[PATCH 2/2] file: ensure ordering between memory reallocation and pointer check
From: Christian Brauner
Date: Fri Sep 29 2023 - 15:49:39 EST
by ensuring that all subsequent loads have a dependency on the second
load from *f.
Reported-by: Jann Horn <jannh@xxxxxxxxxx>
Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
---
fs/file.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/fs/file.c b/fs/file.c
index e983cf3b9e01..8d3c10dfb98a 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -857,6 +857,8 @@ struct file *get_file_rcu(struct file __rcu **f)
{
for (;;) {
struct file __rcu *file;
+ struct file __rcu *file_reloaded;
+ struct file __rcu *file_reloaded_cmp;
file = rcu_dereference_raw(*f);
if (!file)
@@ -877,9 +879,15 @@ struct file *get_file_rcu(struct file __rcu **f)
* If the pointers don't match the file has been
* reallocated by SLAB_TYPESAFE_BY_RCU. So verify that
* we're holding the right reference.
+ *
+ * Ensure that all accesses have a dependency on the
+ * load from rcu_dereference_raw().
*/
- if (file == rcu_access_pointer(*f))
- return rcu_pointer_handoff(file);
+ file_reloaded = rcu_dereference_raw(*f);
+ file_reloaded_cmp = file_reloaded;
+ OPTIMIZER_HIDE_VAR(file_reloaded_cmp);
+ if (file == file_reloaded_cmp)
+ return file_reloaded;
fput(file);
}
--
2.34.1
--b3zz657ciemz5u3k--