net: annotate sk->sk_err write from do_recvmmsg()

do_recvmmsg() can write to sk->sk_err from multiple threads.

As said before, many other points reading or writing sk_err
need annotations.

Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/socket.c b/net/socket.c
index a7b4b37d86df7a9232d582a14863c05b5fd34b68..b7e01d0fe0824d1f277c1fe70f68f09a10319832 100644 (file)
--- a/net/socket.c
+++ b/net/socket.c
@@ -2911,7 +2911,7 @@ static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
                 * error to return on the next call or if the
                 * app asks about it using getsockopt(SO_ERROR).
                 */
-               sock->sk->sk_err = -err;
+               WRITE_ONCE(sock->sk->sk_err, -err);
        }
 out_put:
        fput_light(sock->file, fput_needed);