diff options
| author | Eric Dumazet <[email protected]> | 2023-08-03 16:30:21 +0000 |
|---|---|---|
| committer | Jakub Kicinski <[email protected]> | 2023-08-05 01:27:58 +0000 |
| commit | a47e598fbd8617967e49d85c49c22f9fc642704c (patch) | |
| tree | 7d9d662e64eb37268b7197729e3cafac5d59bf81 /net/dccp/output.c | |
| parent | Merge branch 'mptcp-more-fixes-for-v6-5' (diff) | |
| download | kernel-a47e598fbd8617967e49d85c49c22f9fc642704c.tar.gz kernel-a47e598fbd8617967e49d85c49c22f9fc642704c.zip | |
dccp: fix data-race around dp->dccps_mss_cache
dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket.
Same thing in do_dccp_getsockopt().
Add READ_ONCE()/WRITE_ONCE() annotations,
and change dccp_sendmsg() to check again dccps_mss_cache
after socket is locked.
Fixes: 7c657876b63c ("[DCCP]: Initial implementation")
Reported-by: syzbot <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Diffstat (limited to 'net/dccp/output.c')
| -rw-r--r-- | net/dccp/output.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/dccp/output.c b/net/dccp/output.c index b8a24734385e..fd2eb148d24d 100644 --- a/net/dccp/output.c +++ b/net/dccp/output.c @@ -187,7 +187,7 @@ unsigned int dccp_sync_mss(struct sock *sk, u32 pmtu) /* And store cached results */ icsk->icsk_pmtu_cookie = pmtu; - dp->dccps_mss_cache = cur_mps; + WRITE_ONCE(dp->dccps_mss_cache, cur_mps); return cur_mps; } |