From: Kuniyuki Iwashima <kuniyu@amazon.com>
Date: Tue, 4 Jun 2024 16:52:32 +0000 (-0700)
Subject: af_unix: Annotate data-race of sk->sk_state in unix_accept().
X-Git-Tag: v6.10-rc3~27^2~3^2~9
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=1b536948e805aab61a48c5aa5db10c9afee880bd;p=linux.git

af_unix: Annotate data-race of sk->sk_state in unix_accept().

Once sk->sk_state is changed to TCP_LISTEN, it never changes.

unix_accept() takes the advantage and reads sk->sk_state without
holding unix_state_lock().

Let's use READ_ONCE() there.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 84552826530d..4763c26ae480 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1710,7 +1710,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock,
 		goto out;
 
 	arg->err = -EINVAL;
-	if (sk->sk_state != TCP_LISTEN)
+	if (READ_ONCE(sk->sk_state) != TCP_LISTEN)
 		goto out;
 
 	/* If socket state is TCP_LISTEN it cannot change (for now...),