>From 479d59bdfb5a157a218f8cafb04d1556e175fc80 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 29 Sep 2023 21:49:39 +0200 Subject: [PATCH 2/2] file: ensure ordering between memory reallocation and pointer check by ensuring that all subsequent loads have a dependency on the second load from *f. Reported-by: Jann Horn Signed-off-by: Christian Brauner --- fs/file.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/file.c b/fs/file.c index e983cf3b9e01..8d3c10dfb98a 100644 --- a/fs/file.c +++ b/fs/file.c @@ -857,6 +857,8 @@ struct file *get_file_rcu(struct file __rcu **f) { for (;;) { struct file __rcu *file; + struct file __rcu *file_reloaded; + struct file __rcu *file_reloaded_cmp; file = rcu_dereference_raw(*f); if (!file) @@ -877,9 +879,15 @@ struct file *get_file_rcu(struct file __rcu **f) * If the pointers don't match the file has been * reallocated by SLAB_TYPESAFE_BY_RCU. So verify that * we're holding the right reference. + * + * Ensure that all accesses have a dependency on the + * load from rcu_dereference_raw(). */ - if (file == rcu_access_pointer(*f)) - return rcu_pointer_handoff(file); + file_reloaded = rcu_dereference_raw(*f); + file_reloaded_cmp = file_reloaded; + OPTIMIZER_HIDE_VAR(file_reloaded_cmp); + if (file == file_reloaded_cmp) + return file_reloaded; fput(file); } -- 2.34.1