[PATCH] xen: xenbus: Fix a possible data race in xs_request_enter

From: Jia-Ju Bai
Date: Mon May 07 2018 - 23:34:43 EST

Next message: Nicholas Piggin: "Re: [PATCH 08/15] powerpc/powernv: implement opal_put_chars_atomic"
Previous message: Jia-Ju Bai: "Re: [PATCH] watchdog: mena21_wdt: Fix a possible data race in a21_wdt_set_timeout"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The read operation to "req->type" is protected by
the lock on line 128, but the write operation to
this data on line 118 is not protected by the lock.
Thus, there may exist a data race for "req->type".

To fix this data race, the write operation to "req->type"
should be also protected by the lock.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
drivers/xen/xenbus/xenbus_xs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
index 49a3874ae6bb..274cdfee08b1 100644
--- a/drivers/xen/xenbus/xenbus_xs.c
+++ b/drivers/xen/xenbus/xenbus_xs.c
@@ -115,10 +115,10 @@ static uint32_t xs_request_enter(struct xb_req_data *req)
{
uint32_t rq_id;

- req->type = req->msg.type;
-
spin_lock(&xs_state_lock);

+ req->type = req->msg.type;
+
while (!xs_state_users && xs_suspend_active) {
spin_unlock(&xs_state_lock);
wait_event(xs_state_enter_wq, xs_suspend_active == 0);
--
2.17.0

Next message: Nicholas Piggin: "Re: [PATCH 08/15] powerpc/powernv: implement opal_put_chars_atomic"
Previous message: Jia-Ju Bai: "Re: [PATCH] watchdog: mena21_wdt: Fix a possible data race in a21_wdt_set_timeout"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]