• Eric Dumazet's avatar
    tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers · e6ced831
    Eric Dumazet authored
    My prior fix went a bit too far, according to Herbert and Mathieu.
    
    Since we accept that concurrent TCP MD5 lookups might see inconsistent
    keys, we can use READ_ONCE()/WRITE_ONCE() instead of smp_rmb()/smp_wmb()
    
    Clearing all key->key[] is needed to avoid possible KMSAN reports,
    if key->keylen is increased. Since tcp_md5_do_add() is not fast path,
    using __GFP_ZERO to clear all struct tcp_md5sig_key is simpler.
    
    data_race() was added in linux-5.8 and will prevent KCSAN reports,
    this can safely be removed in stable backports, if data_race() is
    not yet backported.
    
    v2: use data_race() both in tcp_md5_hash_key() and tcp_md5_do_add()
    
    Fixes: 6a2febec ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Cc: Marco Elver <elver@google.com>
    Reviewed-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
    Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e6ced831
tcp_ipv4.c 74.6 KB