review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Manfred Spraul <manfred@colorfullife.com>
	Sun, 27 Jun 2021 16:19:18 +0000 (18:19 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 6 Jul 2021 12:15:13 +0000 (14:15 +0200)
commit	cf4466ea47db891be785f867ca7f99e0cd9898c6
tree	c6fa68cd742bfc9648cad717a0cfd5dbee7f4fee	tree \| snapshot
parent	1da4cd82dd180224503e745ccf3220e3490d8897	commit \| diff

netfilter: conntrack: Mark access for KCSAN

KCSAN detected an data race with ipc/sem.c that is intentional.

As nf_conntrack_lock() uses the same algorithm: Update
nf_conntrack_core as well:

nf_conntrack_lock() contains
  a1) spin_lock()
  a2) smp_load_acquire(nf_conntrack_locks_all).

a1) actually accesses one lock from an array of locks.

nf_conntrack_locks_all() contains
  b1) nf_conntrack_locks_all=true (normal write)
  b2) spin_lock()
  b3) spin_unlock()

b2 and b3 are done for every lock.

This guarantees that nf_conntrack_locks_all() prevents any
concurrent nf_conntrack_lock() owners:
If a thread past a1), then b2) will block until that thread releases
the lock.
If the threat is before a1, then b3)+a1) ensure the write b1) is
visible, thus a2) is guaranteed to see the updated value.

But: This is only the latest time when b1) becomes visible.
It may also happen that b1) is visible an undefined amount of time
before the b3). And thus KCSAN will notice a data race.

In addition, the compiler might be too clever.

Solution: Use WRITE_ONCE().

Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>