diff options
| author | David Howells <dhowells@redhat.com> | 2016-03-04 10:58:06 -0500 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-03-04 10:58:06 -0500 |
| commit | ee72b9fddb41a2087b4a7aa74791ef1700f3f6cc (patch) | |
| tree | 36725c70bc83ff45d66bdb4f7b3377d09722e4e7 | |
| parent | b4f1342f915201ee15ef6890857b5469879ee402 (diff) | |
rxrpc: Use ACCESS_ONCE() when accessing circular buffer pointers
Use ACCESS_ONCE() when accessing the other-end pointer into a circular
buffer as it's possible the other-end pointer might change whilst we're
doing this, and if we access it twice, we might get some weird things
happening.
Signed-off-by: David Howells <dhowells@redhat.com>
| -rw-r--r-- | net/rxrpc/ar-output.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c index 353f5c9141ea..14c8df6b7f41 100644 --- a/net/rxrpc/ar-output.c +++ b/net/rxrpc/ar-output.c | |||
| @@ -401,7 +401,8 @@ static int rxrpc_wait_for_tx_window(struct rxrpc_sock *rx, | |||
| 401 | int ret; | 401 | int ret; |
| 402 | 402 | ||
| 403 | _enter(",{%d},%ld", | 403 | _enter(",{%d},%ld", |
| 404 | CIRC_SPACE(call->acks_head, call->acks_tail, call->acks_winsz), | 404 | CIRC_SPACE(call->acks_head, ACCESS_ONCE(call->acks_tail), |
| 405 | call->acks_winsz), | ||
| 405 | *timeo); | 406 | *timeo); |
| 406 | 407 | ||
| 407 | add_wait_queue(&call->tx_waitq, &myself); | 408 | add_wait_queue(&call->tx_waitq, &myself); |
| @@ -409,7 +410,7 @@ static int rxrpc_wait_for_tx_window(struct rxrpc_sock *rx, | |||
| 409 | for (;;) { | 410 | for (;;) { |
| 410 | set_current_state(TASK_INTERRUPTIBLE); | 411 | set_current_state(TASK_INTERRUPTIBLE); |
| 411 | ret = 0; | 412 | ret = 0; |
| 412 | if (CIRC_SPACE(call->acks_head, call->acks_tail, | 413 | if (CIRC_SPACE(call->acks_head, ACCESS_ONCE(call->acks_tail), |
| 413 | call->acks_winsz) > 0) | 414 | call->acks_winsz) > 0) |
| 414 | break; | 415 | break; |
| 415 | if (signal_pending(current)) { | 416 | if (signal_pending(current)) { |
| @@ -570,7 +571,8 @@ static int rxrpc_send_data(struct rxrpc_sock *rx, | |||
| 570 | 571 | ||
| 571 | _debug("alloc"); | 572 | _debug("alloc"); |
| 572 | 573 | ||
| 573 | if (CIRC_SPACE(call->acks_head, call->acks_tail, | 574 | if (CIRC_SPACE(call->acks_head, |
| 575 | ACCESS_ONCE(call->acks_tail), | ||
| 574 | call->acks_winsz) <= 0) { | 576 | call->acks_winsz) <= 0) { |
| 575 | ret = -EAGAIN; | 577 | ret = -EAGAIN; |
| 576 | if (msg->msg_flags & MSG_DONTWAIT) | 578 | if (msg->msg_flags & MSG_DONTWAIT) |
| @@ -686,7 +688,8 @@ static int rxrpc_send_data(struct rxrpc_sock *rx, | |||
| 686 | sp->hdr.flags = conn->out_clientflag; | 688 | sp->hdr.flags = conn->out_clientflag; |
| 687 | if (msg_data_left(msg) == 0 && !more) | 689 | if (msg_data_left(msg) == 0 && !more) |
| 688 | sp->hdr.flags |= RXRPC_LAST_PACKET; | 690 | sp->hdr.flags |= RXRPC_LAST_PACKET; |
| 689 | else if (CIRC_SPACE(call->acks_head, call->acks_tail, | 691 | else if (CIRC_SPACE(call->acks_head, |
| 692 | ACCESS_ONCE(call->acks_tail), | ||
| 690 | call->acks_winsz) > 1) | 693 | call->acks_winsz) > 1) |
| 691 | sp->hdr.flags |= RXRPC_MORE_PACKETS; | 694 | sp->hdr.flags |= RXRPC_MORE_PACKETS; |
| 692 | if (more && seq & 1) | 695 | if (more && seq & 1) |