diff options
author | Eric Biggers | 2019-04-11 23:32:15 +0200 |
---|---|---|
committer | Theodore Ts'o | 2019-04-17 00:57:09 +0200 |
commit | e37a784d8b6a1e726de5ddc7b4809c086a08db09 (patch) | |
tree | 965d40cec69107aba4324f72db93d896b12d0737 /include/linux/fscrypt.h | |
parent | fscrypt: remove WARN_ON_ONCE() when decryption fails (diff) | |
download | kernel-qcow2-linux-e37a784d8b6a1e726de5ddc7b4809c086a08db09.tar.gz kernel-qcow2-linux-e37a784d8b6a1e726de5ddc7b4809c086a08db09.tar.xz kernel-qcow2-linux-e37a784d8b6a1e726de5ddc7b4809c086a08db09.zip |
fscrypt: use READ_ONCE() to access ->i_crypt_info
->i_crypt_info starts out NULL and may later be locklessly set to a
non-NULL value by the cmpxchg() in fscrypt_get_encryption_info().
But ->i_crypt_info is used directly, which technically is incorrect.
It's a data race, and it doesn't include the data dependency barrier
needed to safely dereference the pointer on at least one architecture.
Fix this by using READ_ONCE() instead. Note: we don't need to use
smp_load_acquire(), since dereferencing the pointer only requires a data
dependency barrier, which is already included in READ_ONCE(). We also
don't need READ_ONCE() in places where ->i_crypt_info is unconditionally
dereferenced, since it must have already been checked.
Also downgrade the cmpxchg() to cmpxchg_release(), since RELEASE
semantics are sufficient on the write side.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'include/linux/fscrypt.h')
-rw-r--r-- | include/linux/fscrypt.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 6cf8a34523ff..ec8ab7108599 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -79,7 +79,8 @@ struct fscrypt_ctx { static inline bool fscrypt_has_encryption_key(const struct inode *inode) { - return (inode->i_crypt_info != NULL); + /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */ + return READ_ONCE(inode->i_crypt_info) != NULL; } static inline bool fscrypt_dummy_context_enabled(struct inode *inode) |