Commit 20a3b1c0 authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by David S. Miller
Browse files

tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. 



While reading sysctl_tcp_syn(ack)?_retries, they can be changed
concurrently.  Thus, we need to add READ_ONCE() to their readers.

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f2f316e2

net/ipv4/inet_connection_sock.c

+2 −1
Original line number Diff line number Diff line
@@ -833,7 +833,8 @@ static void reqsk_timer_handler(struct timer_list *t) 


	icsk = inet_csk(sk_listener);

	net = sock_net(sk_listener);

	max_syn_ack_retries = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_synack_retries;

	max_syn_ack_retries = icsk->icsk_syn_retries ? :

		READ_ONCE(net->ipv4.sysctl_tcp_synack_retries);

	/* Normally all the openreqs are young and become mature

	 * (i.e. converted to established socket) for first timeout.

	 * If synack was not acknowledged for 1 second, it means

net/ipv4/tcp.c

+2 −1
Original line number Diff line number Diff line
@@ -3967,7 +3967,8 @@ static int do_tcp_getsockopt(struct sock *sk, int level, 
		val = keepalive_probes(tp);

		break;

	case TCP_SYNCNT:

		val = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;

		val = icsk->icsk_syn_retries ? :

			READ_ONCE(net->ipv4.sysctl_tcp_syn_retries);

		break;

	case TCP_LINGER2:

		val = tp->linger2;

net/ipv4/tcp_timer.c

+7 −3
Original line number Diff line number Diff line
@@ -239,7 +239,8 @@ static int tcp_write_timeout(struct sock *sk) 
	if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {

		if (icsk->icsk_retransmits)

			__dst_negative_advice(sk);

		retry_until = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;

		retry_until = icsk->icsk_syn_retries ? :

			READ_ONCE(net->ipv4.sysctl_tcp_syn_retries);

		expired = icsk->icsk_retransmits >= retry_until;

	} else {

		if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0)) {
@@ -406,12 +407,15 @@ abort: tcp_write_err(sk); 
static void tcp_fastopen_synack_timer(struct sock *sk, struct request_sock *req)

{

	struct inet_connection_sock *icsk = inet_csk(sk);

	int max_retries = icsk->icsk_syn_retries ? :

	    sock_net(sk)->ipv4.sysctl_tcp_synack_retries + 1; /* add one more retry for fastopen */

	struct tcp_sock *tp = tcp_sk(sk);

	int max_retries;



	req->rsk_ops->syn_ack_timeout(req);



	/* add one more retry for fastopen */

	max_retries = icsk->icsk_syn_retries ? :

		READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_synack_retries) + 1;



	if (req->num_timeout >= max_retries) {

		tcp_write_err(sk);

		return;