summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLiming Sun <limings@nvidia.com>2023-04-26 10:23:44 -0400
committerHans de Goede <hdegoede@redhat.com>2023-05-09 11:54:35 +0200
commit3d43f9f639542fadfb28f40b509bf147a6624d48 (patch)
tree2c6f87557b386d54a5458f9d0f18887718a2e782
parent4b65f95c87c35699bc6ad540d6b9dd7f950d0924 (diff)
platform/mellanox: fix potential race in mlxbf-tmfifo driver
This commit adds memory barrier for the 'vq' update in function mlxbf_tmfifo_virtio_find_vqs() to avoid potential race due to out-of-order memory write. It also adds barrier for the 'is_ready' flag to make sure the initializations are visible before this flag is checked. Signed-off-by: Liming Sun <limings@nvidia.com> Reviewed-by: Vadim Pasternak <vadimp@nvidia.com> Link: https://lore.kernel.org/r/b98c0ab61d644ba38fa9b3fd1607b138b0dd820b.1682518748.git.limings@nvidia.com Signed-off-by: Hans de Goede <hdegoede@redhat.com>
-rw-r--r--drivers/platform/mellanox/mlxbf-tmfifo.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 91a077c35b8b..a79318e90a13 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -784,7 +784,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
fifo = vring->fifo;
/* Return if vdev is not ready. */
- if (!fifo->vdev[devid])
+ if (!fifo || !fifo->vdev[devid])
return;
/* Return if another vring is running. */
@@ -980,9 +980,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
vq->num_max = vring->num;
+ vq->priv = vring;
+
+ /* Make vq update visible before using it. */
+ virtio_mb(false);
+
vqs[i] = vq;
vring->vq = vq;
- vq->priv = vring;
}
return 0;
@@ -1302,6 +1306,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
+ /* Make all updates visible before setting the 'is_ready' flag. */
+ virtio_mb(false);
+
fifo->is_ready = true;
return 0;