| Message ID | 20160308090356.GA21842@linutronix.de (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> writes: > [ text/plain ] > hugepd_free() used __get_cpu_var() once. Nothing ensured that the code > accessing the variable did not migrate from one CPU to another and soon > this was noticed by Tiejun Chen in 94b09d755462 ("powerpc/hugetlb: > Replace __get_cpu_var with get_cpu_var"). So we had it fixed. > > Christoph Lameter was doing his __get_cpu_var() replaces and forgot > PowerPC. Then he noticed this and sent his fixed up batch again which > got applied as 69111bac42f5 ("powerpc: Replace __get_cpu_var uses"). > > The careful reader will noticed one little detail: get_cpu_var() got > replaced with this_cpu_ptr(). So now we have a put_cpu_var() which does > a preempt_enable() and nothing that does preempt_disable() so we > underflow the preempt counter. > Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Christoph Lameter <cl@linux.com> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: <stable@vger.kernel.org> > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > --- > v1…v2: - use get_cpu_var() instead of get_cpu_ptr() > - correct indentation of put_cpu_var() > > arch/powerpc/mm/hugetlbpage.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c > index 744e24bcb85c..4a811ca7ac9d 100644 > --- a/arch/powerpc/mm/hugetlbpage.c > +++ b/arch/powerpc/mm/hugetlbpage.c > @@ -414,13 +414,13 @@ static void hugepd_free(struct mmu_gather *tlb, void *hugepte) > { > struct hugepd_freelist **batchp; > > - batchp = this_cpu_ptr(&hugepd_freelist_cur); > + batchp = &get_cpu_var(hugepd_freelist_cur); > > if (atomic_read(&tlb->mm->mm_users) < 2 || > cpumask_equal(mm_cpumask(tlb->mm), > cpumask_of(smp_processor_id()))) { > kmem_cache_free(hugepte_cache, hugepte); > - put_cpu_var(hugepd_freelist_cur); > + put_cpu_var(hugepd_freelist_cur); > return; > } > > -- > 2.7.0
On 2016-03-10 01:04:24 [+0530], Aneesh Kumar K.V wrote: > Sebastian Andrzej Siewior <bigeasy@linutronix.de> writes: *ping* http://patchwork.ozlabs.org/patch/593943/ > > [ text/plain ] > > hugepd_free() used __get_cpu_var() once. Nothing ensured that the code > > accessing the variable did not migrate from one CPU to another and soon > > this was noticed by Tiejun Chen in 94b09d755462 ("powerpc/hugetlb: > > Replace __get_cpu_var with get_cpu_var"). So we had it fixed. > > > > Christoph Lameter was doing his __get_cpu_var() replaces and forgot > > PowerPC. Then he noticed this and sent his fixed up batch again which > > got applied as 69111bac42f5 ("powerpc: Replace __get_cpu_var uses"). > > > > The careful reader will noticed one little detail: get_cpu_var() got > > replaced with this_cpu_ptr(). So now we have a put_cpu_var() which does > > a preempt_enable() and nothing that does preempt_disable() so we > > underflow the preempt counter. > > > > Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> > > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > > Cc: Christoph Lameter <cl@linux.com> > > Cc: Michael Ellerman <mpe@ellerman.id.au> > > Cc: <stable@vger.kernel.org> > > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > > --- > > v1…v2: - use get_cpu_var() instead of get_cpu_ptr() > > - correct indentation of put_cpu_var() > > > > arch/powerpc/mm/hugetlbpage.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c > > index 744e24bcb85c..4a811ca7ac9d 100644 > > --- a/arch/powerpc/mm/hugetlbpage.c > > +++ b/arch/powerpc/mm/hugetlbpage.c > > @@ -414,13 +414,13 @@ static void hugepd_free(struct mmu_gather *tlb, void *hugepte) > > { > > struct hugepd_freelist **batchp; > > > > - batchp = this_cpu_ptr(&hugepd_freelist_cur); > > + batchp = &get_cpu_var(hugepd_freelist_cur); > > > > if (atomic_read(&tlb->mm->mm_users) < 2 || > > cpumask_equal(mm_cpumask(tlb->mm), > > cpumask_of(smp_processor_id()))) { > > kmem_cache_free(hugepte_cache, hugepte); > > - put_cpu_var(hugepd_freelist_cur); > > + put_cpu_var(hugepd_freelist_cur); > > return; > > } > > Sebastian
On Tue, 2016-03-29 at 15:40 +0200, Sebastian Andrzej Siewior wrote: > On 2016-03-10 01:04:24 [+0530], Aneesh Kumar K.V wrote: > > Sebastian Andrzej Siewior <bigeasy@linutronix.de> writes: > > *ping* > http://patchwork.ozlabs.org/patch/593943/ *pong* The merge window just closed, I'm still recovering. I've got it in my fixes branch locally, I'll probably push that today to linux-next. cheers
On 03/30/2016 02:41 AM, Michael Ellerman wrote: > The merge window just closed, I'm still recovering. > > I've got it in my fixes branch locally, I'll probably push that today to > linux-next. Thank you. > > cheers > Sebastian
On Tue, 2016-08-03 at 09:03:56 UTC, Sebastian Siewior wrote: > hugepd_free() used __get_cpu_var() once. Nothing ensured that the code > accessing the variable did not migrate from one CPU to another and soon > this was noticed by Tiejun Chen in 94b09d755462 ("powerpc/hugetlb: > Replace __get_cpu_var with get_cpu_var"). So we had it fixed. > > Christoph Lameter was doing his __get_cpu_var() replaces and forgot > PowerPC. Then he noticed this and sent his fixed up batch again which > got applied as 69111bac42f5 ("powerpc: Replace __get_cpu_var uses"). > > The careful reader will noticed one little detail: get_cpu_var() got > replaced with this_cpu_ptr(). So now we have a put_cpu_var() which does > a preempt_enable() and nothing that does preempt_disable() so we > underflow the preempt counter. > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Christoph Lameter <cl@linux.com> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: <stable@vger.kernel.org> > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/08a5bb2921e490939f78f38fd0 cheers
diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c index 744e24bcb85c..4a811ca7ac9d 100644 --- a/arch/powerpc/mm/hugetlbpage.c +++ b/arch/powerpc/mm/hugetlbpage.c @@ -414,13 +414,13 @@ static void hugepd_free(struct mmu_gather *tlb, void *hugepte) { struct hugepd_freelist **batchp; - batchp = this_cpu_ptr(&hugepd_freelist_cur); + batchp = &get_cpu_var(hugepd_freelist_cur); if (atomic_read(&tlb->mm->mm_users) < 2 || cpumask_equal(mm_cpumask(tlb->mm), cpumask_of(smp_processor_id()))) { kmem_cache_free(hugepte_cache, hugepte); - put_cpu_var(hugepd_freelist_cur); + put_cpu_var(hugepd_freelist_cur); return; }
hugepd_free() used __get_cpu_var() once. Nothing ensured that the code accessing the variable did not migrate from one CPU to another and soon this was noticed by Tiejun Chen in 94b09d755462 ("powerpc/hugetlb: Replace __get_cpu_var with get_cpu_var"). So we had it fixed. Christoph Lameter was doing his __get_cpu_var() replaces and forgot PowerPC. Then he noticed this and sent his fixed up batch again which got applied as 69111bac42f5 ("powerpc: Replace __get_cpu_var uses"). The careful reader will noticed one little detail: get_cpu_var() got replaced with this_cpu_ptr(). So now we have a put_cpu_var() which does a preempt_enable() and nothing that does preempt_disable() so we underflow the preempt counter. Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Christoph Lameter <cl@linux.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: <stable@vger.kernel.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> --- v1…v2: - use get_cpu_var() instead of get_cpu_ptr() - correct indentation of put_cpu_var() arch/powerpc/mm/hugetlbpage.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)