From: Erik Gilling Date: Fri, 1 Mar 2013 00:43:18 +0000 (-0800) Subject: staging: sync: Protect unlocked access to fence status X-Git-Tag: v3.12-rc1~1000^2~818 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c679212dbfd060513e156133326122bf9f496579;p=kernel%2Fkernel-generic.git staging: sync: Protect unlocked access to fence status Fence status is checked outside of locks in both sync_fence_wait and sync_fence_poll. This patch adds propper barrier protection in these cases to avoid seeing stale status. Cc: Maarten Lankhorst Cc: Erik Gilling Cc: Daniel Vetter Cc: Rob Clark Cc: Sumit Semwal Cc: dri-devel@lists.freedesktop.org Cc: Android Kernel Team Signed-off-by: Erik Gilling Signed-off-by: John Stultz Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c index 36ffa20..2394189 100644 --- a/drivers/staging/android/sync.c +++ b/drivers/staging/android/sync.c @@ -556,6 +556,16 @@ int sync_fence_cancel_async(struct sync_fence *fence, } EXPORT_SYMBOL(sync_fence_cancel_async); +static bool sync_fence_check(struct sync_fence *fence) +{ + /* + * Make sure that reads to fence->status are ordered with the + * wait queue event triggering + */ + smp_rmb(); + return fence->status != 0; +} + int sync_fence_wait(struct sync_fence *fence, long timeout) { int err = 0; @@ -563,7 +573,7 @@ int sync_fence_wait(struct sync_fence *fence, long timeout) if (timeout > 0) { timeout = msecs_to_jiffies(timeout); err = wait_event_interruptible_timeout(fence->wq, - fence->status != 0, + sync_fence_check(fence), timeout); } else if (timeout < 0) { err = wait_event_interruptible(fence->wq, fence->status != 0); @@ -630,6 +640,12 @@ static unsigned int sync_fence_poll(struct file *file, poll_table *wait) poll_wait(file, &fence->wq, wait); + /* + * Make sure that reads to fence->status are ordered with the + * wait queue event triggering + */ + smp_rmb(); + if (fence->status == 1) return POLLIN; else if (fence->status < 0)