From: "Paul E. McKenney" paulmck@kernel.org
mainline inclusion from mainline-v5.4-rc1 commit a63fc6b75cca984c71f095282e0227a390ba88f3 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6OP9S CVE: CVE-2023-1281
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
---------------------------
Although the rcu_swap_protected() macro follows the example of swap(), the interactions with RCU make its update of its argument somewhat counter-intuitive. This commit therefore introduces an rcu_replace_pointer() that returns the old value of the RCU pointer instead of doing the argument update. Once all the uses of rcu_swap_protected() are updated to instead use rcu_replace_pointer(), rcu_swap_protected() will be removed.
Link: https://lore.kernel.org/lkml/CAHk-=wiAsJLw1egFEE=Z7-GGtM6wcvtyytXZA1+BHqta4g... Reported-by: Linus Torvalds torvalds@linux-foundation.org [ paulmck: From rcu_replace() to rcu_replace_pointer() per Ingo Molnar. ] Signed-off-by: Paul E. McKenney paulmck@kernel.org Cc: Bart Van Assche bart.vanassche@wdc.com Cc: Christoph Hellwig hch@lst.de Cc: Hannes Reinecke hare@suse.de Cc: Johannes Thumshirn jthumshirn@suse.de Cc: Shane M Seymour shane.seymour@hpe.com Cc: Martin K. Petersen martin.petersen@oracle.com Conflicts: include/linux/rcupdate.h Signed-off-by: Dong Chenchen dongchenchen2@huawei.com Reviewed-by: Yue Haibing yuehaibing@huawei.com Reviewed-by: Wang Weiyang wangweiyang2@huawei.com Signed-off-by: Zhang Changzhong zhangchangzhong@huawei.com --- include/linux/rcupdate.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h index 68cbe11..7ecef0b 100644 --- a/include/linux/rcupdate.h +++ b/include/linux/rcupdate.h @@ -411,6 +411,24 @@ static inline void rcu_preempt_sleep_check(void) { } })
/** + * rcu_replace_pointer() - replace an RCU pointer, returning its old value + * @rcu_ptr: RCU pointer, whose old value is returned + * @ptr: regular pointer + * @c: the lockdep conditions under which the dereference will take place + * + * Perform a replacement, where @rcu_ptr is an RCU-annotated + * pointer and @c is the lockdep argument that is passed to the + * rcu_dereference_protected() call used to read that pointer. The old + * value of @rcu_ptr is returned, and @rcu_ptr is set to @ptr. + */ +#define rcu_replace_pointer(rcu_ptr, ptr, c) \ +({ \ + typeof(ptr) __tmp = rcu_dereference_protected((rcu_ptr), (c)); \ + rcu_assign_pointer((rcu_ptr), (ptr)); \ + __tmp; \ +}) + +/** * rcu_swap_protected() - swap an RCU and a regular pointer * @rcu_ptr: RCU pointer * @ptr: regular pointer