From 9eb430d40e449640122b0b33ace1f33e793ecc5f Mon Sep 17 00:00:00 2001 From: Jason Xing Date: Fri, 8 Mar 2024 19:25:03 +0800 Subject: [PATCH 1/2] mptcp: annotate a data-race around sysctl_tcp_wmem[0] It's possible that writer and the reader can manipulate the same sysctl knob concurrently. Using READ_ONCE() to prevent reading an old value. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: Mat Martineau Signed-off-by: David S. Miller --- net/mptcp/protocol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index f16edef6026a..a10ebf3ee10a 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -850,7 +850,7 @@ static inline void __mptcp_sync_sndbuf(struct sock *sk) if (sk->sk_userlocks & SOCK_SNDBUF_LOCK) return; - new_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[0]; + new_sndbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[0]); mptcp_for_each_subflow(mptcp_sk(sk), subflow) { ssk_sndbuf = READ_ONCE(mptcp_subflow_tcp_sock(subflow)->sk_sndbuf); From 683a67da95616c91a85b98e41dc8eefe9f2b29e7 Mon Sep 17 00:00:00 2001 From: Jason Xing Date: Fri, 8 Mar 2024 19:25:04 +0800 Subject: [PATCH 2/2] tcp: annotate a data-race around sysctl_tcp_wmem[0] When reading wmem[0], it could be changed concurrently without READ_ONCE() protection. So add one annotation here. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller --- net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index b091149742b1..d20b62d52171 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -975,7 +975,7 @@ int tcp_wmem_schedule(struct sock *sk, int copy) * Use whatever is left in sk->sk_forward_alloc and tcp_wmem[0] * to guarantee some progress. */ - left = sock_net(sk)->ipv4.sysctl_tcp_wmem[0] - sk->sk_wmem_queued; + left = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[0]) - sk->sk_wmem_queued; if (left > 0) sk_forced_mem_schedule(sk, min(left, copy)); return min(copy, sk->sk_forward_alloc);