From: Nicholas Piggin <npiggin@gmail.com>
To: linuxppc-dev@lists.ozlabs.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
Sachin Sant <sachinp@linux.ibm.com>,
Nicholas Piggin <npiggin@gmail.com>
Subject: [PATCH] powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled
Date: Wed, 7 Jun 2023 10:56:00 +1000 [thread overview]
Message-ID: <20230607005601.583293-1-npiggin@gmail.com> (raw)
Switching mm and tinkering with current->active_mm should be done with
irqs disabled. There is a path where exit_lazy_flush_tlb can be called
with irqs enabled:
exit_lazy_flush_tlb
flush_type_needed
__flush_all_mm
tlb_finish_mmu
exit_mmap
Which results in the switching being incorrectly with irqs enabled.
Reported-by: Sachin Sant <sachinp@linux.ibm.com>
Link: https://lore.kernel.org/linuxppc-dev/87a5xcgopc.fsf@mail.lhotse/T/#m105488939d0cd9f980978ed2fdeeb89bf731e673
Fixes: a665eec0a22e1 ("powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
This sounds worse than it probably is, radix can likely tolerate an
interrupt hitting in mm switch, and the active_mm update may not be racy
in practice either. Still be good to backport it because I'm not 100%
sure of that.
This path can be stressed by reducing tlb_mm_cpumask_trim_timer (e.g.,
to 3).
Thanks,
Nick
arch/powerpc/mm/book3s64/radix_tlb.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/mm/book3s64/radix_tlb.c b/arch/powerpc/mm/book3s64/radix_tlb.c
index ce804b7bf84e..0bd4866d9824 100644
--- a/arch/powerpc/mm/book3s64/radix_tlb.c
+++ b/arch/powerpc/mm/book3s64/radix_tlb.c
@@ -795,12 +795,20 @@ void exit_lazy_flush_tlb(struct mm_struct *mm, bool always_flush)
goto out;
if (current->active_mm == mm) {
+ unsigned long flags;
+
WARN_ON_ONCE(current->mm != NULL);
- /* Is a kernel thread and is using mm as the lazy tlb */
+ /*
+ * It is a kernel thread and is using mm as the lazy tlb, so
+ * switch it to init_mm. This is not always called from IPI
+ * (e.g., flush_type_needed), so must disable irqs.
+ */
+ local_irq_save(flags);
mmgrab_lazy_tlb(&init_mm);
current->active_mm = &init_mm;
switch_mm_irqs_off(mm, &init_mm, current);
mmdrop_lazy_tlb(mm);
+ local_irq_restore(flags);
}
/*
--
2.40.1
next reply other threads:[~2023-06-07 0:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-07 0:56 Nicholas Piggin [this message]
2023-06-07 8:22 ` [PATCH] powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled Sachin Sant
2023-07-03 4:02 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230607005601.583293-1-npiggin@gmail.com \
--to=npiggin@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sachinp@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.