TCP_LINGER2:
                 val = tp->linger2;
                 if (val >= 0)
-                       val = (val ? : net->ipv4.sysctl_tcp_fin_timeout) / HZ;
+                       val = (val ? : READ_ONCE(net->ipv4.sysctl_tcp_fin_timeout)) / HZ;
                 break;
         case TCP_DEFER_ACCEPT:
                 val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c

index 33f9a486661c743b42ab37591d78d5fed96f56c6..3d5ea169e905759789a3ebc58567eb82a5b52bc3 100644 (file)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3776,7 +3776,7 @@ void tcp_send_probe0(struct sock *sk)
         }
  
         if (err <= 0) {
-               if (icsk->icsk_backoff < net->ipv4.sysctl_tcp_retries2)
+               if (icsk->icsk_backoff < READ_ONCE(net->ipv4.sysctl_tcp_retries2))
                         icsk->icsk_backoff++;
                 icsk->icsk_probes_out++;
                 probe_max = TCP_RTO_MAX;
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c

index 5d761333ffc408eb55d24b70974b4de6ca35b488..e905fff09fea285912331eab687011feb1fc30a9 100644 (file)
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -124,7 +124,7 @@ static int tcp_out_of_resources(struct sock *sk, bool do_reset)
   */
  static int tcp_orphan_retries(struct sock *sk, bool alive)
  {
-       int retries = sock_net(sk)->ipv4.sysctl_tcp_orphan_retries; /* May be zero. */
+       int retries = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_orphan_retries); /* May be zero. */
  
         /* We know from an ICMP that something is wrong. */
         if (sk->sk_err_soft && !alive)
@@ -226,7 +226,7 @@ static int tcp_write_timeout(struct sock *sk)
                 retry_until = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;
                 expired = icsk->icsk_retransmits >= retry_until;
         } else {
-               if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0)) {
+               if (retransmits_timed_out(sk, READ_ONCE(net->ipv4.sysctl_tcp_retries1), 0)) {
                         /* Black hole detection */
                         tcp_mtu_probing(icsk, sk);
  
@@ -235,7 +235,7 @@ static int tcp_write_timeout(struct sock *sk)
                         sk_rethink_txhash(sk);
                 }
  
-               retry_until = net->ipv4.sysctl_tcp_retries2;
+               retry_until = READ_ONCE(net->ipv4.sysctl_tcp_retries2);
                 if (sock_flag(sk, SOCK_DEAD)) {
                         const bool alive = icsk->icsk_rto < TCP_RTO_MAX;
  
@@ -362,7 +362,7 @@ static void tcp_probe_timer(struct sock *sk)
                  (s32)(tcp_time_stamp(tp) - start_ts) > icsk->icsk_user_timeout)
                 goto abort;
  
-       max_probes = sock_net(sk)->ipv4.sysctl_tcp_retries2;
+       max_probes = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retries2);
         if (sock_flag(sk, SOCK_DEAD)) {
                 const bool alive = inet_csk_rto_backoff(icsk, TCP_RTO_MAX) < TCP_RTO_MAX;
  
@@ -556,7 +556,7 @@ out_reset_timer:
         }
         inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
                                   tcp_clamp_rto_to_user_timeout(sk), TCP_RTO_MAX);
-       if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1 + 1, 0))
+       if (retransmits_timed_out(sk, READ_ONCE(net->ipv4.sysctl_tcp_retries1) + 1, 0))
                 __sk_dst_reset(sk);
  
  out:;
author	Kuniyuki Iwashima <kuniyu@amazon.com>
	Fri, 15 Jul 2022 17:17:50 +0000 (10:17 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 29 Jul 2022 15:10:33 +0000 (17:10 +0200)
include/net/tcp.h		patch \| blob \| blame \| history
net/ipv4/tcp.c		patch \| blob \| blame \| history
net/ipv4/tcp_output.c		patch \| blob \| blame \| history
net/ipv4/tcp_timer.c		patch \| blob \| blame \| history