inet: add READ_ONCE(sk->sk_bound_dev_if) in inet_csk_bind_conflict()

inet_csk_bind_conflict() can access sk->sk_bound_dev_if for
unlocked sockets.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 1e5b53c..53f5f95 100644 (file)
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -155,10 +155,14 @@ static int inet_csk_bind_conflict(const struct sock *sk,
         */
 
        sk_for_each_bound(sk2, &tb->owners) {
-               if (sk != sk2 &&
-                   (!sk->sk_bound_dev_if ||
-                    !sk2->sk_bound_dev_if ||
-                    sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
+               int bound_dev_if2;
+
+               if (sk == sk2)
+                       continue;
+               bound_dev_if2 = READ_ONCE(sk2->sk_bound_dev_if);
+               if ((!sk->sk_bound_dev_if ||
+                    !bound_dev_if2 ||
+                    sk->sk_bound_dev_if == bound_dev_if2)) {
                        if (reuse && sk2->sk_reuse &&
                            sk2->sk_state != TCP_LISTEN) {
                                if ((!relax ||