Merge branch 'net-tls-Annotate-lockless-access-to-sk_prot'
Jakub Sitnicki says: ==================== net/tls: Annotate lockless access to sk_prot We have recently noticed that there is a case of lockless read/write to sk->sk_prot [0]. sockmap code on psock tear-down writes to sk->sk_prot, while holding sk_callback_lock. Concurrently, tcp can access it. Usually to read out the sk_prot pointer and invoke one of the ops, sk->sk_prot->handler(). The lockless write (lockless in regard to concurrent reads) happens on the following paths: tcp_bpf_{recvmsg|sendmsg} / sock_map_unref sk_psock_put sk_psock_drop sk_psock_restore_proto WRITE_ONCE(sk->sk_prot, proto) To prevent load/store tearing [1], and to make tooling aware of intentional shared access [2], we need to annotate sites that access sk_prot with READ_ONCE/WRITE_ONCE. This series kicks off the effort to do it. Starting with net/tls. [0] https://lore.kernel.org/bpf/a6bf279e-a998-84ab-4371-cd6c1ccbca5d@gmail.com/ [1] https://lwn.net/Articles/793253/ [2] https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Please register or sign in to comment