Re: [PATCH] hidraw: fix list->buffer race condition

[PATCH] hidraw: fix list->buffer race condition · Gary King <hidden> · 2016-10-05
Re: [PATCH] hidraw: fix list->buffer race condition · Benjamin Tissoires <hidden> · 2016-10-05
Re: [PATCH] hidraw: fix list->buffer race condition · Jiri Kosina <jikos@kernel.org> · 2016-10-07
Re: [PATCH] hidraw: fix list->buffer race condition · Jiri Kosina <jikos@kernel.org> · 2016-10-07
Re: [PATCH] hidraw: fix list->buffer race condition · Gary King <hidden> · 2016-10-07
Re: [PATCH] hidraw: fix list->buffer race condition · Jiri Kosina <jikos@kernel.org> · 2016-10-10
Re: [PATCH] hidraw: fix list->buffer race condition · Dmitry Torokhov <dmitry.torokhov@gmail.com> · 2016-10-11
Re: [PATCH] hidraw: fix list->buffer race condition · Gary King <hidden> · 2016-10-14

From: Jiri Kosina <jikos@kernel.org>
Date: 2016-10-07 08:44:12

On Wed, 5 Oct 2016, Benjamin Tissoires wrote:

quoted

@@ -98,7 +99,9 @@ static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count,
 
 		kfree(list->buffer[list->tail].value);
 		list->buffer[list->tail].value = NULL;
+		smp_wmb();
 		list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1);
+		smp_wmb();

How does these barriers be needed? To me, list->tail gets accessed just
before, so I doubt the compiler would decide to reorder the code without
changing the semantic.

These are CPU barriers, not compiler barriers.

(that's just a clarification, it doesn't imply in any way that I'd think 
the barriers are correct :) ).

Thanks,

-- 
Jiri Kosina
SUSE Labs

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help