Commit e476efc3 authored by Paul E. McKenney's avatar Paul E. McKenney Committed by Yongqiang Liu
Browse files

rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() 

mainline inclusion
from mainline-v5.4-rc1
commit a63fc6b7
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6OP9S
CVE: CVE-2023-1281

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a63fc6b75cca984c71f095282e0227a390ba88f3

---------------------------

Although the rcu_swap_protected() macro follows the example of
swap(), the interactions with RCU make its update of its argument
somewhat counter-intuitive.  This commit therefore introduces
an rcu_replace_pointer() that returns the old value of the RCU
pointer instead of doing the argument update.  Once all the uses of
rcu_swap_protected() are updated to instead use rcu_replace_pointer(),
rcu_swap_protected() will be removed.

Link: https://lore.kernel.org/lkml/CAHk-=wiAsJLw1egFEE=Z7-GGtM6wcvtyytXZA1+BHqta4gg6Hw@mail.gmail.com/


Reported-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
[ paulmck: From rcu_replace() to rcu_replace_pointer() per Ingo Molnar. ]
Signed-off-by: default avatarPaul E. McKenney <paulmck@kernel.org>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Shane M Seymour <shane.seymour@hpe.com>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Conflicts:
	include/linux/rcupdate.h
Signed-off-by: default avatarDong Chenchen <dongchenchen2@huawei.com>
Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Reviewed-by: default avatarWang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parent 9f8ce10e

include/linux/rcupdate.h

+18 −0
Original line number Diff line number Diff line
@@ -410,6 +410,24 @@ static inline void rcu_preempt_sleep_check(void) { } 
	_r_a_p__v;							      \

})



/**

 * rcu_replace_pointer() - replace an RCU pointer, returning its old value

 * @rcu_ptr: RCU pointer, whose old value is returned

 * @ptr: regular pointer

 * @c: the lockdep conditions under which the dereference will take place

 *

 * Perform a replacement, where @rcu_ptr is an RCU-annotated

 * pointer and @c is the lockdep argument that is passed to the

 * rcu_dereference_protected() call used to read that pointer.  The old

 * value of @rcu_ptr is returned, and @rcu_ptr is set to @ptr.

 */

#define rcu_replace_pointer(rcu_ptr, ptr, c)                           \

({                                                                     \

	typeof(ptr) __tmp = rcu_dereference_protected((rcu_ptr), (c));  \

	rcu_assign_pointer((rcu_ptr), (ptr));                           \

	__tmp;                                                          \

})



/**

 * rcu_swap_protected() - swap an RCU and a regular pointer

 * @rcu_ptr: RCU pointer