From: Andy Lutomirski <luto@kernel.org>
To: x86@kernel.org, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Nicholas Piggin <npiggin@gmail.com>,
Arnd Bergmann <arnd@arndb.de>, Anton Blanchard <anton@ozlabs.org>,
Andy Lutomirski <luto@kernel.org>,
stable@vger.kernel.org
Subject: [PATCH v3 3/4] membarrier: Explicitly sync remote cores when SYNC_CORE is requested
Date: Thu, 3 Dec 2020 21:07:05 -0800
Message-ID: <776b448d5f7bd6b12690707f5ed67bcda7f1d427.1607058304.git.luto@kernel.org> (raw)
In-Reply-To: <cover.1607058304.git.luto@kernel.org>
membarrier() does not explicitly sync_core() remote CPUs; instead, it
relies on the assumption that an IPI will result in a core sync. On
x86, I think this may be true in practice, but it's not architecturally
reliable. In particular, the SDM and APM do not appear to guarantee
that interrupt delivery is serializing. While IRET does serialize, IPI
return can schedule, thereby switching to another task in the same mm
that was sleeping in a syscall. The new task could then SYSRET back to
usermode without ever executing IRET.
Make this more robust by explicitly calling sync_core_before_usermode()
on remote cores. (This also helps people who search the kernel tree for
instances of sync_core() and sync_core_before_usermode() -- one might be
surprised that the core membarrier code doesn't currently show up in a
such a search.)
Cc: stable@vger.kernel.org
Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
kernel/sched/membarrier.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/kernel/sched/membarrier.c b/kernel/sched/membarrier.c
index 6251d3d12abe..01538b31f27e 100644
--- a/kernel/sched/membarrier.c
+++ b/kernel/sched/membarrier.c
@@ -166,6 +166,23 @@ static void ipi_mb(void *info)
smp_mb(); /* IPIs should be serializing but paranoid. */
}
+static void ipi_sync_core(void *info)
+{
+ /*
+ * The smp_mb() in membarrier after all the IPIs is supposed to
+ * ensure that memory on remote CPUs that occur before the IPI
+ * become visible to membarrier()'s caller -- see scenario B in
+ * the big comment at the top of this file.
+ *
+ * A sync_core() would provide this guarantee, but
+ * sync_core_before_usermode() might end up being deferred until
+ * after membarrier()'s smp_mb().
+ */
+ smp_mb(); /* IPIs should be serializing but paranoid. */
+
+ sync_core_before_usermode();
+}
+
static void ipi_rseq(void *info)
{
/*
@@ -301,6 +318,7 @@ static int membarrier_private_expedited(int flags, int cpu_id)
if (!(atomic_read(&mm->membarrier_state) &
MEMBARRIER_STATE_PRIVATE_EXPEDITED_SYNC_CORE_READY))
return -EPERM;
+ ipi_func = ipi_sync_core;
} else if (flags == MEMBARRIER_FLAG_RSEQ) {
if (!IS_ENABLED(CONFIG_RSEQ))
return -EINVAL;
--
2.28.0
next prev parent reply index
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-04 5:07 [PATCH v3 0/4] membarrier fixes Andy Lutomirski
2020-12-04 5:07 ` [PATCH v3 1/4] x86/membarrier: Get rid of a dubious optimization Andy Lutomirski
2020-12-09 4:10 ` Andy Lutomirski
2020-12-09 8:42 ` [tip: x86/urgent] " tip-bot2 for Andy Lutomirski
2020-12-04 5:07 ` [PATCH v3 2/4] membarrier: Add an actual barrier before rseq_preempt() Andy Lutomirski
2020-12-09 4:12 ` Andy Lutomirski
2020-12-09 8:42 ` [tip: x86/urgent] " tip-bot2 for Andy Lutomirski
2020-12-14 18:05 ` Andy Lutomirski
2020-12-04 5:07 ` Andy Lutomirski [this message]
2020-12-09 4:13 ` [PATCH v3 3/4] membarrier: Explicitly sync remote cores when SYNC_CORE is requested Andy Lutomirski
2020-12-09 8:42 ` [tip: x86/urgent] " tip-bot2 for Andy Lutomirski
2020-12-04 5:07 ` [PATCH v3 4/4] membarrier: Execute SYNC_CORE on the calling thread Andy Lutomirski
2020-12-04 19:35 ` Mathieu Desnoyers
2020-12-09 4:15 ` Andy Lutomirski
2020-12-09 8:42 ` [tip: x86/urgent] " tip-bot2 for Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=776b448d5f7bd6b12690707f5ed67bcda7f1d427.1607058304.git.luto@kernel.org \
--to=luto@kernel.org \
--cc=anton@ozlabs.org \
--cc=arnd@arndb.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=npiggin@gmail.com \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git