diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2015-09-21 09:43:06 +0200 |
|---|---|---|
| committer | Jeff Layton <jeff.layton@primarydata.com> | 2015-09-21 13:27:35 +0200 |
| commit | 128a37852234c1bd68eee4e7447f5362778009b8 (patch) | |
| tree | 8f03feb85b58f1de45dff01387ac2736fc971585 /lib/fonts | |
| parent | locks: change tracepoint for generic_add_lease (diff) | |
| download | linux-128a37852234c1bd68eee4e7447f5362778009b8.tar.xz linux-128a37852234c1bd68eee4e7447f5362778009b8.zip | |
fs: fix data races on inode->i_flctx
locks_get_lock_context() uses cmpxchg() to install i_flctx.
cmpxchg() is a release operation which is correct. But it uses
a plain load to load i_flctx. This is incorrect. Subsequent loads
from i_flctx can hoist above the load of i_flctx pointer itself
and observe uninitialized garbage there. This in turn can lead
to corruption of ctx->flc_lock and other members.
Documentation/memory-barriers.txt explicitly requires to use
a barrier in such context:
"A load-load control dependency requires a full read memory barrier".
Use smp_load_acquire() in locks_get_lock_context() and in bunch
of other functions that can proceed concurrently with
locks_get_lock_context().
The data race was found with KernelThreadSanitizer (KTSAN).
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Diffstat (limited to 'lib/fonts')
0 files changed, 0 insertions, 0 deletions