projects / GitHub / exynos8895 / android_kernel_samsung_universal8895.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c5989e) | patch
e1000: fix data race between tx_ring->next_to_clean
authorDmitriy Vyukov <dvyukov@google.com>
Tue, 8 Sep 2015 08:52:44 +0000 (10:52 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 15 Sep 2016 06:27:38 +0000 (08:27 +0200)
commitabe2792fab39c606f21a6b4a4dab2d5090723a01
treea6ec91588632f307de32d94b3fa5f26c57d5a044tree | snapshot (tar.gz zip)
parent5c5989e0dde275bae778d6b4706cf606aca749cccommit | diff
e1000: fix data race between tx_ring->next_to_clean

[ Upstream commit 9eab46b7cb8d0b0dcf014bf7b25e0e72b9e4d929 ]

e1000_clean_tx_irq cleans buffers and sets tx_ring->next_to_clean,
then e1000_xmit_frame reuses the cleaned buffers. But there are no
memory barriers when buffers gets recycled, so the recycled buffers
can be corrupted.

Use smp_store_release to update tx_ring->next_to_clean and
smp_load_acquire to read tx_ring->next_to_clean to properly
hand off buffers from e1000_clean_tx_irq to e1000_xmit_frame.

The data race was found with KernelThreadSanitizer (KTSAN).

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/net/ethernet/intel/e1000/e1000.h diff | blob | blame | history
drivers/net/ethernet/intel/e1000/e1000_main.c diff | blob | blame | history