{"id":812744,"url":"http://patchwork.ozlabs.org/api/patches/812744/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/1505209542-17445-6-git-send-email-stefan.bader@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1505209542-17445-6-git-send-email-stefan.bader@canonical.com>","list_archive_url":null,"date":"2017-09-12T09:45:42","name":"[Zesty,2/2] s390/mm: fix race on mm->context.flush_mm","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"8ec24a59e015bd836d113801be1208e83ec1c8bc","submitter":{"id":2898,"url":"http://patchwork.ozlabs.org/api/people/2898/?format=json","name":"Stefan Bader","email":"stefan.bader@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/1505209542-17445-6-git-send-email-stefan.bader@canonical.com/mbox/","series":[{"id":2645,"url":"http://patchwork.ozlabs.org/api/series/2645/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=2645","date":"2017-09-12T09:45:42","name":null,"version":1,"mbox":"http://patchwork.ozlabs.org/series/2645/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/812744/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/812744/checks/","tags":{},"related":[],"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=<UNKNOWN>)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xs0KX75P5z9sRm;\n\tTue, 12 Sep 2017 19:45:52 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1drhlM-0003S6-UT; Tue, 12 Sep 2017 09:45:48 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from <stefan.bader@canonical.com>)\n\tid 1drhlJ-0003Pk-BZ\n\tfor kernel-team@lists.ubuntu.com; Tue, 12 Sep 2017 09:45:45 +0000","from 1.general.smb.uk.vpn ([10.172.193.28] helo=canonical.com)\n\tby youngberry.canonical.com with esmtpsa\n\t(TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.76) (envelope-from <stefan.bader@canonical.com>)\n\tid 1drhlI-0006UI-Ni\n\tfor kernel-team@lists.ubuntu.com; Tue, 12 Sep 2017 09:45:44 +0000"],"From":"Stefan Bader <stefan.bader@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[Zesty PATCH 2/2] s390/mm: fix race on mm->context.flush_mm","Date":"Tue, 12 Sep 2017 11:45:42 +0200","Message-Id":"<1505209542-17445-6-git-send-email-stefan.bader@canonical.com>","X-Mailer":"git-send-email 2.7.4","In-Reply-To":"<1505209542-17445-1-git-send-email-stefan.bader@canonical.com>","References":"<1505209542-17445-1-git-send-email-stefan.bader@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"From: Martin Schwidefsky <schwidefsky@de.ibm.com>\n\nBugLink: http://bugs.launchpad.net/bugs/1708399\n\nThe order in __tlb_flush_mm_lazy is to flush TLB first and then clear\nthe mm->context.flush_mm bit. This can lead to missed flushes as the\nbit can be set anytime, the order needs to be the other way aronud.\n\nBut this leads to a different race, __tlb_flush_mm_lazy may be called\non two CPUs concurrently. If mm->context.flush_mm is cleared first then\nanother CPU can bypass __tlb_flush_mm_lazy although the first CPU has\nnot done the flush yet. In a virtualized environment the time until the\nflush is finally completed can be arbitrarily long.\n\nAdd a spinlock to serialize __tlb_flush_mm_lazy and use the function\nin finish_arch_post_lock_switch as well.\n\nCc: <stable@vger.kernel.org>\nReviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>\nSigned-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>\n(cherry-picked from commit 60f07c8ec5fae06c23e9fd7bab67dabce92b3414 linux-next)\nSigned-off-by: Stefan Bader <stefan.bader@canonical.com>\n---\n arch/s390/include/asm/mmu.h         | 2 ++\n arch/s390/include/asm/mmu_context.h | 4 ++--\n arch/s390/include/asm/tlbflush.h    | 4 +++-\n 3 files changed, 7 insertions(+), 3 deletions(-)","diff":"diff --git a/arch/s390/include/asm/mmu.h b/arch/s390/include/asm/mmu.h\nindex bd6f303..3525fe6 100644\n--- a/arch/s390/include/asm/mmu.h\n+++ b/arch/s390/include/asm/mmu.h\n@@ -5,6 +5,7 @@\n #include <linux/errno.h>\n \n typedef struct {\n+\tspinlock_t lock;\n \tcpumask_t cpu_attach_mask;\n \tatomic_t flush_count;\n \tunsigned int flush_mm;\n@@ -27,6 +28,7 @@ typedef struct {\n } mm_context_t;\n \n #define INIT_MM_CONTEXT(name)\t\t\t\t\t\t   \\\n+\t.context.lock =\t__SPIN_LOCK_UNLOCKED(name.context.lock),\t   \\\n \t.context.pgtable_lock =\t\t\t\t\t\t   \\\n \t\t\t__SPIN_LOCK_UNLOCKED(name.context.pgtable_lock),   \\\n \t.context.pgtable_list = LIST_HEAD_INIT(name.context.pgtable_list), \\\ndiff --git a/arch/s390/include/asm/mmu_context.h b/arch/s390/include/asm/mmu_context.h\nindex 8823e35..484efe8 100644\n--- a/arch/s390/include/asm/mmu_context.h\n+++ b/arch/s390/include/asm/mmu_context.h\n@@ -17,6 +17,7 @@\n static inline int init_new_context(struct task_struct *tsk,\n \t\t\t\t   struct mm_struct *mm)\n {\n+\tspin_lock_init(&mm->context.lock);\n \tspin_lock_init(&mm->context.pgtable_lock);\n \tINIT_LIST_HEAD(&mm->context.pgtable_list);\n \tspin_lock_init(&mm->context.gmap_lock);\n@@ -121,8 +122,7 @@ static inline void finish_arch_post_lock_switch(void)\n \t\twhile (atomic_read(&mm->context.flush_count))\n \t\t\tcpu_relax();\n \t\tcpumask_set_cpu(smp_processor_id(), mm_cpumask(mm));\n-\t\tif (mm->context.flush_mm)\n-\t\t\t__tlb_flush_mm(mm);\n+\t\t__tlb_flush_mm_lazy(mm);\n \t\tpreempt_enable();\n \t}\n \tset_fs(current->thread.mm_segment);\ndiff --git a/arch/s390/include/asm/tlbflush.h b/arch/s390/include/asm/tlbflush.h\nindex 16fe2a3..b08d5bc 100644\n--- a/arch/s390/include/asm/tlbflush.h\n+++ b/arch/s390/include/asm/tlbflush.h\n@@ -101,10 +101,12 @@ static inline void __tlb_flush_kernel(void)\n \n static inline void __tlb_flush_mm_lazy(struct mm_struct * mm)\n {\n+\tspin_lock(&mm->context.lock);\n \tif (mm->context.flush_mm) {\n-\t\t__tlb_flush_mm(mm);\n \t\tmm->context.flush_mm = 0;\n+\t\t__tlb_flush_mm(mm);\n \t}\n+\tspin_unlock(&mm->context.lock);\n }\n \n /*\n","prefixes":["Zesty","2/2"]}