Author: mw
Date: Fri Sep 4 11:22:18 2020
New Revision: 365326
URL: https://svnweb.freebsd.org/changeset/base/365326
Log:
MFC: r346593
Add barrier in buf ring peek function to prevent race in ARM and ARM64.
Obtained from: Semihalf
Sponsored by: Amazon, Inc.
Modified:
stable/12/sys/sys/buf_ring.h
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/sys/buf_ring.h
==============================================================================
--- stable/12/sys/sys/buf_ring.h Fri Sep 4 04:31:56 2020
(r365325)
+++ stable/12/sys/sys/buf_ring.h Fri Sep 4 11:22:18 2020
(r365326)
@@ -310,14 +310,23 @@ buf_ring_peek_clear_sc(struct buf_ring *br)
if (!mtx_owned(br->br_lock))
panic("lock not held on single consumer dequeue");
#endif
- /*
- * I believe it is safe to not have a memory barrier
- * here because we control cons and tail is worst case
- * a lagging indicator so we worst case we might
- * return NULL immediately after a buffer has been enqueued
- */
+
if (br->br_cons_head == br->br_prod_tail)
return (NULL);
+
+#if defined(__arm__) || defined(__aarch64__)
+ /*
+ * The barrier is required there on ARM and ARM64 to ensure, that
+ * br->br_ring[br->br_cons_head] will not be fetched before the above
+ * condition is checked.
+ * Without the barrier, it is possible, that buffer will be fetched
+ * before the enqueue will put mbuf into br, then, in the meantime, the
+ * enqueue will update the array and the br_prod_tail, and the
+ * conditional check will be true, so we will return previously fetched
+ * (and invalid) buffer.
+ */
+ atomic_thread_fence_acq();
+#endif
#ifdef DEBUG_BUFRING
/*
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
