Commit e13ec3da authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

tcp: annotate lockless access to sk->sk_err

tcp_poll() reads sk->sk_err without socket lock held/owned.

We should used READ_ONCE() here, and update writers
to use WRITE_ONCE().
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 2f2d9972
...@@ -589,7 +589,8 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait) ...@@ -589,7 +589,8 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
} }
/* This barrier is coupled with smp_wmb() in tcp_reset() */ /* This barrier is coupled with smp_wmb() in tcp_reset() */
smp_rmb(); smp_rmb();
if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue)) if (READ_ONCE(sk->sk_err) ||
!skb_queue_empty_lockless(&sk->sk_error_queue))
mask |= EPOLLERR; mask |= EPOLLERR;
return mask; return mask;
...@@ -3094,7 +3095,7 @@ int tcp_disconnect(struct sock *sk, int flags) ...@@ -3094,7 +3095,7 @@ int tcp_disconnect(struct sock *sk, int flags)
if (old_state == TCP_LISTEN) { if (old_state == TCP_LISTEN) {
inet_csk_listen_stop(sk); inet_csk_listen_stop(sk);
} else if (unlikely(tp->repair)) { } else if (unlikely(tp->repair)) {
sk->sk_err = ECONNABORTED; WRITE_ONCE(sk->sk_err, ECONNABORTED);
} else if (tcp_need_reset(old_state) || } else if (tcp_need_reset(old_state) ||
(tp->snd_nxt != tp->write_seq && (tp->snd_nxt != tp->write_seq &&
(1 << old_state) & (TCPF_CLOSING | TCPF_LAST_ACK))) { (1 << old_state) & (TCPF_CLOSING | TCPF_LAST_ACK))) {
...@@ -3102,9 +3103,9 @@ int tcp_disconnect(struct sock *sk, int flags) ...@@ -3102,9 +3103,9 @@ int tcp_disconnect(struct sock *sk, int flags)
* states * states
*/ */
tcp_send_active_reset(sk, gfp_any()); tcp_send_active_reset(sk, gfp_any());
sk->sk_err = ECONNRESET; WRITE_ONCE(sk->sk_err, ECONNRESET);
} else if (old_state == TCP_SYN_SENT) } else if (old_state == TCP_SYN_SENT)
sk->sk_err = ECONNRESET; WRITE_ONCE(sk->sk_err, ECONNRESET);
tcp_clear_xmit_timers(sk); tcp_clear_xmit_timers(sk);
__skb_queue_purge(&sk->sk_receive_queue); __skb_queue_purge(&sk->sk_receive_queue);
...@@ -4692,7 +4693,7 @@ int tcp_abort(struct sock *sk, int err) ...@@ -4692,7 +4693,7 @@ int tcp_abort(struct sock *sk, int err)
bh_lock_sock(sk); bh_lock_sock(sk);
if (!sock_flag(sk, SOCK_DEAD)) { if (!sock_flag(sk, SOCK_DEAD)) {
sk->sk_err = err; WRITE_ONCE(sk->sk_err, err);
/* This barrier is coupled with smp_rmb() in tcp_poll() */ /* This barrier is coupled with smp_rmb() in tcp_poll() */
smp_wmb(); smp_wmb();
sk_error_report(sk); sk_error_report(sk);
......
...@@ -4322,15 +4322,15 @@ void tcp_reset(struct sock *sk, struct sk_buff *skb) ...@@ -4322,15 +4322,15 @@ void tcp_reset(struct sock *sk, struct sk_buff *skb)
/* We want the right error as BSD sees it (and indeed as we do). */ /* We want the right error as BSD sees it (and indeed as we do). */
switch (sk->sk_state) { switch (sk->sk_state) {
case TCP_SYN_SENT: case TCP_SYN_SENT:
sk->sk_err = ECONNREFUSED; WRITE_ONCE(sk->sk_err, ECONNREFUSED);
break; break;
case TCP_CLOSE_WAIT: case TCP_CLOSE_WAIT:
sk->sk_err = EPIPE; WRITE_ONCE(sk->sk_err, EPIPE);
break; break;
case TCP_CLOSE: case TCP_CLOSE:
return; return;
default: default:
sk->sk_err = ECONNRESET; WRITE_ONCE(sk->sk_err, ECONNRESET);
} }
/* This barrier is coupled with smp_rmb() in tcp_poll() */ /* This barrier is coupled with smp_rmb() in tcp_poll() */
smp_wmb(); smp_wmb();
......
...@@ -596,7 +596,7 @@ int tcp_v4_err(struct sk_buff *skb, u32 info) ...@@ -596,7 +596,7 @@ int tcp_v4_err(struct sk_buff *skb, u32 info)
ip_icmp_error(sk, skb, err, th->dest, info, (u8 *)th); ip_icmp_error(sk, skb, err, th->dest, info, (u8 *)th);
if (!sock_owned_by_user(sk)) { if (!sock_owned_by_user(sk)) {
sk->sk_err = err; WRITE_ONCE(sk->sk_err, err);
sk_error_report(sk); sk_error_report(sk);
...@@ -625,7 +625,7 @@ int tcp_v4_err(struct sk_buff *skb, u32 info) ...@@ -625,7 +625,7 @@ int tcp_v4_err(struct sk_buff *skb, u32 info)
inet = inet_sk(sk); inet = inet_sk(sk);
if (!sock_owned_by_user(sk) && inet->recverr) { if (!sock_owned_by_user(sk) && inet->recverr) {
sk->sk_err = err; WRITE_ONCE(sk->sk_err, err);
sk_error_report(sk); sk_error_report(sk);
} else { /* Only an error on timeout */ } else { /* Only an error on timeout */
WRITE_ONCE(sk->sk_err_soft, err); WRITE_ONCE(sk->sk_err_soft, err);
......
...@@ -3699,7 +3699,7 @@ static void tcp_connect_init(struct sock *sk) ...@@ -3699,7 +3699,7 @@ static void tcp_connect_init(struct sock *sk)
tp->rx_opt.rcv_wscale = rcv_wscale; tp->rx_opt.rcv_wscale = rcv_wscale;
tp->rcv_ssthresh = tp->rcv_wnd; tp->rcv_ssthresh = tp->rcv_wnd;
sk->sk_err = 0; WRITE_ONCE(sk->sk_err, 0);
sock_reset_flag(sk, SOCK_DONE); sock_reset_flag(sk, SOCK_DONE);
tp->snd_wnd = 0; tp->snd_wnd = 0;
tcp_init_wl(tp, 0); tcp_init_wl(tp, 0);
......
...@@ -67,7 +67,7 @@ u32 tcp_clamp_probe0_to_user_timeout(const struct sock *sk, u32 when) ...@@ -67,7 +67,7 @@ u32 tcp_clamp_probe0_to_user_timeout(const struct sock *sk, u32 when)
static void tcp_write_err(struct sock *sk) static void tcp_write_err(struct sock *sk)
{ {
sk->sk_err = READ_ONCE(sk->sk_err_soft) ? : ETIMEDOUT; WRITE_ONCE(sk->sk_err, READ_ONCE(sk->sk_err_soft) ? : ETIMEDOUT);
sk_error_report(sk); sk_error_report(sk);
tcp_write_queue_purge(sk); tcp_write_queue_purge(sk);
......
...@@ -493,7 +493,7 @@ static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, ...@@ -493,7 +493,7 @@ static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th); ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
if (!sock_owned_by_user(sk)) { if (!sock_owned_by_user(sk)) {
sk->sk_err = err; WRITE_ONCE(sk->sk_err, err);
sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
tcp_done(sk); tcp_done(sk);
...@@ -513,7 +513,7 @@ static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, ...@@ -513,7 +513,7 @@ static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
} }
if (!sock_owned_by_user(sk) && np->recverr) { if (!sock_owned_by_user(sk) && np->recverr) {
sk->sk_err = err; WRITE_ONCE(sk->sk_err, err);
sk_error_report(sk); sk_error_report(sk);
} else { } else {
WRITE_ONCE(sk->sk_err_soft, err); WRITE_ONCE(sk->sk_err_soft, err);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment