| Message ID | 8a37b9da7c896a630feab127807275f7cd7f107e.1681327632.git.limings@nvidia.com |
|---|---|
| State | New |
| Headers | show |
| Series | UBUNTU: SAUCE: mlxbf-tmfifo: fix potential race | expand |
On 23/04/12 03:35PM, Liming Sun wrote: > BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2016039 This should be: BugLink: https://bugs.launchpad.net/bugs/2016039 > > The fix adds memory barrier for the 'is_ready' flag and the 'vq' > pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race > due to out-of-order memory write. > > Signed-off-by: Liming Sun <limings@nvidia.com> > --- > drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c > index 97956c9c9d4c..19d539fc99ae 100644 > --- a/drivers/platform/mellanox/mlxbf-tmfifo.c > +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c > @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx) > fifo = vring->fifo; > > /* Return if vdev is not ready. */ > - if (!fifo->vdev[devid]) > + if (!fifo || !fifo->vdev[devid]) > return; This change is not mentioned in the git log. Sounds like an additional patch to me. > > /* Return if another vring is running. */ > @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev, > goto error; > } > > + vq->priv = vring; > + > + /* Make vq update visible before using it. */ > + virtio_mb(false); > + > vqs[i] = vq; > vring->vq = vq; > - vq->priv = vring; > } > > return 0; > @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev) > > mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL); > > + /* Make all updates visible before the 'is_ready' flag. */ > + virtio_mb(false); > + > fifo->is_ready = 1; > return 0; > > -- > 2.30.1
On Thu, Apr 13, 2023 at 2:33 PM Liming Sun <limings@nvidia.com> wrote: > > BugLink: https://bugs.launchpad.net/bugs/2016039 > > The fix adds memory barrier for the 'is_ready' flag and the 'vq' > pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race > due to out-of-order memory write. > > Signed-off-by: Liming Sun <limings@nvidia.com> > --- > drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c > index 97956c9c9d4c..19d539fc99ae 100644 > --- a/drivers/platform/mellanox/mlxbf-tmfifo.c > +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c > @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx) > fifo = vring->fifo; > > /* Return if vdev is not ready. */ > - if (!fifo->vdev[devid]) > + if (!fifo || !fifo->vdev[devid]) > return; Could you please address the v1 review comment from Andrei: "This change is not mentioned in the git log. Sounds like an additional patch to me" ? Is the above change needed for a case when mlxbf_tmfifo_create_vdev() fails? > /* Return if another vring is running. */ > @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev, > goto error; > } > > + vq->priv = vring; > + > + /* Make vq update visible before using it. */ > + virtio_mb(false); > + > vqs[i] = vq; > vring->vq = vq; > - vq->priv = vring; > } > > return 0; > @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev) > > mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL); > > + /* Make all updates visible before the 'is_ready' flag. */ > + virtio_mb(false); > + > fifo->is_ready = 1; > return 0; > -- Best regards, Bartlomiej
On 4/13/23 6:32 AM, Liming Sun wrote: > BugLink: https://bugs.launchpad.net/bugs/2016039 > > The fix adds memory barrier for the 'is_ready' flag and the 'vq' > pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race > due to out-of-order memory write. > > Signed-off-by: Liming Sun <limings@nvidia.com> > --- > drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c > index 97956c9c9d4c..19d539fc99ae 100644 > --- a/drivers/platform/mellanox/mlxbf-tmfifo.c > +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c > @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx) > fifo = vring->fifo; > > /* Return if vdev is not ready. */ > - if (!fifo->vdev[devid]) > + if (!fifo || !fifo->vdev[devid]) > return; > > /* Return if another vring is running. */ > @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev, > goto error; > } > > + vq->priv = vring; > + > + /* Make vq update visible before using it. */ > + virtio_mb(false); > + > vqs[i] = vq; > vring->vq = vq; > - vq->priv = vring; > } > > return 0; > @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev) > > mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL); > > + /* Make all updates visible before the 'is_ready' flag. */ > + virtio_mb(false); > + > fifo->is_ready = 1; > return 0; > Acked-by: Tim Gardner <tim.gardner@canonical.com> Bart has given you a one time pass on this one.
diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c index 97956c9c9d4c..19d539fc99ae 100644 --- a/drivers/platform/mellanox/mlxbf-tmfifo.c +++ b/drivers/platform/mellanox/mlxbf-tmfifo.c @@ -922,7 +922,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx) fifo = vring->fifo; /* Return if vdev is not ready. */ - if (!fifo->vdev[devid]) + if (!fifo || !fifo->vdev[devid]) return; /* Return if another vring is running. */ @@ -1119,9 +1119,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev, goto error; } + vq->priv = vring; + + /* Make vq update visible before using it. */ + virtio_mb(false); + vqs[i] = vq; vring->vq = vq; - vq->priv = vring; } return 0; @@ -1426,6 +1430,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev) mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL); + /* Make all updates visible before the 'is_ready' flag. */ + virtio_mb(false); + fifo->is_ready = 1; return 0;
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2016039 The fix adds memory barrier for the 'is_ready' flag and the 'vq' pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race due to out-of-order memory write. Signed-off-by: Liming Sun <limings@nvidia.com> --- drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)