Received: by 2002:a17:90b:8d0:0:0:0:0 with SMTP id ds16csp4880126pjb; Mon, 27 Jul 2020 07:28:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzebtF5ek9wHw/7AAF/9lAQcr009ZI7LcIWbrPDfAyWhekQJ+dABJHWST2WfllNEukCJ6wz X-Received: by 2002:aa7:d44f:: with SMTP id q15mr20710125edr.340.1595860111920; Mon, 27 Jul 2020 07:28:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595860111; cv=none; d=google.com; s=arc-20160816; b=DP5akNJECQEFiSnEy9qRYmhwsFxSAui3Q2S/yOc07LRhNlrj0/pQ81eba9trCjatf3 /ByXnmvP95Zh7U/fyVl5W/FEFMr5eQL/jqH3OUPWzwJEtkuLiX8lH80FLXbqLdJNLtZ6 GkJ1uhbOIlqKlv3JbWnuugbn2I3FgMP1PsXpXbrd31aJr7I5VBzv7y/njtD+ZJUkr3oT 2eTCXBgLDa5FOjvwnRFkLaMGCy6dia074U+kJB2T9xVYEZGrU6y3VUs4impIFfbFEdn9 JnBvdyTjHwrivgXDPjkzacVFGlGgIlDJ5EziXc1FIRMiHGHgZUw7DJF604vo8Js0jaMH GoWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=G8pTsjbmEhxSF6/Uppikn5QrsCKjqfO/oPzs9GvLbjw=; b=CZdaEwScgOZzEDaoONHAaX1V0BoI50NdievpoELgJe9FBdSdfLHPeg79Jz/sN4j/ip 82cTfLAebxfZEjKUd0vUcsodYKItfJmqgdpm7u0SF8GXvGN7nEBezJ5n41GU4ZorWspJ n1Mj5uVSMSEu+O13b/yt4dG2n/tRyXVONkyNkx6egHHeiHgdnj4RGRgER//rol1K3Y98 MjcYKdfloToow0yjVC8ypmcn7GP77xz2TUHia4HSnuNWLTobAYRdz5/BlG8U0w49SvUO hJSm30fzLXQ8WqmBan2FGbhrm+tDVxbyV86sTbx9qXSv3y+8zn0Dmrjh1SmR4vM8k1kh 1b4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=UcONdk9z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s6si4179722ejy.110.2020.07.27.07.28.09; Mon, 27 Jul 2020 07:28:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=UcONdk9z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732615AbgG0O0b (ORCPT + 99 others); Mon, 27 Jul 2020 10:26:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:56718 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732592AbgG0O02 (ORCPT ); Mon, 27 Jul 2020 10:26:28 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6405D2070A; Mon, 27 Jul 2020 14:26:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595859987; bh=W+aZnU5vNg9bWZKBSUOjo0QnhgEt+zvcWQNSDiewMUg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UcONdk9zduLmDFq1eTHumMdy6mL6mjfF2QkNG36aTMXCy5nh7KFbyZqTA04G1iKXy zSId63I0iLMXZj+2XkNjHmEMN0Zg6Qzwm7KBG+LO0XVhjqmUWVq+QYN7Ratof6WnQ8 l2R+7Yrc90Xi0+JbEFdC7YYxCG9Fh1tuN8UMFU8k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , Ingo Molnar , Kees Cook , Matthew Wilcox , Russell King , Andrew Morton , Eric Biggers , Dan Williams Subject: [PATCH 5.7 155/179] /dev/mem: Add missing memory barriers for devmem_inode Date: Mon, 27 Jul 2020 16:05:30 +0200 Message-Id: <20200727134940.222949527@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727134932.659499757@linuxfoundation.org> References: <20200727134932.659499757@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers commit b34e7e298d7a5ed76b3aa327c240c29f1ef6dd22 upstream. WRITE_ONCE() isn't the correct way to publish a pointer to a data structure, since it doesn't include a write memory barrier. Therefore other tasks may see that the pointer has been set but not see that the pointed-to memory has finished being initialized yet. Instead a primitive with "release" semantics is needed. Use smp_store_release() for this. The use of READ_ONCE() on the read side is still potentially correct if there's no control dependency, i.e. if all memory being "published" is transitively reachable via the pointer itself. But this pairing is somewhat confusing and error-prone. So just upgrade the read side to smp_load_acquire() so that it clearly pairs with smp_store_release(). Cc: Arnd Bergmann Cc: Ingo Molnar Cc: Kees Cook Cc: Matthew Wilcox Cc: Russell King Cc: Andrew Morton Fixes: 3234ac664a87 ("/dev/mem: Revoke mappings when a driver claims the region") Signed-off-by: Eric Biggers Cc: stable Acked-by: Dan Williams Link: https://lore.kernel.org/r/20200716060553.24618-1-ebiggers@kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/char/mem.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -814,7 +814,8 @@ static struct inode *devmem_inode; #ifdef CONFIG_IO_STRICT_DEVMEM void revoke_devmem(struct resource *res) { - struct inode *inode = READ_ONCE(devmem_inode); + /* pairs with smp_store_release() in devmem_init_inode() */ + struct inode *inode = smp_load_acquire(&devmem_inode); /* * Check that the initialization has completed. Losing the race @@ -1028,8 +1029,11 @@ static int devmem_init_inode(void) return rc; } - /* publish /dev/mem initialized */ - WRITE_ONCE(devmem_inode, inode); + /* + * Publish /dev/mem initialized. + * Pairs with smp_load_acquire() in revoke_devmem(). + */ + smp_store_release(&devmem_inode, inode); return 0; }