af-packet: fix - avoid reading stale data
Chetan Loke [Thu, 14 Jul 2011 15:36:33 +0000 (08:36 -0700)]
Currently we flush tp_status and then flush the remainder of the header+payload.
tp_status should be flushed in the end to avoid stale data being read by user-space.

Incorrectly re-ordered barriers in v1.

Signed-off-by: Chetan Loke <loke.chetan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/packet/af_packet.c

index d2294ad..c698cec 100644 (file)
@@ -1129,7 +1129,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
        else
                sll->sll_ifindex = dev->ifindex;
 
-       __packet_set_status(po, h.raw, status);
        smp_mb();
 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
        {
@@ -1138,8 +1137,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
                end = (u8 *)PAGE_ALIGN((unsigned long)h.raw + macoff + snaplen);
                for (start = h.raw; start < end; start += PAGE_SIZE)
                        flush_dcache_page(pgv_to_page(start));
+               smp_wmb();
        }
 #endif
+       __packet_set_status(po, h.raw, status);
 
        sk->sk_data_ready(sk, 0);