Merge branch 'net-ipv4-sysctl-races-part-3'
Kuniyuki Iwashima says: ==================== sysctl: Fix data-races around ipv4_net_table (Round 3). This series fixes data-races around 21 knobs after igmp_link_local_mcast_reports in ipv4_net_table. These 4 knobs are skipped because they are safe. - tcp_congestion_control: Safe with RCU and xchg(). - tcp_available_congestion_control: Read only. - tcp_allowed_congestion_control: Safe with RCU and spinlock(). - tcp_fastopen_key: Safe with RCU and xchg() So, round 4 will start with fib_multipath_use_neigh. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
c9f21106d9
@ -563,7 +563,7 @@ static struct sk_buff *amt_build_igmp_gq(struct amt_dev *amt)
|
||||
ihv3->nsrcs = 0;
|
||||
ihv3->resv = 0;
|
||||
ihv3->suppress = false;
|
||||
ihv3->qrv = amt->net->ipv4.sysctl_igmp_qrv;
|
||||
ihv3->qrv = READ_ONCE(amt->net->ipv4.sysctl_igmp_qrv);
|
||||
ihv3->csum = 0;
|
||||
csum = &ihv3->csum;
|
||||
csum_start = (void *)ihv3;
|
||||
@ -3095,7 +3095,7 @@ static int amt_newlink(struct net *net, struct net_device *dev,
|
||||
goto err;
|
||||
}
|
||||
if (amt->mode == AMT_MODE_RELAY) {
|
||||
amt->qrv = amt->net->ipv4.sysctl_igmp_qrv;
|
||||
amt->qrv = READ_ONCE(amt->net->ipv4.sysctl_igmp_qrv);
|
||||
amt->qri = 10;
|
||||
dev->needed_headroom = amt->stream_dev->needed_headroom +
|
||||
AMT_RELAY_HLEN;
|
||||
|
||||
@ -1493,21 +1493,24 @@ static inline int keepalive_intvl_when(const struct tcp_sock *tp)
|
||||
{
|
||||
struct net *net = sock_net((struct sock *)tp);
|
||||
|
||||
return tp->keepalive_intvl ? : net->ipv4.sysctl_tcp_keepalive_intvl;
|
||||
return tp->keepalive_intvl ? :
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_keepalive_intvl);
|
||||
}
|
||||
|
||||
static inline int keepalive_time_when(const struct tcp_sock *tp)
|
||||
{
|
||||
struct net *net = sock_net((struct sock *)tp);
|
||||
|
||||
return tp->keepalive_time ? : net->ipv4.sysctl_tcp_keepalive_time;
|
||||
return tp->keepalive_time ? :
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_keepalive_time);
|
||||
}
|
||||
|
||||
static inline int keepalive_probes(const struct tcp_sock *tp)
|
||||
{
|
||||
struct net *net = sock_net((struct sock *)tp);
|
||||
|
||||
return tp->keepalive_probes ? : net->ipv4.sysctl_tcp_keepalive_probes;
|
||||
return tp->keepalive_probes ? :
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_keepalive_probes);
|
||||
}
|
||||
|
||||
static inline u32 keepalive_time_elapsed(const struct tcp_sock *tp)
|
||||
@ -1520,7 +1523,8 @@ static inline u32 keepalive_time_elapsed(const struct tcp_sock *tp)
|
||||
|
||||
static inline int tcp_fin_time(const struct sock *sk)
|
||||
{
|
||||
int fin_timeout = tcp_sk(sk)->linger2 ? : sock_net(sk)->ipv4.sysctl_tcp_fin_timeout;
|
||||
int fin_timeout = tcp_sk(sk)->linger2 ? :
|
||||
READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fin_timeout);
|
||||
const int rto = inet_csk(sk)->icsk_rto;
|
||||
|
||||
if (fin_timeout < (rto << 2) - (rto >> 1))
|
||||
@ -2023,7 +2027,7 @@ void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr);
|
||||
static inline u32 tcp_notsent_lowat(const struct tcp_sock *tp)
|
||||
{
|
||||
struct net *net = sock_net((struct sock *)tp);
|
||||
return tp->notsent_lowat ?: net->ipv4.sysctl_tcp_notsent_lowat;
|
||||
return tp->notsent_lowat ?: READ_ONCE(net->ipv4.sysctl_tcp_notsent_lowat);
|
||||
}
|
||||
|
||||
bool tcp_stream_memory_free(const struct sock *sk, int wake);
|
||||
|
||||
@ -7041,7 +7041,7 @@ BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len
|
||||
if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN)
|
||||
return -EINVAL;
|
||||
|
||||
if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies)
|
||||
if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies))
|
||||
return -EINVAL;
|
||||
|
||||
if (!th->ack || th->rst || th->syn)
|
||||
@ -7116,7 +7116,7 @@ BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len,
|
||||
if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN)
|
||||
return -EINVAL;
|
||||
|
||||
if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies)
|
||||
if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies))
|
||||
return -ENOENT;
|
||||
|
||||
if (!th->syn || th->ack || th->fin || th->rst)
|
||||
|
||||
@ -387,7 +387,7 @@ void reuseport_stop_listen_sock(struct sock *sk)
|
||||
prog = rcu_dereference_protected(reuse->prog,
|
||||
lockdep_is_held(&reuseport_lock));
|
||||
|
||||
if (sock_net(sk)->ipv4.sysctl_tcp_migrate_req ||
|
||||
if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_migrate_req) ||
|
||||
(prog && prog->expected_attach_type == BPF_SK_REUSEPORT_SELECT_OR_MIGRATE)) {
|
||||
/* Migration capable, move sk from the listening section
|
||||
* to the closed section.
|
||||
@ -545,7 +545,7 @@ struct sock *reuseport_migrate_sock(struct sock *sk,
|
||||
hash = migrating_sk->sk_hash;
|
||||
prog = rcu_dereference(reuse->prog);
|
||||
if (!prog || prog->expected_attach_type != BPF_SK_REUSEPORT_SELECT_OR_MIGRATE) {
|
||||
if (sock_net(sk)->ipv4.sysctl_tcp_migrate_req)
|
||||
if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_migrate_req))
|
||||
goto select_by_hash;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
@ -217,7 +217,7 @@ int inet_listen(struct socket *sock, int backlog)
|
||||
* because the socket was in TCP_LISTEN state previously but
|
||||
* was shutdown() rather than close().
|
||||
*/
|
||||
tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
|
||||
tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
|
||||
if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
|
||||
(tcp_fastopen & TFO_SERVER_ENABLE) &&
|
||||
!inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {
|
||||
|
||||
@ -467,7 +467,8 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc,
|
||||
|
||||
if (pmc->multiaddr == IGMP_ALL_HOSTS)
|
||||
return skb;
|
||||
if (ipv4_is_local_multicast(pmc->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports)
|
||||
if (ipv4_is_local_multicast(pmc->multiaddr) &&
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
return skb;
|
||||
|
||||
mtu = READ_ONCE(dev->mtu);
|
||||
@ -593,7 +594,7 @@ static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc)
|
||||
if (pmc->multiaddr == IGMP_ALL_HOSTS)
|
||||
continue;
|
||||
if (ipv4_is_local_multicast(pmc->multiaddr) &&
|
||||
!net->ipv4.sysctl_igmp_llm_reports)
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
continue;
|
||||
spin_lock_bh(&pmc->lock);
|
||||
if (pmc->sfcount[MCAST_EXCLUDE])
|
||||
@ -736,7 +737,8 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
|
||||
if (type == IGMPV3_HOST_MEMBERSHIP_REPORT)
|
||||
return igmpv3_send_report(in_dev, pmc);
|
||||
|
||||
if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports)
|
||||
if (ipv4_is_local_multicast(group) &&
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
return 0;
|
||||
|
||||
if (type == IGMP_HOST_LEAVE_MESSAGE)
|
||||
@ -825,7 +827,7 @@ static void igmp_ifc_event(struct in_device *in_dev)
|
||||
struct net *net = dev_net(in_dev->dev);
|
||||
if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
|
||||
return;
|
||||
WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv);
|
||||
WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv));
|
||||
igmp_ifc_start_timer(in_dev, 1);
|
||||
}
|
||||
|
||||
@ -920,7 +922,8 @@ static bool igmp_heard_report(struct in_device *in_dev, __be32 group)
|
||||
|
||||
if (group == IGMP_ALL_HOSTS)
|
||||
return false;
|
||||
if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports)
|
||||
if (ipv4_is_local_multicast(group) &&
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
return false;
|
||||
|
||||
rcu_read_lock();
|
||||
@ -1006,7 +1009,7 @@ static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
|
||||
* received value was zero, use the default or statically
|
||||
* configured value.
|
||||
*/
|
||||
in_dev->mr_qrv = ih3->qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL;
|
||||
|
||||
/* RFC3376, 8.3. Query Response Interval:
|
||||
@ -1045,7 +1048,7 @@ static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
|
||||
if (im->multiaddr == IGMP_ALL_HOSTS)
|
||||
continue;
|
||||
if (ipv4_is_local_multicast(im->multiaddr) &&
|
||||
!net->ipv4.sysctl_igmp_llm_reports)
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
continue;
|
||||
spin_lock_bh(&im->lock);
|
||||
if (im->tm_running)
|
||||
@ -1186,7 +1189,7 @@ static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im,
|
||||
pmc->interface = im->interface;
|
||||
in_dev_hold(in_dev);
|
||||
pmc->multiaddr = im->multiaddr;
|
||||
pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
pmc->sfmode = im->sfmode;
|
||||
if (pmc->sfmode == MCAST_INCLUDE) {
|
||||
struct ip_sf_list *psf;
|
||||
@ -1237,9 +1240,11 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
|
||||
swap(im->tomb, pmc->tomb);
|
||||
swap(im->sources, pmc->sources);
|
||||
for (psf = im->sources; psf; psf = psf->sf_next)
|
||||
psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
psf->sf_crcount = in_dev->mr_qrv ?:
|
||||
READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
} else {
|
||||
im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
im->crcount = in_dev->mr_qrv ?:
|
||||
READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
}
|
||||
in_dev_put(pmc->interface);
|
||||
kfree_pmc(pmc);
|
||||
@ -1296,7 +1301,8 @@ static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp)
|
||||
#ifdef CONFIG_IP_MULTICAST
|
||||
if (im->multiaddr == IGMP_ALL_HOSTS)
|
||||
return;
|
||||
if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports)
|
||||
if (ipv4_is_local_multicast(im->multiaddr) &&
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
return;
|
||||
|
||||
reporter = im->reporter;
|
||||
@ -1338,13 +1344,14 @@ static void igmp_group_added(struct ip_mc_list *im)
|
||||
#ifdef CONFIG_IP_MULTICAST
|
||||
if (im->multiaddr == IGMP_ALL_HOSTS)
|
||||
return;
|
||||
if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports)
|
||||
if (ipv4_is_local_multicast(im->multiaddr) &&
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
return;
|
||||
|
||||
if (in_dev->dead)
|
||||
return;
|
||||
|
||||
im->unsolicit_count = net->ipv4.sysctl_igmp_qrv;
|
||||
im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) {
|
||||
spin_lock_bh(&im->lock);
|
||||
igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
|
||||
@ -1358,7 +1365,7 @@ static void igmp_group_added(struct ip_mc_list *im)
|
||||
* IN() to IN(A).
|
||||
*/
|
||||
if (im->sfmode == MCAST_EXCLUDE)
|
||||
im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
|
||||
igmp_ifc_event(in_dev);
|
||||
#endif
|
||||
@ -1642,7 +1649,7 @@ static void ip_mc_rejoin_groups(struct in_device *in_dev)
|
||||
if (im->multiaddr == IGMP_ALL_HOSTS)
|
||||
continue;
|
||||
if (ipv4_is_local_multicast(im->multiaddr) &&
|
||||
!net->ipv4.sysctl_igmp_llm_reports)
|
||||
!READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
|
||||
continue;
|
||||
|
||||
/* a failover is happening and switches
|
||||
@ -1749,7 +1756,7 @@ static void ip_mc_reset(struct in_device *in_dev)
|
||||
|
||||
in_dev->mr_qi = IGMP_QUERY_INTERVAL;
|
||||
in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL;
|
||||
in_dev->mr_qrv = net->ipv4.sysctl_igmp_qrv;
|
||||
in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
}
|
||||
#else
|
||||
static void ip_mc_reset(struct in_device *in_dev)
|
||||
@ -1883,7 +1890,7 @@ static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
|
||||
#ifdef CONFIG_IP_MULTICAST
|
||||
if (psf->sf_oldin &&
|
||||
!IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
|
||||
psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
psf->sf_next = pmc->tomb;
|
||||
pmc->tomb = psf;
|
||||
rv = 1;
|
||||
@ -1947,7 +1954,7 @@ static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
|
||||
/* filter mode change */
|
||||
pmc->sfmode = MCAST_INCLUDE;
|
||||
#ifdef CONFIG_IP_MULTICAST
|
||||
pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
|
||||
for (psf = pmc->sources; psf; psf = psf->sf_next)
|
||||
psf->sf_crcount = 0;
|
||||
@ -2126,7 +2133,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
|
||||
#ifdef CONFIG_IP_MULTICAST
|
||||
/* else no filters; keep old mode for reports */
|
||||
|
||||
pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
|
||||
pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
|
||||
WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
|
||||
for (psf = pmc->sources; psf; psf = psf->sf_next)
|
||||
psf->sf_crcount = 0;
|
||||
@ -2192,7 +2199,7 @@ static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr,
|
||||
count++;
|
||||
}
|
||||
err = -ENOBUFS;
|
||||
if (count >= net->ipv4.sysctl_igmp_max_memberships)
|
||||
if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships))
|
||||
goto done;
|
||||
iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL);
|
||||
if (!iml)
|
||||
@ -2379,7 +2386,7 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
|
||||
}
|
||||
/* else, add a new source to the filter */
|
||||
|
||||
if (psl && psl->sl_count >= net->ipv4.sysctl_igmp_max_msf) {
|
||||
if (psl && psl->sl_count >= READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) {
|
||||
err = -ENOBUFS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
@ -833,7 +833,8 @@ static void reqsk_timer_handler(struct timer_list *t)
|
||||
|
||||
icsk = inet_csk(sk_listener);
|
||||
net = sock_net(sk_listener);
|
||||
max_syn_ack_retries = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_synack_retries;
|
||||
max_syn_ack_retries = icsk->icsk_syn_retries ? :
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_synack_retries);
|
||||
/* Normally all the openreqs are young and become mature
|
||||
* (i.e. converted to established socket) for first timeout.
|
||||
* If synack was not acknowledged for 1 second, it means
|
||||
|
||||
@ -782,7 +782,7 @@ static int ip_set_mcast_msfilter(struct sock *sk, sockptr_t optval, int optlen)
|
||||
/* numsrc >= (4G-140)/128 overflow in 32 bits */
|
||||
err = -ENOBUFS;
|
||||
if (gsf->gf_numsrc >= 0x1ffffff ||
|
||||
gsf->gf_numsrc > sock_net(sk)->ipv4.sysctl_igmp_max_msf)
|
||||
gsf->gf_numsrc > READ_ONCE(sock_net(sk)->ipv4.sysctl_igmp_max_msf))
|
||||
goto out_free_gsf;
|
||||
|
||||
err = -EINVAL;
|
||||
@ -832,7 +832,7 @@ static int compat_ip_set_mcast_msfilter(struct sock *sk, sockptr_t optval,
|
||||
|
||||
/* numsrc >= (4G-140)/128 overflow in 32 bits */
|
||||
err = -ENOBUFS;
|
||||
if (n > sock_net(sk)->ipv4.sysctl_igmp_max_msf)
|
||||
if (n > READ_ONCE(sock_net(sk)->ipv4.sysctl_igmp_max_msf))
|
||||
goto out_free_gsf;
|
||||
err = set_mcast_msfilter(sk, gf32->gf_interface, n, gf32->gf_fmode,
|
||||
&gf32->gf_group, gf32->gf_slist_flex);
|
||||
@ -1244,7 +1244,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, int optname,
|
||||
}
|
||||
/* numsrc >= (1G-4) overflow in 32 bits */
|
||||
if (msf->imsf_numsrc >= 0x3ffffffcU ||
|
||||
msf->imsf_numsrc > net->ipv4.sysctl_igmp_max_msf) {
|
||||
msf->imsf_numsrc > READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) {
|
||||
kfree(msf);
|
||||
err = -ENOBUFS;
|
||||
break;
|
||||
|
||||
@ -340,7 +340,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
|
||||
struct flowi4 fl4;
|
||||
u32 tsoff = 0;
|
||||
|
||||
if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies || !th->ack || th->rst)
|
||||
if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies) ||
|
||||
!th->ack || th->rst)
|
||||
goto out;
|
||||
|
||||
if (tcp_synq_no_recent_overflow(sk))
|
||||
|
||||
@ -441,7 +441,7 @@ void tcp_init_sock(struct sock *sk)
|
||||
tp->snd_cwnd_clamp = ~0;
|
||||
tp->mss_cache = TCP_MSS_DEFAULT;
|
||||
|
||||
tp->reordering = sock_net(sk)->ipv4.sysctl_tcp_reordering;
|
||||
tp->reordering = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reordering);
|
||||
tcp_assign_congestion_control(sk);
|
||||
|
||||
tp->tsoffset = 0;
|
||||
@ -1150,7 +1150,8 @@ static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
|
||||
struct sockaddr *uaddr = msg->msg_name;
|
||||
int err, flags;
|
||||
|
||||
if (!(sock_net(sk)->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) ||
|
||||
if (!(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) &
|
||||
TFO_CLIENT_ENABLE) ||
|
||||
(uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&
|
||||
uaddr->sa_family == AF_UNSPEC))
|
||||
return -EOPNOTSUPP;
|
||||
@ -3617,7 +3618,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, int optname,
|
||||
case TCP_FASTOPEN_CONNECT:
|
||||
if (val > 1 || val < 0) {
|
||||
err = -EINVAL;
|
||||
} else if (net->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) {
|
||||
} else if (READ_ONCE(net->ipv4.sysctl_tcp_fastopen) &
|
||||
TFO_CLIENT_ENABLE) {
|
||||
if (sk->sk_state == TCP_CLOSE)
|
||||
tp->fastopen_connect = val;
|
||||
else
|
||||
@ -3967,12 +3969,13 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
|
||||
val = keepalive_probes(tp);
|
||||
break;
|
||||
case TCP_SYNCNT:
|
||||
val = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;
|
||||
val = icsk->icsk_syn_retries ? :
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_syn_retries);
|
||||
break;
|
||||
case TCP_LINGER2:
|
||||
val = tp->linger2;
|
||||
if (val >= 0)
|
||||
val = (val ? : net->ipv4.sysctl_tcp_fin_timeout) / HZ;
|
||||
val = (val ? : READ_ONCE(net->ipv4.sysctl_tcp_fin_timeout)) / HZ;
|
||||
break;
|
||||
case TCP_DEFER_ACCEPT:
|
||||
val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
|
||||
|
||||
@ -332,7 +332,7 @@ static bool tcp_fastopen_no_cookie(const struct sock *sk,
|
||||
const struct dst_entry *dst,
|
||||
int flag)
|
||||
{
|
||||
return (sock_net(sk)->ipv4.sysctl_tcp_fastopen & flag) ||
|
||||
return (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) & flag) ||
|
||||
tcp_sk(sk)->fastopen_no_cookie ||
|
||||
(dst && dst_metric(dst, RTAX_FASTOPEN_NO_COOKIE));
|
||||
}
|
||||
@ -347,7 +347,7 @@ struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
|
||||
const struct dst_entry *dst)
|
||||
{
|
||||
bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
|
||||
int tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
|
||||
int tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
|
||||
struct tcp_fastopen_cookie valid_foc = { .len = -1 };
|
||||
struct sock *child;
|
||||
int ret = 0;
|
||||
@ -489,7 +489,7 @@ void tcp_fastopen_active_disable(struct sock *sk)
|
||||
{
|
||||
struct net *net = sock_net(sk);
|
||||
|
||||
if (!sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout)
|
||||
if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout))
|
||||
return;
|
||||
|
||||
/* Paired with READ_ONCE() in tcp_fastopen_active_should_disable() */
|
||||
@ -510,7 +510,8 @@ void tcp_fastopen_active_disable(struct sock *sk)
|
||||
*/
|
||||
bool tcp_fastopen_active_should_disable(struct sock *sk)
|
||||
{
|
||||
unsigned int tfo_bh_timeout = sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout;
|
||||
unsigned int tfo_bh_timeout =
|
||||
READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout);
|
||||
unsigned long timeout;
|
||||
int tfo_da_times;
|
||||
int multiplier;
|
||||
|
||||
@ -2139,6 +2139,7 @@ void tcp_enter_loss(struct sock *sk)
|
||||
struct tcp_sock *tp = tcp_sk(sk);
|
||||
struct net *net = sock_net(sk);
|
||||
bool new_recovery = icsk->icsk_ca_state < TCP_CA_Recovery;
|
||||
u8 reordering;
|
||||
|
||||
tcp_timeout_mark_lost(sk);
|
||||
|
||||
@ -2159,10 +2160,12 @@ void tcp_enter_loss(struct sock *sk)
|
||||
/* Timeout in disordered state after receiving substantial DUPACKs
|
||||
* suggests that the degree of reordering is over-estimated.
|
||||
*/
|
||||
reordering = READ_ONCE(net->ipv4.sysctl_tcp_reordering);
|
||||
if (icsk->icsk_ca_state <= TCP_CA_Disorder &&
|
||||
tp->sacked_out >= net->ipv4.sysctl_tcp_reordering)
|
||||
tp->sacked_out >= reordering)
|
||||
tp->reordering = min_t(unsigned int, tp->reordering,
|
||||
net->ipv4.sysctl_tcp_reordering);
|
||||
reordering);
|
||||
|
||||
tcp_set_ca_state(sk, TCP_CA_Loss);
|
||||
tp->high_seq = tp->snd_nxt;
|
||||
tcp_ecn_queue_cwr(tp);
|
||||
@ -3464,7 +3467,8 @@ static inline bool tcp_may_raise_cwnd(const struct sock *sk, const int flag)
|
||||
* new SACK or ECE mark may first advance cwnd here and later reduce
|
||||
* cwnd in tcp_fastretrans_alert() based on more states.
|
||||
*/
|
||||
if (tcp_sk(sk)->reordering > sock_net(sk)->ipv4.sysctl_tcp_reordering)
|
||||
if (tcp_sk(sk)->reordering >
|
||||
READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reordering))
|
||||
return flag & FLAG_FORWARD_PROGRESS;
|
||||
|
||||
return flag & FLAG_DATA_ACKED;
|
||||
@ -6797,11 +6801,14 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto)
|
||||
{
|
||||
struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
|
||||
const char *msg = "Dropping request";
|
||||
bool want_cookie = false;
|
||||
struct net *net = sock_net(sk);
|
||||
bool want_cookie = false;
|
||||
u8 syncookies;
|
||||
|
||||
syncookies = READ_ONCE(net->ipv4.sysctl_tcp_syncookies);
|
||||
|
||||
#ifdef CONFIG_SYN_COOKIES
|
||||
if (net->ipv4.sysctl_tcp_syncookies) {
|
||||
if (syncookies) {
|
||||
msg = "Sending cookies";
|
||||
want_cookie = true;
|
||||
__NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
|
||||
@ -6809,8 +6816,7 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto)
|
||||
#endif
|
||||
__NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
|
||||
|
||||
if (!queue->synflood_warned &&
|
||||
net->ipv4.sysctl_tcp_syncookies != 2 &&
|
||||
if (!queue->synflood_warned && syncookies != 2 &&
|
||||
xchg(&queue->synflood_warned, 1) == 0)
|
||||
net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
|
||||
proto, sk->sk_num, msg);
|
||||
@ -6859,7 +6865,7 @@ u16 tcp_get_syncookie_mss(struct request_sock_ops *rsk_ops,
|
||||
struct tcp_sock *tp = tcp_sk(sk);
|
||||
u16 mss;
|
||||
|
||||
if (sock_net(sk)->ipv4.sysctl_tcp_syncookies != 2 &&
|
||||
if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies) != 2 &&
|
||||
!inet_csk_reqsk_queue_is_full(sk))
|
||||
return 0;
|
||||
|
||||
@ -6893,13 +6899,15 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
|
||||
bool want_cookie = false;
|
||||
struct dst_entry *dst;
|
||||
struct flowi fl;
|
||||
u8 syncookies;
|
||||
|
||||
syncookies = READ_ONCE(net->ipv4.sysctl_tcp_syncookies);
|
||||
|
||||
/* TW buckets are converted to open requests without
|
||||
* limitations, they conserve resources and peer is
|
||||
* evidently real one.
|
||||
*/
|
||||
if ((net->ipv4.sysctl_tcp_syncookies == 2 ||
|
||||
inet_csk_reqsk_queue_is_full(sk)) && !isn) {
|
||||
if ((syncookies == 2 || inet_csk_reqsk_queue_is_full(sk)) && !isn) {
|
||||
want_cookie = tcp_syn_flood_action(sk, rsk_ops->slab_name);
|
||||
if (!want_cookie)
|
||||
goto drop;
|
||||
@ -6948,10 +6956,12 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
|
||||
tcp_rsk(req)->ts_off = af_ops->init_ts_off(net, skb);
|
||||
|
||||
if (!want_cookie && !isn) {
|
||||
int max_syn_backlog = READ_ONCE(net->ipv4.sysctl_max_syn_backlog);
|
||||
|
||||
/* Kill the following clause, if you dislike this way. */
|
||||
if (!net->ipv4.sysctl_tcp_syncookies &&
|
||||
(net->ipv4.sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
|
||||
(net->ipv4.sysctl_max_syn_backlog >> 2)) &&
|
||||
if (!syncookies &&
|
||||
(max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
|
||||
(max_syn_backlog >> 2)) &&
|
||||
!tcp_peer_is_proven(req, dst)) {
|
||||
/* Without syncookies last quarter of
|
||||
* backlog is filled with destinations,
|
||||
|
||||
@ -108,10 +108,10 @@ static u32 tcp_v4_init_ts_off(const struct net *net, const struct sk_buff *skb)
|
||||
|
||||
int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
|
||||
{
|
||||
int reuse = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tw_reuse);
|
||||
const struct inet_timewait_sock *tw = inet_twsk(sktw);
|
||||
const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
|
||||
struct tcp_sock *tp = tcp_sk(sk);
|
||||
int reuse = sock_net(sk)->ipv4.sysctl_tcp_tw_reuse;
|
||||
|
||||
if (reuse == 2) {
|
||||
/* Still does not detect *everything* that goes through
|
||||
|
||||
@ -428,7 +428,8 @@ void tcp_update_metrics(struct sock *sk)
|
||||
if (!tcp_metric_locked(tm, TCP_METRIC_REORDERING)) {
|
||||
val = tcp_metric_get(tm, TCP_METRIC_REORDERING);
|
||||
if (val < tp->reordering &&
|
||||
tp->reordering != net->ipv4.sysctl_tcp_reordering)
|
||||
tp->reordering !=
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_reordering))
|
||||
tcp_metric_set(tm, TCP_METRIC_REORDERING,
|
||||
tp->reordering);
|
||||
}
|
||||
|
||||
@ -4090,7 +4090,7 @@ void tcp_send_probe0(struct sock *sk)
|
||||
|
||||
icsk->icsk_probes_out++;
|
||||
if (err <= 0) {
|
||||
if (icsk->icsk_backoff < net->ipv4.sysctl_tcp_retries2)
|
||||
if (icsk->icsk_backoff < READ_ONCE(net->ipv4.sysctl_tcp_retries2))
|
||||
icsk->icsk_backoff++;
|
||||
timeout = tcp_probe0_when(sk, TCP_RTO_MAX);
|
||||
} else {
|
||||
|
||||
@ -143,7 +143,7 @@ static int tcp_out_of_resources(struct sock *sk, bool do_reset)
|
||||
*/
|
||||
static int tcp_orphan_retries(struct sock *sk, bool alive)
|
||||
{
|
||||
int retries = sock_net(sk)->ipv4.sysctl_tcp_orphan_retries; /* May be zero. */
|
||||
int retries = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_orphan_retries); /* May be zero. */
|
||||
|
||||
/* We know from an ICMP that something is wrong. */
|
||||
if (sk->sk_err_soft && !alive)
|
||||
@ -239,17 +239,18 @@ static int tcp_write_timeout(struct sock *sk)
|
||||
if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
|
||||
if (icsk->icsk_retransmits)
|
||||
__dst_negative_advice(sk);
|
||||
retry_until = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;
|
||||
retry_until = icsk->icsk_syn_retries ? :
|
||||
READ_ONCE(net->ipv4.sysctl_tcp_syn_retries);
|
||||
expired = icsk->icsk_retransmits >= retry_until;
|
||||
} else {
|
||||
if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0)) {
|
||||
if (retransmits_timed_out(sk, READ_ONCE(net->ipv4.sysctl_tcp_retries1), 0)) {
|
||||
/* Black hole detection */
|
||||
tcp_mtu_probing(icsk, sk);
|
||||
|
||||
__dst_negative_advice(sk);
|
||||
}
|
||||
|
||||
retry_until = net->ipv4.sysctl_tcp_retries2;
|
||||
retry_until = READ_ONCE(net->ipv4.sysctl_tcp_retries2);
|
||||
if (sock_flag(sk, SOCK_DEAD)) {
|
||||
const bool alive = icsk->icsk_rto < TCP_RTO_MAX;
|
||||
|
||||
@ -380,7 +381,7 @@ static void tcp_probe_timer(struct sock *sk)
|
||||
msecs_to_jiffies(icsk->icsk_user_timeout))
|
||||
goto abort;
|
||||
|
||||
max_probes = sock_net(sk)->ipv4.sysctl_tcp_retries2;
|
||||
max_probes = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retries2);
|
||||
if (sock_flag(sk, SOCK_DEAD)) {
|
||||
const bool alive = inet_csk_rto_backoff(icsk, TCP_RTO_MAX) < TCP_RTO_MAX;
|
||||
|
||||
@ -406,12 +407,15 @@ abort: tcp_write_err(sk);
|
||||
static void tcp_fastopen_synack_timer(struct sock *sk, struct request_sock *req)
|
||||
{
|
||||
struct inet_connection_sock *icsk = inet_csk(sk);
|
||||
int max_retries = icsk->icsk_syn_retries ? :
|
||||
sock_net(sk)->ipv4.sysctl_tcp_synack_retries + 1; /* add one more retry for fastopen */
|
||||
struct tcp_sock *tp = tcp_sk(sk);
|
||||
int max_retries;
|
||||
|
||||
req->rsk_ops->syn_ack_timeout(req);
|
||||
|
||||
/* add one more retry for fastopen */
|
||||
max_retries = icsk->icsk_syn_retries ? :
|
||||
READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_synack_retries) + 1;
|
||||
|
||||
if (req->num_timeout >= max_retries) {
|
||||
tcp_write_err(sk);
|
||||
return;
|
||||
@ -585,7 +589,7 @@ out_reset_timer:
|
||||
}
|
||||
inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
|
||||
tcp_clamp_rto_to_user_timeout(sk), TCP_RTO_MAX);
|
||||
if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1 + 1, 0))
|
||||
if (retransmits_timed_out(sk, READ_ONCE(net->ipv4.sysctl_tcp_retries1) + 1, 0))
|
||||
__sk_dst_reset(sk);
|
||||
|
||||
out:;
|
||||
|
||||
@ -141,7 +141,8 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
|
||||
__u8 rcv_wscale;
|
||||
u32 tsoff = 0;
|
||||
|
||||
if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies || !th->ack || th->rst)
|
||||
if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies) ||
|
||||
!th->ack || th->rst)
|
||||
goto out;
|
||||
|
||||
if (tcp_synq_no_recent_overflow(sk))
|
||||
|
||||
@ -2122,7 +2122,7 @@ void smc_llc_lgr_init(struct smc_link_group *lgr, struct smc_sock *smc)
|
||||
init_waitqueue_head(&lgr->llc_flow_waiter);
|
||||
init_waitqueue_head(&lgr->llc_msg_waiter);
|
||||
mutex_init(&lgr->llc_conf_mutex);
|
||||
lgr->llc_testlink_time = net->ipv4.sysctl_tcp_keepalive_time;
|
||||
lgr->llc_testlink_time = READ_ONCE(net->ipv4.sysctl_tcp_keepalive_time);
|
||||
}
|
||||
|
||||
/* called after lgr was removed from lgr_list */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user