• Dmitry Vyukov's avatar
    fs: fix data races on inode->i_flctx · 128a3785
    Dmitry Vyukov authored
    locks_get_lock_context() uses cmpxchg() to install i_flctx.
    cmpxchg() is a release operation which is correct. But it uses
    a plain load to load i_flctx. This is incorrect. Subsequent loads
    from i_flctx can hoist above the load of i_flctx pointer itself
    and observe uninitialized garbage there. This in turn can lead
    to corruption of ctx->flc_lock and other members.
    Documentation/memory-barriers.txt explicitly requires to use
    a barrier in such context:
    "A load-load control dependency requires a full read memory barrier".
    Use smp_load_acquire() in locks_get_lock_context() and in bunch
    of other functions that can proceed concurrently with
    The data race was found with KernelThreadSanitizer (KTSAN).
    Signed-off-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Signed-off-by: default avatarJeff Layton <jeff.layton@primarydata.com>
locks.c 69.8 KB