net: fix __sock_gen_cookie()

I was mistaken how atomic64_try_cmpxchg(&sk_cookie, &res, new)
is working.

I was assuming @res would contain the final sk_cookie value,
regardless of the success of our cmpxchg()

We could do something like:

if (atomic64_try_cmpxchg(&sk_cookie, &res, new)
	res = new;

But we can avoid a conditional and read sk_cookie again.

atomic64_cmpxchg(&sk_cookie, res, new);
res = atomic64_read(&sk_cookie);

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527347 ("Error handling issues")
Fixes: 4ebf802cf1c6 ("net: __sock_gen_cookie() cleanup")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20221118043843.3703186-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
index b11593c..b1e29e1 100644 (file)
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -30,7 +30,10 @@ u64 __sock_gen_cookie(struct sock *sk)
        if (!res) {
                u64 new = gen_cookie_next(&sock_cookie);
 
-               atomic64_try_cmpxchg(&sk->sk_cookie, &res, new);
+               atomic64_cmpxchg(&sk->sk_cookie, res, new);
+
+               /* Another thread might have changed sk_cookie before us. */
+               res = atomic64_read(&sk->sk_cookie);
        }
        return res;
 }