Commit 1328f39a authored Jun 23, 2024 by linke li Committed by Zhengchao Shao Jun 23, 2024

net: mark racy access on sk->sk_rcvbuf

stable inclusion
from stable-v4.19.314
commit 9e7538cb8131946817218f793ceb334c63cfcdb8
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IA7IEQ

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9e7538cb8131946817218f793ceb334c63cfcdb8



--------------------------------

[ Upstream commit c2deb2e971f5d9aca941ef13ee05566979e337a4 ]

sk->sk_rcvbuf in __sock_queue_rcv_skb() and __sk_receive_skb() can be
changed by other threads. Mark this as benign using READ_ONCE().

This patch is aimed at reducing the number of benign races reported by
KCSAN in order to focus future debugging effort on harmful races.

Signed-off-by: linke li <lilinke99@qq.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>

parent 919baa6b

net/core/sock.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -404,7 +404,7 @@ int __sock_queue_rcv_skb(struct sock sk, struct sk_buff skb)
		unsigned long flags;
		struct sk_buff_head *list = &sk->sk_receive_queue;

		if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
		if (atomic_read(&sk->sk_rmem_alloc) >= READ_ONCE(sk->sk_rcvbuf)) {
		atomic_inc(&sk->sk_drops);
		trace_sock_rcvqueue_full(sk, skb);
		return -ENOMEM;
		@@ -456,7 +456,7 @@ int __sk_receive_skb(struct sock sk, struct sk_buff skb,

		skb->dev = NULL;

		if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
		if (sk_rcvqueues_full(sk, READ_ONCE(sk->sk_rcvbuf))) {
		atomic_inc(&sk->sk_drops);
		goto discard_and_relse;
		}