write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/net/core/sock.c
..
..
@@ -691,7 +691,8 @@
691
691
 		return false;
692
692
 	if (!sk)
693
693
 		return true;
694
-	switch (sk->sk_family) {
694
+	/* IPV6_ADDRFORM can change sk->sk_family under us. */
695
+	switch (READ_ONCE(sk->sk_family)) {
695
696
 	case AF_INET:
696
697
 		return inet_sk(sk)->mc_loop;
697
698
 #if IS_ENABLED(CONFIG_IPV6)
..
..
@@ -1184,7 +1185,8 @@
1184
1185
 			cmpxchg(&sk->sk_pacing_status,
1185
1186
 				SK_PACING_NONE,
1186
1187
 				SK_PACING_NEEDED);
1187
-		sk->sk_max_pacing_rate = ulval;
1188
+		/* Pairs with READ_ONCE() from sk_getsockopt() */
1189
+		WRITE_ONCE(sk->sk_max_pacing_rate, ulval);
1188
1190
 		sk->sk_pacing_rate = min(sk->sk_pacing_rate, ulval);
1189
1191
 		break;
1190
1192
 		}
..
..
@@ -1332,11 +1334,11 @@
1332
1334
 		break;
1333
1335
 
1334
1336
 	case SO_SNDBUF:
1335
-		v.val = sk->sk_sndbuf;
1337
+		v.val = READ_ONCE(sk->sk_sndbuf);
1336
1338
 		break;
1337
1339
 
1338
1340
 	case SO_RCVBUF:
1339
-		v.val = sk->sk_rcvbuf;
1341
+		v.val = READ_ONCE(sk->sk_rcvbuf);
1340
1342
 		break;
1341
1343
 
1342
1344
 	case SO_REUSEADDR:
..
..
@@ -1423,7 +1425,7 @@
1423
1425
 		break;
1424
1426
 
1425
1427
 	case SO_RCVLOWAT:
1426
-		v.val = sk->sk_rcvlowat;
1428
+		v.val = READ_ONCE(sk->sk_rcvlowat);
1427
1429
 		break;
1428
1430
 
1429
1431
 	case SO_SNDLOWAT:
..
..
@@ -1517,7 +1519,7 @@
1517
1519
 		if (!sock->ops->set_peek_off)
1518
1520
 			return -EOPNOTSUPP;
1519
1521
 
1520
-		v.val = sk->sk_peek_off;
1522
+		v.val = READ_ONCE(sk->sk_peek_off);
1521
1523
 		break;
1522
1524
 	case SO_NOFCS:
1523
1525
 		v.val = sock_flag(sk, SOCK_NOFCS);
..
..
@@ -1547,17 +1549,19 @@
1547
1549
 
1548
1550
 #ifdef CONFIG_NET_RX_BUSY_POLL
1549
1551
 	case SO_BUSY_POLL:
1550
-		v.val = sk->sk_ll_usec;
1552
+		v.val = READ_ONCE(sk->sk_ll_usec);
1551
1553
 		break;
1552
1554
 #endif
1553
1555
 
1554
1556
 	case SO_MAX_PACING_RATE:
1557
+		/* The READ_ONCE() pair with the WRITE_ONCE() in sk_setsockopt() */
1555
1558
 		if (sizeof(v.ulval) != sizeof(v.val) && len >= sizeof(v.ulval)) {
1556
1559
 			lv = sizeof(v.ulval);
1557
-			v.ulval = sk->sk_max_pacing_rate;
1560
+			v.ulval = READ_ONCE(sk->sk_max_pacing_rate);
1558
1561
 		} else {
1559
1562
 			/* 32bit version */
1560
-			v.val = min_t(unsigned long, sk->sk_max_pacing_rate, ~0U);
1563
+			v.val = min_t(unsigned long, ~0U,
1564
+				      READ_ONCE(sk->sk_max_pacing_rate));
1561
1565
 		}
1562
1566
 		break;
1563
1567
 
..
..
@@ -1611,6 +1615,13 @@
1611
1615
 
1612
1616
 	case SO_BINDTOIFINDEX:
1613
1617
 		v.val = sk->sk_bound_dev_if;
1618
+		break;
1619
+
1620
+	case SO_NETNS_COOKIE:
1621
+		lv = sizeof(u64);
1622
+		if (len != lv)
1623
+			return -EINVAL;
1624
+		v.val64 = atomic64_read(&sock_net(sk)->net_cookie);
1614
1625
 		break;
1615
1626
 
1616
1627
 	default:
..
..
@@ -2017,7 +2028,6 @@
2017
2028
 {
2018
2029
 	u32 max_segs = 1;
2019
2030
 
2020
-	sk_dst_set(sk, dst);
2021
2031
 	sk->sk_route_caps = dst->dev->features | sk->sk_route_forced_caps;
2022
2032
 	if (sk->sk_route_caps & NETIF_F_GSO)
2023
2033
 		sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE;
..
..
@@ -2032,6 +2042,7 @@
2032
2042
 		}
2033
2043
 	}
2034
2044
 	sk->sk_gso_max_segs = max_segs;
2045
+	sk_dst_set(sk, dst);
2035
2046
 }
2036
2047
 EXPORT_SYMBOL_GPL(sk_setup_caps);
2037
2048
 
..
..
@@ -2176,13 +2187,24 @@
2176
2187
 }
2177
2188
 EXPORT_SYMBOL(sock_i_uid);
2178
2189
 
2190
+unsigned long __sock_i_ino(struct sock *sk)
2191
+{
2192
+	unsigned long ino;
2193
+
2194
+	read_lock(&sk->sk_callback_lock);
2195
+	ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
2196
+	read_unlock(&sk->sk_callback_lock);
2197
+	return ino;
2198
+}
2199
+EXPORT_SYMBOL(__sock_i_ino);
2200
+
2179
2201
 unsigned long sock_i_ino(struct sock *sk)
2180
2202
 {
2181
2203
 	unsigned long ino;
2182
2204
 
2183
-	read_lock_bh(&sk->sk_callback_lock);
2184
-	ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
2185
-	read_unlock_bh(&sk->sk_callback_lock);
2205
+	local_bh_disable();
2206
+	ino = __sock_i_ino(sk);
2207
+	local_bh_enable();
2186
2208
 	return ino;
2187
2209
 }
2188
2210
 EXPORT_SYMBOL(sock_i_ino);
..
..
@@ -2301,9 +2323,9 @@
2301
2323
 		prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2302
2324
 		if (refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf))
2303
2325
 			break;
2304
-		if (sk->sk_shutdown & SEND_SHUTDOWN)
2326
+		if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2305
2327
 			break;
2306
-		if (sk->sk_err)
2328
+		if (READ_ONCE(sk->sk_err))
2307
2329
 			break;
2308
2330
 		timeo = schedule_timeout(timeo);
2309
2331
 	}
..
..
@@ -2331,7 +2353,7 @@
2331
2353
 			goto failure;
2332
2354
 
2333
2355
 		err = -EPIPE;
2334
-		if (sk->sk_shutdown & SEND_SHUTDOWN)
2356
+		if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2335
2357
 			goto failure;
2336
2358
 
2337
2359
 		if (sk_wmem_alloc_get(sk) < READ_ONCE(sk->sk_sndbuf))
..
..
@@ -2711,7 +2733,7 @@
2711
2733
 	if (mem_cgroup_sockets_enabled && sk->sk_memcg)
2712
2734
 		mem_cgroup_uncharge_skmem(sk->sk_memcg, amount);
2713
2735
 
2714
-	if (sk_under_memory_pressure(sk) &&
2736
+	if (sk_under_global_memory_pressure(sk) &&
2715
2737
 	    (sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)))
2716
2738
 		sk_leave_memory_pressure(sk);
2717
2739
 }
..
..
@@ -2732,7 +2754,7 @@
2732
2754
 
2733
2755
 int sk_set_peek_off(struct sock *sk, int val)
2734
2756
 {
2735
-	sk->sk_peek_off = val;
2757
+	WRITE_ONCE(sk->sk_peek_off, val);
2736
2758
 	return 0;
2737
2759
 }
2738
2760
 EXPORT_SYMBOL_GPL(sk_set_peek_off);
..
..
@@ -2979,7 +3001,7 @@
2979
3001
 }
2980
3002
 EXPORT_SYMBOL(sk_stop_timer_sync);
2981
3003
 
2982
-void sock_init_data(struct socket *sock, struct sock *sk)
3004
+void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid)
2983
3005
 {
2984
3006
 	sk_init_common(sk);
2985
3007
 	sk->sk_send_head	=	NULL;
..
..
@@ -2998,11 +3020,10 @@
2998
3020
 		sk->sk_type	=	sock->type;
2999
3021
 		RCU_INIT_POINTER(sk->sk_wq, &sock->wq);
3000
3022
 		sock->sk	=	sk;
3001
-		sk->sk_uid	=	SOCK_INODE(sock)->i_uid;
3002
3023
 	} else {
3003
3024
 		RCU_INIT_POINTER(sk->sk_wq, NULL);
3004
-		sk->sk_uid	=	make_kuid(sock_net(sk)->user_ns, 0);
3005
3025
 	}
3026
+	sk->sk_uid	=	uid;
3006
3027
 
3007
3028
 	rwlock_init(&sk->sk_callback_lock);
3008
3029
 	if (sk->sk_kern_sock)
..
..
@@ -3060,6 +3081,16 @@
3060
3081
 	refcount_set(&sk->sk_refcnt, 1);
3061
3082
 	atomic_set(&sk->sk_drops, 0);
3062
3083
 }
3084
+EXPORT_SYMBOL(sock_init_data_uid);
3085
+
3086
+void sock_init_data(struct socket *sock, struct sock *sk)
3087
+{
3088
+	kuid_t uid = sock ?
3089
+		SOCK_INODE(sock)->i_uid :
3090
+		make_kuid(sock_net(sk)->user_ns, 0);
3091
+
3092
+	sock_init_data_uid(sock, sk, uid);
3093
+}
3063
3094
 EXPORT_SYMBOL(sock_init_data);
3064
3095
 
3065
3096
 void lock_sock_nested(struct sock *sk, int subclass)