[PATCH v1 1/1] [SRU][F:linux-bluefield][PATCH v1 1/1] UBUNTU: SAUCE: mlxbf-tmfifo: fix potential race

[Liming Sun]

BugLink: https://bugs.launchpad.net/bugs/2016039

The fix adds memory barrier for the 'is_ready' flag and the 'vq'
pointer in mlxbf_tmfifo_virtio_find_vqs() to avoid potential race
due to out-of-order memory write.

Signed-off-by: Liming Sun <limings at nvidia.com>
---
 drivers/platform/mellanox/mlxbf-tmfifo.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index f85ef480ed7c..497b16b8fe84 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -943,7 +943,7 @@ static void mlxbf_tmfifo_rxtx(struct mlxbf_tmfifo_vring *vring, bool is_rx)
 	fifo = vring->fifo;
 
 	/* Return if vdev is not ready. */
-	if (!fifo->vdev[devid])
+	if (!fifo || !fifo->vdev[devid])
 		return;
 
 	/* Return if another vring is running. */
@@ -1140,9 +1140,13 @@ static int mlxbf_tmfifo_virtio_find_vqs(struct virtio_device *vdev,
 			goto error;
 		}
 
+		vq->priv = vring;
+
+		/* Make vq update visible before using it. */
+		virtio_mb(false);
+
 		vqs[i] = vq;
 		vring->vq = vq;
-		vq->priv = vring;
 	}
 
 	return 0;
@@ -1423,6 +1427,9 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
 
 	mod_timer(&fifo->timer, jiffies + MLXBF_TMFIFO_TIMER_INTERVAL);
 
+	/* Make all updates visible before the 'is_ready' flag. */
+	virtio_mb(false);
+
 	fifo->is_ready = 1;
 	return 0;
 
-- 
2.30.1