Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp986704ybh; Wed, 15 Jul 2020 23:09:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw8NI34KlM2dXS1BsECMJV+0C4VbH3irnRMBYpAYk4UC+4W7OEImkSliPTsNw8nXT6jZb+0 X-Received: by 2002:a17:906:1151:: with SMTP id i17mr2340955eja.535.1594879777622; Wed, 15 Jul 2020 23:09:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594879777; cv=none; d=google.com; s=arc-20160816; b=x/5vqGkAG157AW/MSsCRR8ZfBoUaiedn17h/K7DqwzoyKaOJUlfHpxgdd2Psf667SS BWne5tljvbCgtc6cbvicnx0Vzs4HVMh/ivzWWCt+S2mfp4OBaV4BXN6yXkulCvBNCud8 /GQ9pnCKYcbpcZtKLH2BEJ18ll3J1BpvvnfOgPo0XyVz9vawTPCUzD53Sk9WgTTgmoc4 NVCWBRM4Lu+X3rosIEuIa3UJrAjsQ8gmoJktz+kYg2Eu+bGUADRy1v3qfDz4VW+dKVQb 1JXSAmMvkAG/0fyY9zNIWUkBqmdP4jjhKK3zWtiLEu6RnshJ9HK489CNwQAOA/4P5KAg Nk+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=hXEnSq7zZVLNVT875/gt57O1odPTEML0WuXg/XRScLo=; b=WboFe1gut/aMrNFImMfVXTLvaCWcmOSovAv2qPqJ2Ihu/VH6f6niYusrgOYDuqMVW/ YyKtHIImE417emHVWzDAVfba/gRCLV/x8roYR8hJIKvoXLiNh7pMdf7JaexATZWGb/Mq 5AZsNdgPG4JTvhQN9M+lmEnETNH7g6De9gcPL3OVKlvCd/zR3QvwlCuC+z7F+7lMgvKr Kf17YfdIVglEimgtxNzyQsHwzkxMjsYegkl0J4OBDjiCkhmhW00GGPThkmdvtpZlmYmi gbUhgpp+imSfM3ClQ3dP500EenWY/Z/b+pF4Gq4K2J7SmHdavwIfUaWYJPMSjIBbO43r 51gw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Z70WgQlP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g2si2537351ejd.657.2020.07.15.23.09.15; Wed, 15 Jul 2020 23:09:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Z70WgQlP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727989AbgGPGHB (ORCPT + 99 others); Thu, 16 Jul 2020 02:07:01 -0400 Received: from mail.kernel.org ([198.145.29.99]:43312 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725844AbgGPGHA (ORCPT ); Thu, 16 Jul 2020 02:07:00 -0400 Received: from sol.hsd1.ca.comcast.net (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DB060206F4; Thu, 16 Jul 2020 06:06:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594879620; bh=a/Z2jsgBCNcbRZRS+qs+lrfIqcjK6kvbiG2Pc7fwMOI=; h=From:To:Cc:Subject:Date:From; b=Z70WgQlPscY4H4F+i9ex3im3FQ6W8Mc6JPHEtn0+JjRMnO9oDgTZ05k4ChRDB/HSS R5xn5ORr6e/O+PwdWFS+LdBY63MnpaFRxc9nnDNZKPUbnepRjnvjlwOrP0vkBtCKLI w/4siG6RlDUraAaUbD7C7vtcSeVFmaDBHmWLYNJo= From: Eric Biggers To: Arnd Bergmann , Greg Kroah-Hartman , linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, Dan Williams , Ingo Molnar , Kees Cook , Matthew Wilcox , Russell King , Andrew Morton Subject: [PATCH] /dev/mem: Add missing memory barriers for devmem_inode Date: Wed, 15 Jul 2020 23:05:53 -0700 Message-Id: <20200716060553.24618-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers WRITE_ONCE() isn't the correct way to publish a pointer to a data structure, since it doesn't include a write memory barrier. Therefore other tasks may see that the pointer has been set but not see that the pointed-to memory has finished being initialized yet. Instead a primitive with "release" semantics is needed. Use smp_store_release() for this. The use of READ_ONCE() on the read side is still potentially correct if there's no control dependency, i.e. if all memory being "published" is transitively reachable via the pointer itself. But this pairing is somewhat confusing and error-prone. So just upgrade the read side to smp_load_acquire() so that it clearly pairs with smp_store_release(). Cc: Dan Williams Cc: Arnd Bergmann Cc: Ingo Molnar Cc: Kees Cook Cc: Matthew Wilcox Cc: Russell King Cc: Andrew Morton Cc: Greg Kroah-Hartman Fixes: 3234ac664a87 ("/dev/mem: Revoke mappings when a driver claims the region") Signed-off-by: Eric Biggers --- drivers/char/mem.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 934c92dcb9ab..687d4af6945d 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -814,7 +814,8 @@ static struct inode *devmem_inode; #ifdef CONFIG_IO_STRICT_DEVMEM void revoke_devmem(struct resource *res) { - struct inode *inode = READ_ONCE(devmem_inode); + /* pairs with smp_store_release() in devmem_init_inode() */ + struct inode *inode = smp_load_acquire(&devmem_inode); /* * Check that the initialization has completed. Losing the race @@ -1028,8 +1029,11 @@ static int devmem_init_inode(void) return rc; } - /* publish /dev/mem initialized */ - WRITE_ONCE(devmem_inode, inode); + /* + * Publish /dev/mem initialized. + * Pairs with smp_load_acquire() in revoke_devmem(). + */ + smp_store_release(&devmem_inode, inode); return 0; } base-commit: f8456690ba8eb18ea4714e68554e242a04f65cff -- 2.27.0