From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Ev4s=SS=vger.kernel.org=linux-fsdevel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_MUTT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 057DCC10F13
	for <linux-fsdevel@archiver.kernel.org>; Tue, 16 Apr 2019 22:57:32 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id C621120880
	for <linux-fsdevel@archiver.kernel.org>; Tue, 16 Apr 2019 22:57:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728965AbfDPW5a (ORCPT
        <rfc822;linux-fsdevel@archiver.kernel.org>);
        Tue, 16 Apr 2019 18:57:30 -0400
Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:42281 "EHLO
        outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1727760AbfDPW5a (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 16 Apr 2019 18:57:30 -0400
Received: from callcc.thunk.org (guestnat-104-133-0-109.corp.google.com [104.133.0.109] (may be forged))
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x3GMvPsN006796
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Tue, 16 Apr 2019 18:57:26 -0400
Received: by callcc.thunk.org (Postfix, from userid 15806)
        id 55147420497; Tue, 16 Apr 2019 18:57:25 -0400 (EDT)
Date:   Tue, 16 Apr 2019 18:57:25 -0400
From:   "Theodore Ts'o" <tytso@mit.edu>
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2] fscrypt: use READ_ONCE() to access ->i_crypt_info
Message-ID: <20190416225725.GA14623@mit.edu>
References: <20190411213215.163929-1-ebiggers@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190411213215.163929-1-ebiggers@kernel.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org

On Thu, Apr 11, 2019 at 02:32:15PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> ->i_crypt_info starts out NULL and may later be locklessly set to a
> non-NULL value by the cmpxchg() in fscrypt_get_encryption_info().
> 
> But ->i_crypt_info is used directly, which technically is incorrect.
> It's a data race, and it doesn't include the data dependency barrier
> needed to safely dereference the pointer on at least one architecture.
> 
> Fix this by using READ_ONCE() instead.  Note: we don't need to use
> smp_load_acquire(), since dereferencing the pointer only requires a data
> dependency barrier, which is already included in READ_ONCE().  We also
> don't need READ_ONCE() in places where ->i_crypt_info is unconditionally
> dereferenced, since it must have already been checked.
> 
> Also downgrade the cmpxchg() to cmpxchg_release(), since RELEASE
> semantics are sufficient on the write side.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Looks good, applied.

					- Ted