From c679212dbfd060513e156133326122bf9f496579 Mon Sep 17 00:00:00 2001 From: Erik Gilling Date: Thu, 28 Feb 2013 16:43:18 -0800 Subject: [PATCH] staging: sync: Protect unlocked access to fence status Fence status is checked outside of locks in both sync_fence_wait and sync_fence_poll. This patch adds propper barrier protection in these cases to avoid seeing stale status. Cc: Maarten Lankhorst Cc: Erik Gilling Cc: Daniel Vetter Cc: Rob Clark Cc: Sumit Semwal Cc: dri-devel@lists.freedesktop.org Cc: Android Kernel Team Signed-off-by: Erik Gilling Signed-off-by: John Stultz Signed-off-by: Greg Kroah-Hartman --- drivers/staging/android/sync.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c index 36ffa202487..2394189c595 100644 --- a/drivers/staging/android/sync.c +++ b/drivers/staging/android/sync.c @@ -556,6 +556,16 @@ int sync_fence_cancel_async(struct sync_fence *fence, } EXPORT_SYMBOL(sync_fence_cancel_async); +static bool sync_fence_check(struct sync_fence *fence) +{ + /* + * Make sure that reads to fence->status are ordered with the + * wait queue event triggering + */ + smp_rmb(); + return fence->status != 0; +} + int sync_fence_wait(struct sync_fence *fence, long timeout) { int err = 0; @@ -563,7 +573,7 @@ int sync_fence_wait(struct sync_fence *fence, long timeout) if (timeout > 0) { timeout = msecs_to_jiffies(timeout); err = wait_event_interruptible_timeout(fence->wq, - fence->status != 0, + sync_fence_check(fence), timeout); } else if (timeout < 0) { err = wait_event_interruptible(fence->wq, fence->status != 0); @@ -630,6 +640,12 @@ static unsigned int sync_fence_poll(struct file *file, poll_table *wait) poll_wait(file, &fence->wq, wait); + /* + * Make sure that reads to fence->status are ordered with the + * wait queue event triggering + */ + smp_rmb(); + if (fence->status == 1) return POLLIN; else if (fence->status < 0) -- 2.46.0