• Eric Biggers's avatar
    fscrypt: use READ_ONCE() to access ->i_crypt_info · 8bcc53fb
    Eric Biggers authored
    [ Upstream commit e37a784d ]
    
    ->i_crypt_info starts out NULL and may later be locklessly set to a
    non-NULL value by the cmpxchg() in fscrypt_get_encryption_info().
    
    But ->i_crypt_info is used directly, which technically is incorrect.
    It's a data race, and it doesn't include the data dependency barrier
    needed to safely dereference the pointer on at least one architecture.
    
    Fix this by using READ_ONCE() instead.  Note: we don't need to use
    smp_load_acquire(), since dereferencing the pointer only requires a data
    dependency barrier, which is already included in READ_ONCE().  We also
    don't need READ_ONCE() in places where ->i_crypt_info is unconditionally
    dereferenced, since it must have already been checked.
    
    Also downgrade the cmpxchg() to cmpxchg_release(), since RELEASE
    semantics are sufficient on the write side.
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    8bcc53fb
policy.c 8.28 KB