Commit 9ff3a5c8 authored by David Riley's avatar David Riley Committed by Gerd Hoffmann

drm/virtio: Add memory barriers for capset cache.

After data is copied to the cache entry, atomic_set is used indicate
that the data is the entry is valid without appropriate memory barriers.
Similarly the read side was missing the corresponding memory barriers.
Signed-off-by: default avatarDavid Riley <davidriley@chromium.org>
Link: http://patchwork.freedesktop.org/patch/msgid/20190610211810.253227-5-davidriley@chromium.orgSigned-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
parent 47b757fb
...@@ -540,6 +540,9 @@ static int virtio_gpu_get_caps_ioctl(struct drm_device *dev, ...@@ -540,6 +540,9 @@ static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,
if (!ret) if (!ret)
return -EBUSY; return -EBUSY;
/* is_valid check must proceed before copy of the cache entry. */
smp_rmb();
ptr = cache_ent->caps_cache; ptr = cache_ent->caps_cache;
if (copy_to_user(u64_to_user_ptr(args->addr), ptr, size)) if (copy_to_user(u64_to_user_ptr(args->addr), ptr, size))
......
...@@ -593,6 +593,8 @@ static void virtio_gpu_cmd_capset_cb(struct virtio_gpu_device *vgdev, ...@@ -593,6 +593,8 @@ static void virtio_gpu_cmd_capset_cb(struct virtio_gpu_device *vgdev,
cache_ent->id == le32_to_cpu(cmd->capset_id)) { cache_ent->id == le32_to_cpu(cmd->capset_id)) {
memcpy(cache_ent->caps_cache, resp->capset_data, memcpy(cache_ent->caps_cache, resp->capset_data,
cache_ent->size); cache_ent->size);
/* Copy must occur before is_valid is signalled. */
smp_wmb();
atomic_set(&cache_ent->is_valid, 1); atomic_set(&cache_ent->is_valid, 1);
break; break;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment