git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Biggers <ebiggers@google.com>
	Thu, 16 Jul 2020 06:05:53 +0000 (23:05 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 23 Jul 2020 07:47:13 +0000 (09:47 +0200)
commit	81fff2b7b53dd8c023ce554d3dfe318fa0084d2e
tree	1386eb6469450e813bba9bfe46a81c6129e44354	tree \| snapshot
parent	a413200ff30d101d2de988fb301ea987c5b9b6b0	commit \| diff

/dev/mem: Add missing memory barriers for devmem_inode

WRITE_ONCE() isn't the correct way to publish a pointer to a data
structure, since it doesn't include a write memory barrier.  Therefore
other tasks may see that the pointer has been set but not see that the
pointed-to memory has finished being initialized yet.  Instead a
primitive with "release" semantics is needed.

Use smp_store_release() for this.

The use of READ_ONCE() on the read side is still potentially correct if
there's no control dependency, i.e. if all memory being "published" is
transitively reachable via the pointer itself.  But this pairing is
somewhat confusing and error-prone.  So just upgrade the read side to
smp_load_acquire() so that it clearly pairs with smp_store_release().

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 4e9fc08b0688 ("/dev/mem: Revoke mappings when a driver claims the region")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: stable <stable@vger.kernel.org>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Link: https://lore.kernel.org/r/20200716060553.24618-1-ebiggers@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>