tcp: annotate data-race around tcp_md5sig_pool_populated

tcp_md5sig_pool_populated can be read while another thread
changes its value.

The race has no consequence because allocations
are protected with tcp_md5sig_mutex.

This patch adds READ_ONCE() and WRITE_ONCE() to document
the race and silence KCSAN.

Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index bbe2187..ba62f8e 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4433,12 +4433,16 @@ static void __tcp_alloc_md5sig_pool(void)
         * to memory. See smp_rmb() in tcp_get_md5sig_pool()
         */
        smp_wmb();
-       tcp_md5sig_pool_populated = true;
+       /* Paired with READ_ONCE() from tcp_alloc_md5sig_pool()
+        * and tcp_get_md5sig_pool().
+       */
+       WRITE_ONCE(tcp_md5sig_pool_populated, true);
 }
 
 bool tcp_alloc_md5sig_pool(void)
 {
-       if (unlikely(!tcp_md5sig_pool_populated)) {
+       /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+       if (unlikely(!READ_ONCE(tcp_md5sig_pool_populated))) {
                mutex_lock(&tcp_md5sig_mutex);
 
                if (!tcp_md5sig_pool_populated) {
@@ -4449,7 +4453,8 @@ bool tcp_alloc_md5sig_pool(void)
 
                mutex_unlock(&tcp_md5sig_mutex);
        }
-       return tcp_md5sig_pool_populated;
+       /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+       return READ_ONCE(tcp_md5sig_pool_populated);
 }
 EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
 
@@ -4465,7 +4470,8 @@ struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
 {
        local_bh_disable();
 
-       if (tcp_md5sig_pool_populated) {
+       /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+       if (READ_ONCE(tcp_md5sig_pool_populated)) {
                /* coupled with smp_wmb() in __tcp_alloc_md5sig_pool() */
                smp_rmb();
                return this_cpu_ptr(&tcp_md5sig_pool);