v4l2: prevent speculative load
Jeetesh Burman [Thu, 15 Feb 2018 08:37:39 +0000 (13:37 +0530)]
bug 2039126

Change-Id: Id1908c3058c9ecc0dfb4f2d85440a8d36db45db5
Signed-off-by: David Gilhooley <dgilhooley@nvidia.com>
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1650029
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
(cherry picked from commit 7a0213eca150614fe88d197a09d461fff6168652)
Reviewed-on: https://git-master.nvidia.com/r/1660781
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/media/v4l2-core/v4l2-ioctl.c

index 7658586..80bef0e 100644 (file)
@@ -28,6 +28,7 @@
 #include <media/v4l2-device.h>
 #include <media/v4l2-chip-ident.h>
 #include <media/videobuf2-core.h>
+#include <asm/barrier.h>
 
 /* Zero out the end of the struct pointed to by p.  Everything after, but
  * not including, the specified field is cleared. */
@@ -2119,6 +2120,7 @@ bool v4l2_is_known_ioctl(unsigned int cmd)
 {
        if (_IOC_NR(cmd) >= V4L2_IOCTLS)
                return false;
+       speculation_barrier();
        return v4l2_ioctls[_IOC_NR(cmd)].ioctl == cmd;
 }
 
@@ -2128,6 +2130,7 @@ struct mutex *v4l2_ioctl_get_lock(struct video_device *vdev, unsigned cmd)
                return vdev->lock;
        if (test_bit(_IOC_NR(cmd), vdev->disable_locking))
                return NULL;
+       speculation_barrier();
        if (vdev->queue && vdev->queue->lock &&
                        (v4l2_ioctls[_IOC_NR(cmd)].flags & INFO_FL_QUEUE))
                return vdev->queue->lock;