zloop: use READ_ONCE() to read lo->lo_state in queue_rq path

In the queue_rq path, zlo->state is accessed without locking, and direct
access may read stale data. This patch uses READ_ONCE() to read
zlo->state and data_race() to silence code checkers, and changes all
assignments to use WRITE_ONCE().

Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Yongpeng Yang <yangyongpeng@xiaomi.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/block/zloop.c b/drivers/block/zloop.c
index 77bd6081b244524db854c693c11a011ea66f8ef3..8e334f5025fc0aedd1e6e28558941ab6fc7d6cd5 100644 (file)
--- a/drivers/block/zloop.c
+++ b/drivers/block/zloop.c
@@ -697,7 +697,7 @@ static blk_status_t zloop_queue_rq(struct blk_mq_hw_ctx *hctx,
        struct zloop_cmd *cmd = blk_mq_rq_to_pdu(rq);
        struct zloop_device *zlo = rq->q->queuedata;
 
-       if (zlo->state == Zlo_deleting)
+       if (data_race(READ_ONCE(zlo->state)) == Zlo_deleting)
                return BLK_STS_IOERR;
 
        /*
@@ -1002,7 +1002,7 @@ static int zloop_ctl_add(struct zloop_options *opts)
                ret = -ENOMEM;
                goto out;
        }
-       zlo->state = Zlo_creating;
+       WRITE_ONCE(zlo->state, Zlo_creating);
 
        ret = mutex_lock_killable(&zloop_ctl_mutex);
        if (ret)
@@ -1113,7 +1113,7 @@ static int zloop_ctl_add(struct zloop_options *opts)
        }
 
        mutex_lock(&zloop_ctl_mutex);
-       zlo->state = Zlo_live;
+       WRITE_ONCE(zlo->state, Zlo_live);
        mutex_unlock(&zloop_ctl_mutex);
 
        pr_info("zloop: device %d, %u zones of %llu MiB, %u B block size\n",
@@ -1177,7 +1177,7 @@ static int zloop_ctl_remove(struct zloop_options *opts)
                ret = -EINVAL;
        } else {
                idr_remove(&zloop_index_idr, zlo->id);
-               zlo->state = Zlo_deleting;
+               WRITE_ONCE(zlo->state, Zlo_deleting);
        }
 
        mutex_unlock(&zloop_ctl_mutex);