Skip to content

Commit

Permalink
tcp: Fix data-races around some timeout sysctl knobs.
Browse files Browse the repository at this point in the history 
While reading these sysctl knobs, they can be changed concurrently.
Thus, we need to add READ_ONCE() to their readers.

  - tcp_retries1
  - tcp_retries2
  - tcp_orphan_retries
  - tcp_fin_timeout

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
@q2ven @davem330
q2ven authored and davem330 committed Jul 18, 2022
1 parent 46778cd commit 39e2443
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 8 deletions.
3 changes: 2 additions & 1 deletion include/net/tcp.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1523,7 +1523,8 @@ static inline u32 keepalive_time_elapsed(const struct tcp_sock *tp)

static inline int tcp_fin_time(const struct sock *sk)
{
int fin_timeout = tcp_sk(sk)->linger2 ? : sock_net(sk)->ipv4.sysctl_tcp_fin_timeout;
int fin_timeout = tcp_sk(sk)->linger2 ? :
READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fin_timeout);
const int rto = inet_csk(sk)->icsk_rto;

if (fin_timeout < (rto << 2) - (rto >> 1))
Expand Down
2 changes: 1 addition & 1 deletion net/ipv4/tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3973,7 +3973,7 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
case TCP_LINGER2:
val = tp->linger2;
if (val >= 0)
val = (val ? : net->ipv4.sysctl_tcp_fin_timeout) / HZ;
val = (val ? : READ_ONCE(net->ipv4.sysctl_tcp_fin_timeout)) / HZ;
break;
case TCP_DEFER_ACCEPT:
val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
Expand Down
2 changes: 1 addition & 1 deletion net/ipv4/tcp_output.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4090,7 +4090,7 @@ void tcp_send_probe0(struct sock *sk)

icsk->icsk_probes_out++;
if (err <= 0) {
if (icsk->icsk_backoff < net->ipv4.sysctl_tcp_retries2)
if (icsk->icsk_backoff < READ_ONCE(net->ipv4.sysctl_tcp_retries2))
icsk->icsk_backoff++;
timeout = tcp_probe0_when(sk, TCP_RTO_MAX);
} else {
Expand Down
10 changes: 5 additions & 5 deletions net/ipv4/tcp_timer.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ static int tcp_out_of_resources(struct sock *sk, bool do_reset)
*/
static int tcp_orphan_retries(struct sock *sk, bool alive)
{
int retries = sock_net(sk)->ipv4.sysctl_tcp_orphan_retries; /* May be zero. */
int retries = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_orphan_retries); /* May be zero. */

/* We know from an ICMP that something is wrong. */
if (sk->sk_err_soft && !alive)
Expand Down Expand Up @@ -243,14 +243,14 @@ static int tcp_write_timeout(struct sock *sk)
READ_ONCE(net->ipv4.sysctl_tcp_syn_retries);
expired = icsk->icsk_retransmits >= retry_until;
} else {
if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0)) {
if (retransmits_timed_out(sk, READ_ONCE(net->ipv4.sysctl_tcp_retries1), 0)) {
/* Black hole detection */
tcp_mtu_probing(icsk, sk);

__dst_negative_advice(sk);
}

retry_until = net->ipv4.sysctl_tcp_retries2;
retry_until = READ_ONCE(net->ipv4.sysctl_tcp_retries2);
if (sock_flag(sk, SOCK_DEAD)) {
const bool alive = icsk->icsk_rto < TCP_RTO_MAX;

Expand Down Expand Up @@ -381,7 +381,7 @@ static void tcp_probe_timer(struct sock *sk)
msecs_to_jiffies(icsk->icsk_user_timeout))
goto abort;

max_probes = sock_net(sk)->ipv4.sysctl_tcp_retries2;
max_probes = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retries2);
if (sock_flag(sk, SOCK_DEAD)) {
const bool alive = inet_csk_rto_backoff(icsk, TCP_RTO_MAX) < TCP_RTO_MAX;

Expand Down Expand Up @@ -589,7 +589,7 @@ void tcp_retransmit_timer(struct sock *sk)
}
inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
tcp_clamp_rto_to_user_timeout(sk), TCP_RTO_MAX);
if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1 + 1, 0))
if (retransmits_timed_out(sk, READ_ONCE(net->ipv4.sysctl_tcp_retries1) + 1, 0))
__sk_dst_reset(sk);

out:;
Expand Down

0 comments on commit 39e2443

Please sign in to comment.