Commit 9b55c20f authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by David S. Miller
Browse files

ip: Fix data-races around sysctl_ip_prot_sock. 



sysctl_ip_prot_sock is accessed concurrently, and there is always a chance
of data-race.  So, all readers and writers need some basic protection to
avoid load/store-tearing.

Fixes: 4548b683 ("Introduce a sysctl that modifies the value of PROT_SOCK.")
Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8895a9c2

include/net/ip.h

+1 −1
Original line number Diff line number Diff line
@@ -357,7 +357,7 @@ static inline bool sysctl_dev_name_is_allowed(const char *name) 


static inline bool inet_port_requires_bind_service(struct net *net, unsigned short port)

{

	return port < net->ipv4.sysctl_ip_prot_sock;

	return port < READ_ONCE(net->ipv4.sysctl_ip_prot_sock);

}



#else

net/ipv4/sysctl_net_ipv4.c

+3 −3
Original line number Diff line number Diff line
@@ -84,7 +84,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, 
		 * port limit.

		 */

		if ((range[1] < range[0]) ||

		    (range[0] < net->ipv4.sysctl_ip_prot_sock))

		    (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock)))

			ret = -EINVAL;

		else

			set_local_port_range(net, range);
@@ -110,7 +110,7 @@ static int ipv4_privileged_ports(struct ctl_table *table, int write, 
		.extra2 = &ip_privileged_port_max,

	};



	pports = net->ipv4.sysctl_ip_prot_sock;

	pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock);



	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
@@ -122,7 +122,7 @@ static int ipv4_privileged_ports(struct ctl_table *table, int write, 
		if (range[0] < pports)

			ret = -EINVAL;

		else

			net->ipv4.sysctl_ip_prot_sock = pports;

			WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports);

	}



	return ret;