xsk: avoid store-tearing when assigning umem The umem member of struct xdp_sock is read outside of the control mutex, in the mmap implementation, and needs a WRITE_ONCE to avoid potential store-tearing. Acked-by: Jonathan Lemon <jonathan.lemon@gmail.com> Fixes: 423f38329d26 ("xsk: add umem fill queue support and mmap") Signed-off-by: Björn Töpel <bjorn.topel@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

commit: 9764f4b301c3e7eb3b75eec85b73cad449cdbb0d [log] [tgz]
author: Björn Töpel <bjorn.topel@intel.com> Wed Sep 04 13:49:11 2019 +0200
committer: Daniel Borkmann <daniel@iogearbox.net> Thu Sep 05 14:11:52 2019 +0200
tree: 31b08153807248a101bd3d1c5018c3d9b5fd45ab
parent: 94a997637c5b562fa0ca44fca1d2cd02ec08236f [diff] [blame]
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 271d8d3..8c9056f 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c

@@ -644,7 +644,7 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
 		}
 
 		xdp_get_umem(umem_xs->umem);
-		xs->umem = umem_xs->umem;
+		WRITE_ONCE(xs->umem, umem_xs->umem);
 		sockfd_put(sock);
 	} else if (!xs->umem || !xdp_umem_validate_queues(xs->umem)) {
 		err = -EINVAL;
@@ -751,7 +751,7 @@ static int xsk_setsockopt(struct socket *sock, int level, int optname,
 
 		/* Make sure umem is ready before it can be seen by others */
 		smp_wmb();
-		xs->umem = umem;
+		WRITE_ONCE(xs->umem, umem);
 		mutex_unlock(&xs->mutex);
 		return 0;
 	}
commit	9764f4b301c3e7eb3b75eec85b73cad449cdbb0d	[log] [tgz]
author	Björn Töpel <bjorn.topel@intel.com>	Wed Sep 04 13:49:11 2019 +0200
committer	Daniel Borkmann <daniel@iogearbox.net>	Thu Sep 05 14:11:52 2019 +0200
tree	31b08153807248a101bd3d1c5018c3d9b5fd45ab
parent	94a997637c5b562fa0ca44fca1d2cd02ec08236f [diff] [blame]