xsk: avoid store-tearing when assigning umem
authorBjörn Töpel <bjorn.topel@intel.com>
Wed, 4 Sep 2019 11:49:11 +0000 (13:49 +0200)
committerDaniel Borkmann <daniel@iogearbox.net>
Thu, 5 Sep 2019 12:11:52 +0000 (14:11 +0200)
The umem member of struct xdp_sock is read outside of the control
mutex, in the mmap implementation, and needs a WRITE_ONCE to avoid
potential store-tearing.

Acked-by: Jonathan Lemon <jonathan.lemon@gmail.com>
Fixes: 423f38329d26 ("xsk: add umem fill queue support and mmap")
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
net/xdp/xsk.c

index 271d8d3fb11e2f9d938afca5ec959bd96ca4a011..8c9056f069893bdd3bc591f969252dc674fe068f 100644 (file)
@@ -644,7 +644,7 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
                }
 
                xdp_get_umem(umem_xs->umem);
-               xs->umem = umem_xs->umem;
+               WRITE_ONCE(xs->umem, umem_xs->umem);
                sockfd_put(sock);
        } else if (!xs->umem || !xdp_umem_validate_queues(xs->umem)) {
                err = -EINVAL;
@@ -751,7 +751,7 @@ static int xsk_setsockopt(struct socket *sock, int level, int optname,
 
                /* Make sure umem is ready before it can be seen by others */
                smp_wmb();
-               xs->umem = umem;
+               WRITE_ONCE(xs->umem, umem);
                mutex_unlock(&xs->mutex);
                return 0;
        }