Google Git
Sign in
kernel / pub / scm / linux / kernel / git / tytso / fscrypt / e37a784d8b6a1e726de5ddc7b4809c086a08db09
commite37a784d8b6a1e726de5ddc7b4809c086a08db09[log] [tgz]
authorEric Biggers <ebiggers@google.com>Thu Apr 11 14:32:15 2019 -0700
committerTheodore Ts'o <tytso@mit.edu>Tue Apr 16 18:57:09 2019 -0400
tree965d40cec69107aba4324f72db93d896b12d0737
parentff5d3a97075c65731a46453d36e75b9cf925e165 [diff]
fscrypt: use READ_ONCE() to access ->i_crypt_info

->i_crypt_info starts out NULL and may later be locklessly set to a
non-NULL value by the cmpxchg() in fscrypt_get_encryption_info().

But ->i_crypt_info is used directly, which technically is incorrect.
It's a data race, and it doesn't include the data dependency barrier
needed to safely dereference the pointer on at least one architecture.

Fix this by using READ_ONCE() instead.  Note: we don't need to use
smp_load_acquire(), since dereferencing the pointer only requires a data
dependency barrier, which is already included in READ_ONCE().  We also
don't need READ_ONCE() in places where ->i_crypt_info is unconditionally
dereferenced, since it must have already been checked.

Also downgrade the cmpxchg() to cmpxchg_release(), since RELEASE
semantics are sufficient on the write side.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
5 files changed
tree: 965d40cec69107aba4324f72db93d896b12d0737
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README