This is a note to let you know that I've just added the patch titled
af_unix: Annotate data-race of sk->sk_state in unix_accept().
to the 6.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
af_unix-annotate-data-race-of-sk-sk_state-in-unix_ac.patch
and it can be found in the queue-6.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit f44da56f66cf382f9e3ddca5dfa5d585163a927d
Author: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Date: Tue Jun 4 09:52:32 2024 -0700
af_unix: Annotate data-race of sk->sk_state in unix_accept().
[ Upstream commit 1b536948e805aab61a48c5aa5db10c9afee880bd ]
Once sk->sk_state is changed to TCP_LISTEN, it never changes.
unix_accept() takes the advantage and reads sk->sk_state without
holding unix_state_lock().
Let's use READ_ONCE() there.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 417cf4adb4e04..23f9efa8c008b 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1706,7 +1706,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock,
goto out;
arg->err = -EINVAL;
- if (sk->sk_state != TCP_LISTEN)
+ if (READ_ONCE(sk->sk_state) != TCP_LISTEN)
goto out;
/* If socket state is TCP_LISTEN it cannot change (for now...),
