tcp: annotate data-races on tp->segs_in and tp->data_segs_in tcp_segs_in() can be called from BH, while socket spinlock is held but socket owned by user, eventually reading these fields from tcp_get_info() Found by code inspection, no need to backport this patch to older kernels. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 0307a0b74b3af6ecb1c8b7f727376130b15bbf44 [log] [tgz]
author: Eric Dumazet <edumazet@google.com> Mon Nov 15 11:02:42 2021 -0800
committer: David S. Miller <davem@davemloft.net> Tue Nov 16 13:10:34 2021 +0000
tree: 31f6f571d6c135b02a5dc6cf9f63dc5b860a36e0
parent: d2489c7b6d7d5ed4b32b56703c57c47bfbfe7fa5 [diff] [blame]
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 4da22b4..05c8167 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h

@@ -2172,9 +2172,13 @@ static inline void tcp_segs_in(struct tcp_sock *tp, const struct sk_buff *skb)
 	u16 segs_in;
 
 	segs_in = max_t(u16, 1, skb_shinfo(skb)->gso_segs);
-	tp->segs_in += segs_in;
+
+	/* We update these fields while other threads might
+	 * read them from tcp_get_info()
+	 */
+	WRITE_ONCE(tp->segs_in, tp->segs_in + segs_in);
 	if (skb->len > tcp_hdrlen(skb))
-		tp->data_segs_in += segs_in;
+		WRITE_ONCE(tp->data_segs_in, tp->data_segs_in + segs_in);
 }
 
 /*
commit	0307a0b74b3af6ecb1c8b7f727376130b15bbf44	[log] [tgz]
author	Eric Dumazet <edumazet@google.com>	Mon Nov 15 11:02:42 2021 -0800
committer	David S. Miller <davem@davemloft.net>	Tue Nov 16 13:10:34 2021 +0000
tree	31f6f571d6c135b02a5dc6cf9f63dc5b860a36e0
parent	d2489c7b6d7d5ed4b32b56703c57c47bfbfe7fa5 [diff] [blame]