diff for duplicates of <20201027001044.1027349-2-sashal@kernel.org> diff --git a/a/1.txt b/N1/1.txt index 94ee962..204b969 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -18,14 +18,14 @@ kthread_use_mm() is not). io_uring 2b188cc1bb857 ("Add io_uring IO interface") added code which does a kthread_use_mm() from a mmget_not_zero() refcount. -The problem with this is code which previously assumed mm = current->mm -and mm->mm_users = 1 implies the mm will remain single-threaded at +The problem with this is code which previously assumed mm == current->mm +and mm->mm_users == 1 implies the mm will remain single-threaded at least until this thread creates another mm_users reference, has now broken. arch/sparc/kernel/smp_64.c: - if (atomic_read(&mm->mm_users) = 1) { + if (atomic_read(&mm->mm_users) == 1) { cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); goto local_flush_and_out; } @@ -37,7 +37,7 @@ vs fs/io_uring.c return -EFAULT; kthread_use_mm(ctx->sqo_mm); -mmget_not_zero() could come in right after the mm_users = 1 test, then +mmget_not_zero() could come in right after the mm_users == 1 test, then kthread_use_mm() which sets its CPU in the mm_cpumask. That update could be lost if cpumask_copy() occurs afterward. @@ -85,7 +85,7 @@ index ca7cb8e57ab0f..b81cdd53d0906 100644 - * that processes tsk->active_mm->cpu_vm_mask does not have the - * current cpu's bit set, that tlb context is flushed locally. - * -- * If the address space is non-shared (ie. mm->count = 1) we avoid +- * If the address space is non-shared (ie. mm->count == 1) we avoid - * cross calls when we want to flush the currently running process's - * tlb state. This is done by clearing all cpu bits except the current - * processor's in current->mm->cpu_vm_mask and performing the @@ -112,7 +112,7 @@ index ca7cb8e57ab0f..b81cdd53d0906 100644 u32 ctx = CTX_HWBITS(mm->context); - int cpu = get_cpu(); -- if (atomic_read(&mm->mm_users) = 1) { +- if (atomic_read(&mm->mm_users) == 1) { - cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); - goto local_flush_and_out; - } @@ -138,7 +138,7 @@ index ca7cb8e57ab0f..b81cdd53d0906 100644 info.nr = nr; info.vaddrs = vaddrs; -- if (mm = current->mm && atomic_read(&mm->mm_users) = 1) +- if (mm == current->mm && atomic_read(&mm->mm_users) == 1) - cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); - else - smp_call_function_many(mm_cpumask(mm), tlb_pending_func, @@ -154,7 +154,7 @@ index ca7cb8e57ab0f..b81cdd53d0906 100644 unsigned long context = CTX_HWBITS(mm->context); - int cpu = get_cpu(); -- if (mm = current->mm && atomic_read(&mm->mm_users) = 1) +- if (mm == current->mm && atomic_read(&mm->mm_users) == 1) - cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); - else - smp_cross_call_masked(&xcall_flush_tlb_page, diff --git a/a/content_digest b/N1/content_digest index e9e9feb..003a58a 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020201027001044.1027349-1-sashal@kernel.org\0" "From\0Sasha Levin <sashal@kernel.org>\0" "Subject\0[PATCH AUTOSEL 4.9 02/30] sparc64: remove mm_cpumask clearing to fix kthread_use_mm race\0" - "Date\0Tue, 27 Oct 2020 00:10:16 +0000\0" + "Date\0Mon, 26 Oct 2020 20:10:16 -0400\0" "To\0linux-kernel@vger.kernel.org" " stable@vger.kernel.org\0" "Cc\0Nicholas Piggin <npiggin@gmail.com>" @@ -31,14 +31,14 @@ "io_uring 2b188cc1bb857 (\"Add io_uring IO interface\") added code which\n" "does a kthread_use_mm() from a mmget_not_zero() refcount.\n" "\n" - "The problem with this is code which previously assumed mm = current->mm\n" - "and mm->mm_users = 1 implies the mm will remain single-threaded at\n" + "The problem with this is code which previously assumed mm == current->mm\n" + "and mm->mm_users == 1 implies the mm will remain single-threaded at\n" "least until this thread creates another mm_users reference, has now\n" "broken.\n" "\n" "arch/sparc/kernel/smp_64.c:\n" "\n" - " if (atomic_read(&mm->mm_users) = 1) {\n" + " if (atomic_read(&mm->mm_users) == 1) {\n" " cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));\n" " goto local_flush_and_out;\n" " }\n" @@ -50,7 +50,7 @@ " return -EFAULT;\n" " kthread_use_mm(ctx->sqo_mm);\n" "\n" - "mmget_not_zero() could come in right after the mm_users = 1 test, then\n" + "mmget_not_zero() could come in right after the mm_users == 1 test, then\n" "kthread_use_mm() which sets its CPU in the mm_cpumask. That update could\n" "be lost if cpumask_copy() occurs afterward.\n" "\n" @@ -98,7 +98,7 @@ "- * that processes tsk->active_mm->cpu_vm_mask does not have the\n" "- * current cpu's bit set, that tlb context is flushed locally.\n" "- *\n" - "- * If the address space is non-shared (ie. mm->count = 1) we avoid\n" + "- * If the address space is non-shared (ie. mm->count == 1) we avoid\n" "- * cross calls when we want to flush the currently running process's\n" "- * tlb state. This is done by clearing all cpu bits except the current\n" "- * processor's in current->mm->cpu_vm_mask and performing the\n" @@ -125,7 +125,7 @@ " \tu32 ctx = CTX_HWBITS(mm->context);\n" "-\tint cpu = get_cpu();\n" " \n" - "-\tif (atomic_read(&mm->mm_users) = 1) {\n" + "-\tif (atomic_read(&mm->mm_users) == 1) {\n" "-\t\tcpumask_copy(mm_cpumask(mm), cpumask_of(cpu));\n" "-\t\tgoto local_flush_and_out;\n" "-\t}\n" @@ -151,7 +151,7 @@ " \tinfo.nr = nr;\n" " \tinfo.vaddrs = vaddrs;\n" " \n" - "-\tif (mm = current->mm && atomic_read(&mm->mm_users) = 1)\n" + "-\tif (mm == current->mm && atomic_read(&mm->mm_users) == 1)\n" "-\t\tcpumask_copy(mm_cpumask(mm), cpumask_of(cpu));\n" "-\telse\n" "-\t\tsmp_call_function_many(mm_cpumask(mm), tlb_pending_func,\n" @@ -167,7 +167,7 @@ " \tunsigned long context = CTX_HWBITS(mm->context);\n" "-\tint cpu = get_cpu();\n" " \n" - "-\tif (mm = current->mm && atomic_read(&mm->mm_users) = 1)\n" + "-\tif (mm == current->mm && atomic_read(&mm->mm_users) == 1)\n" "-\t\tcpumask_copy(mm_cpumask(mm), cpumask_of(cpu));\n" "-\telse\n" "-\t\tsmp_cross_call_masked(&xcall_flush_tlb_page,\n" @@ -185,4 +185,4 @@ "-- \n" 2.25.1 -720770653e43335f19b38b2249fff208e8ec4eef508f36d2c34e51ab76e6ab5e +932d78f50d67b0ec2d894c570841eabf51e8a6deba380bd9c93b4536c9ec698b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.