On 25 Aug 2019, at 23:10, Björn Töpel wrote:
From: Björn Töpel <bjorn.topel@xxxxxxxxx>
The state variable was read, and written outside the control mutex
(struct xdp_sock, mutex), without proper barriers and {READ,
WRITE}_ONCE correctness.
In this commit this issue is addressed, and the state member is now
used a point of synchronization whether the socket is setup correctly
or not.
This also fixes a race, found by syzcaller, in xsk_poll() where umem
could be accessed when stale.
Suggested-by: Hillf Danton <hdanton@xxxxxxxx>
Reported-by: syzbot+c82697e3043781e08802@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 77cd0d7b3f25 ("xsk: add support for need_wakeup flag in AF_XDP
rings")
Signed-off-by: Björn Töpel <bjorn.topel@xxxxxxxxx>
Acked-by: Jonathan Lemon <jonathan.lemon@xxxxxxxxx>