markers: fix markers read barrier for multiple probes

Paul pointed out two incorrect read barriers in the marker handler code in
the path where multiple probes are connected.  Those are ordering reads of
"ptype" (single or multi probe marker), "multi" array pointer, and "multi"
array data access.

It should be ordered like this :

read ptype
smp_rmb()
read multi array pointer
smp_read_barrier_depends()
access data referenced by multi array pointer

The code with a single probe connected (optimized case, does not have to
allocate an array) has correct memory ordering.

It applies to kernel 2.6.26.x, 2.6.25.x and linux-next.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: <stable@kernel.org>		[2.6.25.x, 2.6.26.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/marker.c b/kernel/marker.c
index 971da531790316bbe4bff400d7dec77e46c76a42..7d1faecd7a51bd643cc1e10f0f2048765136bf16 100644 (file)
--- a/kernel/marker.c
+++ b/kernel/marker.c
@@ -125,6 +125,11 @@ void marker_probe_cb(const struct marker *mdata, void *call_private, ...)
        } else {
                struct marker_probe_closure *multi;
                int i;
+               /*
+                * Read mdata->ptype before mdata->multi.
+                */
+               smp_rmb();
+               multi = mdata->multi;
                /*
                 * multi points to an array, therefore accessing the array
                 * depends on reading multi. However, even in this case,
@@ -133,7 +138,6 @@ void marker_probe_cb(const struct marker *mdata, void *call_private, ...)
                 * in the fast path, so put the explicit barrier here.
                 */
                smp_read_barrier_depends();
-               multi = mdata->multi;
                for (i = 0; multi[i].func; i++) {
                        va_start(args, call_private);
                        multi[i].func(multi[i].probe_private, call_private,
@@ -174,6 +178,11 @@ void marker_probe_cb_noarg(const struct marker *mdata, void *call_private, ...)
        } else {
                struct marker_probe_closure *multi;
                int i;
+               /*
+                * Read mdata->ptype before mdata->multi.
+                */
+               smp_rmb();
+               multi = mdata->multi;
                /*
                 * multi points to an array, therefore accessing the array
                 * depends on reading multi. However, even in this case,
@@ -182,7 +191,6 @@ void marker_probe_cb_noarg(const struct marker *mdata, void *call_private, ...)
                 * in the fast path, so put the explicit barrier here.
                 */
                smp_read_barrier_depends();
-               multi = mdata->multi;
                for (i = 0; multi[i].func; i++)
                        multi[i].func(multi[i].probe_private, call_private,
                                mdata->format, &args);