[SRU][J:linux-bluefield][PATCH v2 8/9] platform/mellanox: fix potential race in mlxbf-tmfifo driver

Haifei Luo haifeil at nvidia.com
Fri Mar 21 01:19:51 UTC 2025 

From: Liming Sun <limings at nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2103386

This commit adds memory barrier for the 'vq' update in function
mlxbf_tmfifo_virtio_find_vqs() to avoid potential race due to
out-of-order memory write. It also adds barrier for the 'is_ready'
flag to make sure the initializations are visible before this flag
is checked.

Change-Id: Ia24478bf96aa0c685f509c61992fcf79a2645868
Signed-off-by: Liming Sun <limings at nvidia.com>
Reviewed-by: Vadim Pasternak <vadimp at nvidia.com>
Link: https://lore.kernel.org/r/b98c0ab61d644ba38fa9b3fd1607b138b0dd820b.1682518748.git.limings@nvidia.com
Signed-off-by: Hans de Goede <hdegoede at redhat.com>
(cherry picked from commit 3d43f9f639542fadfb28f40b509bf147a6624d48)
Signed-off-by: Haifei Luo <haifeil at nvidia.com>
---
 drivers/platform/mellanox/mlxbf-tmfifo.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 385f86e20530..2e42f9e2a519 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -967,7 +967,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
 	fifo = vring->fifo;
 
 	/* Return if vdev is not ready. */
-	if (!fifo->vdev[devid])
+	if (!fifo || !fifo->vdev[devid])
 		return;
 
 	/* Return if another vring is running. */
@@ -1165,9 +1165,12 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
 			goto error;
 		}
 
+		vq->priv = vring;
+		/* Make vq update visible before using it. */
+		virtio_mb(false);
+
 		vqs[i] = vq;
 		vring->vq = vq;
-		vq->priv = vring;
 	}
 
 	return 0;
@@ -1472,6 +1475,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
 
 	mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
 
+	/* Make all updates visible before the 'is_ready' flag. */
+	virtio_mb(false);
+
 	fifo->is_ready = 1;
 	return 0;
 
-- 
2.34.1

More information about the kernel-team mailing list