sync: protect unlocked access to fence status

Fence status is checked outside of locks in both sync_fence_wait and sync_fence_poll. This patch adds propper barrier protection in these cases to avoid seeing stale status. Change-Id: I9d8b6ce6accb415e797df58068a1ccd54e6be445 Signed-off-by: Erik Gilling <konkers@android.com>

sync: protect unlocked access to fence status
7a47627a · Erik Gilling · Iliyan Malchev · e8cd8ba4 · 7a47627a
Commit 7a47627a authored 12 years ago by Erik Gilling Committed by Iliyan Malchev 12 years ago
--- a/drivers/base/sync.c
+++ b/drivers/base/sync.c
@@ -556,6 +556,16 @@ int sync_fence_cancel_async(struct sync_fence *fence,
 }
 EXPORT_SYMBOL(sync_fence_cancel_async);
+static bool sync_fence_check(struct sync_fence *fence)
+{
+	/*
+	 * Make sure that reads to fence->status are ordered with the
+	 * wait queue event triggering
+	 */
+	smp_rmb();
+	return fence->status != 0;
+}
 int sync_fence_wait(struct sync_fence *fence, long timeout)
 {
 	int err = 0;
@@ -563,7 +573,7 @@ int sync_fence_wait(struct sync_fence *fence, long timeout)
 	if (timeout > 0) {
 		timeout = msecs_to_jiffies(timeout);
 		err = wait_event_interruptible_timeout(fence->wq,
-						       fence->status != 0,
+						       sync_fence_check(fence),
 						       timeout);
 	} else if (timeout < 0) {
 		err = wait_event_interruptible(fence->wq, fence->status != 0);
@@ -627,6 +637,12 @@ static unsigned int sync_fence_poll(struct file *file, poll_table *wait)
 	poll_wait(file, &fence->wq, wait);
+	/*
+	 * Make sure that reads to fence->status are ordered with the
+	 * wait queue event triggering
+	 */
+	smp_rmb();
 	if (fence->status == 1)
 		return POLLIN;
 	else if (fence->status < 0)