git.stricted.de - GitHub/moto-9609/android_kernel_motorola

author	Michael S. Tsirkin <mst@redhat.com>
	Sun, 19 Feb 2017 05:17:17 +0000 (07:17 +0200)
committer	David S. Miller <davem@davemloft.net>
	Mon, 20 Feb 2017 15:27:56 +0000 (10:27 -0500)
commit	e71695307114335be1ed912f4a347396c2ed0e69
tree	f3a8f1e60b278f704a733f653fcd611cab6773f7	tree \| snapshot (tar.gz zip)
parent	d4e854ccd6410687bf82af3fe49d2df9793d80b4	commit \| diff

ptr_ring: fix race conditions when resizing

Resizing currently drops consumer lock.  This can cause entries to be
reordered, which isn't good in itself.  More importantly, consumer can
detect a false ring empty condition and block forever.

Further, nesting of consumer within producer lock is problematic for
tun, since it produces entries in a BH, which causes a lock order
reversal:

       CPU0                    CPU1
       ----                    ----
  consume:
  lock(&(&r->consumer_lock)->rlock);
                               resize:
                               local_irq_disable();
                               lock(&(&r->producer_lock)->rlock);
                               lock(&(&r->consumer_lock)->rlock);
  <Interrupt>
  produce:
  lock(&(&r->producer_lock)->rlock);

To fix, nest producer lock within consumer lock during resize,
and keep consumer lock during the whole swap operation.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: stable@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>