v4l2: prevent speculative load
James Huang [Thu, 1 Feb 2018 02:58:04 +0000 (10:58 +0800)]
bug 2039126
Change-Id: Id1908c3058c9ecc0dfb4f2d85440a8d36db45db5
Signed-off-by: David Gilhooley <dgilhooley@nvidia.com>
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1650029

(cherry picked from commit 7a0213eca150614fe88d197a09d461fff6168652)
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
Change-Id: Ia7f3feb5c2a755f585a80fcd9664b8a5fff0c6fa
Reviewed-on: https://git-master.nvidia.com/r/1682710
GVS: Gerrit_Virtual_Submit
Reviewed-by: James Huang <jamehuang@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/media/v4l2-core/v4l2-ioctl.c

index 77381d4..58e4700 100644 (file)
@@ -29,6 +29,8 @@
 #include <media/v4l2-chip-ident.h>
 #include <media/videobuf2-core.h>
 
+#include <asm/barrier.h>
+
 /* Zero out the end of the struct pointed to by p.  Everything after, but
  * not including, the specified field is cleared. */
 #define CLEAR_AFTER_FIELD(p, field) \
@@ -2256,6 +2258,7 @@ bool v4l2_is_known_ioctl(unsigned int cmd)
 {
        if (_IOC_NR(cmd) >= V4L2_IOCTLS)
                return false;
+       speculation_barrier();
        return v4l2_ioctls[_IOC_NR(cmd)].ioctl == cmd;
 }
 
@@ -2265,6 +2268,7 @@ struct mutex *v4l2_ioctl_get_lock(struct video_device *vdev, unsigned cmd)
                return vdev->lock;
        if (test_bit(_IOC_NR(cmd), vdev->disable_locking))
                return NULL;
+       speculation_barrier();
        if (vdev->queue && vdev->queue->lock &&
                        (v4l2_ioctls[_IOC_NR(cmd)].flags & INFO_FL_QUEUE))
                return vdev->queue->lock;