On Wed, Jul 1, 2020 at 5:19 AM Mathieu Desnoyers <mathieu.desnoy...@efficios.com> wrote:
> The approach below looks good to me, but you'll also need to annotate > both tcp_md5_hash_key and tcp_md5_do_add with __no_kcsan or use > data_race(expr) to let the concurrency sanitizer know that there is > a known data race which is there on purpose (triggered by memcpy in > tcp_md5_do_add > and somewhere within crypto_ahash_update). See > Documentation/dev-tools/kcsan.rst > for details. Sure, I can add a data_race() and let stable teams handle the backports without it ;) > > Thanks, > > Mathieu > > > > > diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c > > index > > f111660453241692a17c881dd6dc2910a1236263..c3af8180c7049d5c4987bf5c67e4aff2ed6967c9 > > 100644 > > --- a/net/ipv4/tcp.c > > +++ b/net/ipv4/tcp.c > > @@ -4033,11 +4033,9 @@ EXPORT_SYMBOL(tcp_md5_hash_skb_data); > > > > int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const struct > > tcp_md5sig_key *key) > > { > > - u8 keylen = key->keylen; > > + u8 keylen = READ_ONCE(key->keylen); /* paired with > > WRITE_ONCE() in tcp_md5_do_add */ > > struct scatterlist sg; > > > > - smp_rmb(); /* paired with smp_wmb() in tcp_md5_do_add() */ > > - > > sg_init_one(&sg, key->key, keylen); > > ahash_request_set_crypt(hp->md5_req, &sg, NULL, keylen); > > return crypto_ahash_update(hp->md5_req); > > diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c > > index > > 99916fcc15ca0be12c2c133ff40516f79e6fdf7f..0d08e0134335a21d23702e6a5c24a0f2b3c61c6f > > 100644 > > --- a/net/ipv4/tcp_ipv4.c > > +++ b/net/ipv4/tcp_ipv4.c > > @@ -1114,9 +1114,13 @@ int tcp_md5_do_add(struct sock *sk, const union > > tcp_md5_addr *addr, > > /* Pre-existing entry - just update that one. */ > > memcpy(key->key, newkey, newkeylen); > > > > - smp_wmb(); /* pairs with smp_rmb() in tcp_md5_hash_key() */ > > + /* Pairs with READ_ONCE() in tcp_md5_hash_key(). > > + * Also note that a reader could catch new key->keylen value > > + * but old key->key[], this is the reason we use __GFP_ZERO > > + * at sock_kmalloc() time below these lines. > > + */ > > + WRITE_ONCE(key->keylen, newkeylen); > > > > - key->keylen = newkeylen; > > return 0; > > } > > > > @@ -1132,7 +1136,7 @@ int tcp_md5_do_add(struct sock *sk, const union > > tcp_md5_addr *addr, > > rcu_assign_pointer(tp->md5sig_info, md5sig); > > } > > > > - key = sock_kmalloc(sk, sizeof(*key), gfp); > > + key = sock_kmalloc(sk, sizeof(*key), gfp | __GFP_ZERO); > > if (!key) > > return -ENOMEM; > > if (!tcp_alloc_md5sig_pool()) { > > -- > Mathieu Desnoyers > EfficiOS Inc. > http://www.efficios.com