diff mbox series

[v1,1/1,SRU,J:linux-bluefield,v1,1/1] UBUNTU: SAUCE: mlxbf-tmfifo: fix potential race

Message ID 8a37b9da7c896a630feab127807275f7cd7f107e.1681327632.git.limings@nvidia.com
State New
Headers show
Series UBUNTU: SAUCE: mlxbf-tmfifo: fix potential race | expand

Commit Message

Liming Sun April 12, 2023, 7:35 p.m. UTC 
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2016039

The fix adds memory barrier for the 'is_ready' flag and the 'vq'
pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race
due to out-of-order memory write.

Signed-off-by: Liming Sun <limings@nvidia.com>
---
 drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Comments

Andrei Gherzan April 13, 2023, 12:32 p.m. UTC | #1 
On 23/04/12 03:35PM, Liming Sun wrote:
> BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2016039

This should be:

BugLink: https://bugs.launchpad.net/bugs/2016039

> 
> The fix adds memory barrier for the 'is_ready' flag and the 'vq'
> pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race
> due to out-of-order memory write.
> 
> Signed-off-by: Liming Sun <limings@nvidia.com>
> ---
>  drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
> index 97956c9c9d4c..19d539fc99ae 100644
> --- a/drivers/platform/mellanox/mlxbf-tmfifo.c
> +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
> @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
>  	fifo = vring->fifo;
>  
>  	/* Return if vdev is not ready. */
> -	if (!fifo->vdev[devid])
> +	if (!fifo || !fifo->vdev[devid])
>  		return;

This change is not mentioned in the git log. Sounds like an additional
patch to me.

>  
>  	/* Return if another vring is running. */
> @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
>  			goto error;
>  		}
>  
> +		vq->priv = vring;
> +
> +		/* Make vq update visible before using it. */
> +		virtio_mb(false);
> +
>  		vqs[i] = vq;
>  		vring->vq = vq;
> -		vq->priv = vring;
>  	}
>  
>  	return 0;
> @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
>  
>  	mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
>  
> +	/* Make all updates visible before the 'is_ready' flag. */
> +	virtio_mb(false);
> +
>  	fifo->is_ready = 1;
>  	return 0;
>  
> -- 
> 2.30.1
Bartlomiej Zolnierkiewicz May 9, 2023, 11:25 a.m. UTC | #2 
On Thu, Apr 13, 2023 at 2:33 PM Liming Sun <limings@nvidia.com> wrote:
>
> BugLink: https://bugs.launchpad.net/bugs/2016039
>
> The fix adds memory barrier for the 'is_ready' flag and the 'vq'
> pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race
> due to out-of-order memory write.
>
> Signed-off-by: Liming Sun <limings@nvidia.com>
> ---
>  drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
> index 97956c9c9d4c..19d539fc99ae 100644
> --- a/drivers/platform/mellanox/mlxbf-tmfifo.c
> +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
> @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
>         fifo = vring->fifo;
>
>         /* Return if vdev is not ready. */
> -       if (!fifo->vdev[devid])
> +       if (!fifo || !fifo->vdev[devid])
>                 return;

Could you please address the v1 review comment from Andrei:

"This change is not mentioned in the git log. Sounds like an additional
patch to me"

?

Is the above change needed for a case when mlxbf_tmfifo_create_vdev() fails?

>         /* Return if another vring is running. */
> @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
>                         goto error;
>                 }
>
> +               vq->priv = vring;
> +
> +               /* Make vq update visible before using it. */
> +               virtio_mb(false);
> +
>                 vqs[i] = vq;
>                 vring->vq = vq;
> -               vq->priv = vring;
>         }
>
>         return 0;
> @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
>
>         mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
>
> +       /* Make all updates visible before the 'is_ready' flag. */
> +       virtio_mb(false);
> +
>         fifo->is_ready = 1;
>         return 0;
>

--
Best regards,
Bartlomiej
Tim Gardner June 2, 2023, 12:47 p.m. UTC | #3 
On 4/13/23 6:32 AM, Liming Sun wrote:
> BugLink: https://bugs.launchpad.net/bugs/2016039
> 
> The fix adds memory barrier for the 'is_ready' flag and the 'vq'
> pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race
> due to out-of-order memory write.
> 
> Signed-off-by: Liming Sun <limings@nvidia.com>
> ---
>   drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
> index 97956c9c9d4c..19d539fc99ae 100644
> --- a/drivers/platform/mellanox/mlxbf-tmfifo.c
> +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
> @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
>   	fifo = vring->fifo;
>   
>   	/* Return if vdev is not ready. */
> -	if (!fifo->vdev[devid])
> +	if (!fifo || !fifo->vdev[devid])
>   		return;
>   
>   	/* Return if another vring is running. */
> @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
>   			goto error;
>   		}
>   
> +		vq->priv = vring;
> +
> +		/* Make vq update visible before using it. */
> +		virtio_mb(false);
> +
>   		vqs[i] = vq;
>   		vring->vq = vq;
> -		vq->priv = vring;
>   	}
>   
>   	return 0;
> @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
>   
>   	mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
>   
> +	/* Make all updates visible before the 'is_ready' flag. */
> +	virtio_mb(false);
> +
>   	fifo->is_ready = 1;
>   	return 0;
>   
Acked-by: Tim Gardner <tim.gardner@canonical.com>

Bart has given you a one time pass on this one.
diff mbox series

Patch

diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 97956c9c9d4c..19d539fc99ae 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -922,7 +922,7 @@  static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
 	fifo = vring->fifo;
 
 	/* Return if vdev is not ready. */
-	if (!fifo->vdev[devid])
+	if (!fifo || !fifo->vdev[devid])
 		return;
 
 	/* Return if another vring is running. */
@@ -1119,9 +1119,13 @@  static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
 			goto error;
 		}
 
+		vq->priv = vring;
+
+		/* Make vq update visible before using it. */
+		virtio_mb(false);
+
 		vqs[i] = vq;
 		vring->vq = vq;
-		vq->priv = vring;
 	}
 
 	return 0;
@@ -1426,6 +1430,9 @@  static int mlxbf_tmfifo_probe(struct platform_device *pdev)
 
 	mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
 
+	/* Make all updates visible before the 'is_ready' flag. */
+	virtio_mb(false);
+
 	fifo->is_ready = 1;
 	return 0;