tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.

stable inclusion from stable-v4.19.255 commit 3bf8415f605526a7eea9f3f7d7e30d8867b2cd1e category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5Q0SQ CVE: NA -------------------------------- commit db3815a2 upstream. While reading sysctl_tcp_challenge_ack_limit, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 282f23c6 ("tcp: implement RFC 5961 3.2") Signed-off-by: N Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>

tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
stable inclusion from stable-v4.19.255 commit 3bf8415f605526a7eea9f3f7d7e30d8867b2cd1e category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5Q0SQ CVE: NA -------------------------------- commit db3815a2 upstream. While reading sysctl_tcp_challenge_ack_limit, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 282f23c6 ("tcp: implement RFC 5961 3.2") Signed-off-by: N Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>
db27a46c · Kuniyuki Iwashima · Yongqiang Liu · 2ab08dad · db27a46c
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/ipv4/tcp_input.c net/ipv4/tcp_input.c +1 -1

未找到文件。
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3471,7 +3471,7 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
 	/* Then check host-wide RFC 5961 rate limit. */
 	now = jiffies / HZ;
 	if (now != challenge_timestamp) {
-		u32 ack_limit = net->ipv4.sysctl_tcp_challenge_ack_limit;
+		u32 ack_limit = READ_ONCE(net->ipv4.sysctl_tcp_challenge_ack_limit);
 		u32 half = (ack_limit + 1) >> 1;
 		challenge_timestamp = now;