From a4ff09a101fd46865d43f488420b87c2cf58e904 Mon Sep 17 00:00:00 2001 From: Magnus Karlsson Date: Mon, 4 Mar 2019 15:34:39 +0000 Subject: [PATCH] xsk: add missing smp_rmb() in xsk_mmap mainline inclusion from mainline-v5.0-rc7 commit e6762c8bcf98 category: bugfix bugzilla: 10762 CVE: NA ------------------------------------------------- All the setup code in AF_XDP is protected by a mutex with the exception of the mmap code that cannot use it. To make sure that a process banging on the mmap call at the same time as another process is setting up the socket, smp_wmb() calls were added in the umem registration code and the queue creation code, so that the published structures that xsk_mmap needs would be consistent. However, the corresponding smp_rmb() calls were not added to the xsk_mmap code. This patch adds these calls. Fixes: 37b076933a8e3 ("xsk: add missing write- and data-dependency barrier") Fixes: c0c77d8fb787c ("xsk: add user memory registration support sockopt") Signed-off-by: Magnus Karlsson Signed-off-by: Alexei Starovoitov Signed-off-by: Lin Miaohe Reviewed-by: Mao Wenan Signed-off-by: Yang Yingliang --- net/xdp/xsk.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index ff15207036dc..547fc4554b22 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -661,6 +661,8 @@ static int xsk_mmap(struct file *file, struct socket *sock, if (!umem) return -EINVAL; + /* Matches the smp_wmb() in XDP_UMEM_REG */ + smp_rmb(); if (offset == XDP_UMEM_PGOFF_FILL_RING) q = READ_ONCE(umem->fq); else if (offset == XDP_UMEM_PGOFF_COMPLETION_RING) @@ -670,6 +672,8 @@ static int xsk_mmap(struct file *file, struct socket *sock, if (!q) return -EINVAL; + /* Matches the smp_wmb() in xsk_init_queue */ + smp_rmb(); qpg = virt_to_head_page(q->ring); if (size > (PAGE_SIZE << compound_order(qpg))) return -EINVAL; -- GitLab