From c608e2949f1cebbbf9bfb1706b255a98a0d2ed0e Mon Sep 17 00:00:00 2001
From: Kuniyuki Iwashima <kuniyu@amazon.com>
Date: Tue, 11 Oct 2022 12:14:05 +0000
Subject: [PATCH] net: Fix a data-race around sysctl_somaxconn.

stable inclusion
from stable-v4.19.257
commit 1e4142b95269a394229c89d132f8e226fb1b4f71
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5UQH4
CVE: NA

--------------------------------

[ Upstream commit 3c9ba81d72047f2e81bb535d42856517b613aba7 ]

While reading sysctl_somaxconn, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its reader.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
---
 net/socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/socket.c b/net/socket.c
index bf943e6d47fe..553045441a2c 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1630,7 +1630,7 @@ int __sys_listen(int fd, int backlog)
 
 	sock = sockfd_lookup_light(fd, &err, &fput_needed);
 	if (sock) {
-		somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
+		somaxconn = READ_ONCE(sock_net(sock->sk)->core.sysctl_somaxconn);
 		if ((unsigned int)backlog > somaxconn)
 			backlog = somaxconn;
 
-- 
GitLab