tcp: annotate data-races around icsk->icsk_pending

icsk->icsk_pending can be read locklessly already.

Following patch in the series will add another lockless read.

Add smp_load_acquire() and smp_store_release() annotations
because following patch will add a test in tcp_write_timer(),
and READ_ONCE()/WRITE_ONCE() alone would possibly lead to races.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241002173042.917928-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
index c0deaafebfdc0bc5b7f9e1b2a881f797a1a82ace..914d1977270449241f6fc6da2055f3af02a75f99 100644 (file)
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -197,7 +197,7 @@ static inline void inet_csk_clear_xmit_timer(struct sock *sk, const int what)
        struct inet_connection_sock *icsk = inet_csk(sk);
 
        if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0) {
-               icsk->icsk_pending = 0;
+               smp_store_release(&icsk->icsk_pending, 0);
 #ifdef INET_CSK_CLEAR_TIMERS
                sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
 #endif
@@ -229,7 +229,7 @@ static inline void inet_csk_reset_xmit_timer(struct sock *sk, const int what,
 
        if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0 ||
            what == ICSK_TIME_LOSS_PROBE || what == ICSK_TIME_REO_TIMEOUT) {
-               icsk->icsk_pending = what;
+               smp_store_release(&icsk->icsk_pending, what);
                icsk->icsk_timeout = jiffies + when;
                sk_reset_timer(sk, &icsk->icsk_retransmit_timer, icsk->icsk_timeout);
        } else if (what == ICSK_TIME_DACK) {

diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 2c5632d4fddbe8ad96f6c35b9ed770d09126eb5d..8c53385cc808c61097898514fd91a322e3a08d31 100644 (file)
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -775,7 +775,8 @@ void inet_csk_clear_xmit_timers(struct sock *sk)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
 
-       icsk->icsk_pending = icsk->icsk_ack.pending = 0;
+       smp_store_release(&icsk->icsk_pending, 0);
+       icsk->icsk_ack.pending = 0;
 
        sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
        sk_stop_timer(sk, &icsk->icsk_delack_timer);
@@ -790,7 +791,8 @@ void inet_csk_clear_xmit_timers_sync(struct sock *sk)
        /* ongoing timer handlers need to acquire socket lock. */
        sock_not_owned_by_me(sk);
 
-       icsk->icsk_pending = icsk->icsk_ack.pending = 0;
+       smp_store_release(&icsk->icsk_pending, 0);
+       icsk->icsk_ack.pending = 0;
 
        sk_stop_timer_sync(sk, &icsk->icsk_retransmit_timer);
        sk_stop_timer_sync(sk, &icsk->icsk_delack_timer);

diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 67639309163d05c034fad80fc9a6096c3b79d42f..321acc8abf17e8c7d6a4e3326615123fff19deab 100644 (file)
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -247,6 +247,7 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
        struct nlmsghdr  *nlh;
        struct nlattr *attr;
        void *info = NULL;
+       u8 icsk_pending;
        int protocol;
 
        cb_data = cb->data;
@@ -307,14 +308,15 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
                goto out;
        }
 
-       if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
-           icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
-           icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
+       icsk_pending = smp_load_acquire(&icsk->icsk_pending);
+       if (icsk_pending == ICSK_TIME_RETRANS ||
+           icsk_pending == ICSK_TIME_REO_TIMEOUT ||
+           icsk_pending == ICSK_TIME_LOSS_PROBE) {
                r->idiag_timer = 1;
                r->idiag_retrans = icsk->icsk_retransmits;
                r->idiag_expires =
                        jiffies_delta_to_msecs(icsk->icsk_timeout - jiffies);
-       } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
+       } else if (icsk_pending == ICSK_TIME_PROBE0) {
                r->idiag_timer = 4;
                r->idiag_retrans = icsk->icsk_probes_out;
                r->idiag_expires =

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5afe5e57c89b5c28dfada2bf2e01fa7b3afa61f0..985028434f644c399e51d12ba8d9c2c5740dc6e1 100644 (file)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2900,15 +2900,17 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i)
        __be32 src = inet->inet_rcv_saddr;
        __u16 destp = ntohs(inet->inet_dport);
        __u16 srcp = ntohs(inet->inet_sport);
+       u8 icsk_pending;
        int rx_queue;
        int state;
 
-       if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
-           icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
-           icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
+       icsk_pending = smp_load_acquire(&icsk->icsk_pending);
+       if (icsk_pending == ICSK_TIME_RETRANS ||
+           icsk_pending == ICSK_TIME_REO_TIMEOUT ||
+           icsk_pending == ICSK_TIME_LOSS_PROBE) {
                timer_active    = 1;
                timer_expires   = icsk->icsk_timeout;
-       } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
+       } else if (icsk_pending == ICSK_TIME_PROBE0) {
                timer_active    = 4;
                timer_expires   = icsk->icsk_timeout;
        } else if (timer_pending(&sk->sk_timer)) {

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 4fd746bd4d54f621601b20c3821e71370a4a615a..4d04073016035dcf62ba5e0ad23aac86e54e65c7 100644 (file)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2960,7 +2960,7 @@ void tcp_send_loss_probe(struct sock *sk)
                WARN_ONCE(tp->packets_out,
                          "invalid inflight: %u state %u cwnd %u mss %d\n",
                          tp->packets_out, sk->sk_state, tcp_snd_cwnd(tp), mss);
-               inet_csk(sk)->icsk_pending = 0;
+               smp_store_release(&inet_csk(sk)->icsk_pending, 0);
                return;
        }
 
@@ -2993,7 +2993,7 @@ probe_sent:
 
        NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSSPROBES);
        /* Reset s.t. tcp_rearm_rto will restart timer from now */
-       inet_csk(sk)->icsk_pending = 0;
+       smp_store_release(&inet_csk(sk)->icsk_pending, 0);
 rearm_timer:
        tcp_rearm_rto(sk);
 }

diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 79064580c8c0d55daa2ab4dc6d27a5ab8802e599..56c597e763ac7a8cebeba324f84e57b1eeeae977 100644 (file)
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -701,11 +701,11 @@ void tcp_write_timer_handler(struct sock *sk)
                tcp_send_loss_probe(sk);
                break;
        case ICSK_TIME_RETRANS:
-               icsk->icsk_pending = 0;
+               smp_store_release(&icsk->icsk_pending, 0);
                tcp_retransmit_timer(sk);
                break;
        case ICSK_TIME_PROBE0:
-               icsk->icsk_pending = 0;
+               smp_store_release(&icsk->icsk_pending, 0);
                tcp_probe_timer(sk);
                break;
        }

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index d71ab4e1efe1c6598cf3d3e4334adf0881064ce9..7634c0be6acbdb67bb378cc81bdbf184552d2afc 100644 (file)
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -2177,6 +2177,7 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
        const struct tcp_sock *tp = tcp_sk(sp);
        const struct inet_connection_sock *icsk = inet_csk(sp);
        const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
+       u8 icsk_pending;
        int rx_queue;
        int state;
 
@@ -2185,12 +2186,13 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
        destp = ntohs(inet->inet_dport);
        srcp  = ntohs(inet->inet_sport);
 
-       if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
-           icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
-           icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
+       icsk_pending = smp_load_acquire(&icsk->icsk_pending);
+       if (icsk_pending == ICSK_TIME_RETRANS ||
+           icsk_pending == ICSK_TIME_REO_TIMEOUT ||
+           icsk_pending == ICSK_TIME_LOSS_PROBE) {
                timer_active    = 1;
                timer_expires   = icsk->icsk_timeout;
-       } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
+       } else if (icsk_pending == ICSK_TIME_PROBE0) {
                timer_active    = 4;
                timer_expires   = icsk->icsk_timeout;
        } else if (timer_pending(&sp->sk_timer)) {