From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5772A36C0CF for ; Tue, 17 Feb 2026 15:12:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771341167; cv=none; b=dHDoz+koj+LaUn0kqAxqJY9CqT4yne9V4upTFz5ctpK5bcVr2N/ip25S+ySVMVzJVJXduwoOU6BrPBEyUn493NxRBfnCsrWFkJeMd1pUh33XABvu4/QJk1LAPUqEBiDJHt/o8bj7fvoe3rf6UAl7zq6atm68WV/gH3bzkDmCNj4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771341167; c=relaxed/simple; bh=36KdfcwHa3G9hK5xDEddu2BYU4y52Ulm7E6DW4D4DeQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=art6vfg3X2kNusrGHIzSHKm8olwIel4j9pu8zvlNPL/VILRDawe63YPp3cCW/FtYxrwRATNzDFeMjb3ZNb+oqtXDvCp0/+/nRSd8SKPGnGrwCDjyFWO0PHNPrQYyJRP+AWVFLu5HCA4RPPmbkDwk1cFyiAlSJ83jeoxqSInGXpQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF135C4CEF7; Tue, 17 Feb 2026 15:12:46 +0000 (UTC) Date: Tue, 17 Feb 2026 09:12:43 -0600 From: Seth Forshee To: Dave Hansen Cc: Stephen Dolan , Andy Lutomirski , Peter Zijlstra , linux-kernel@vger.kernel.org, Eric Hagberg , Nick Barnes Subject: Re: x86/mm: Finishing off the fix for a should_flush_tlb race Message-ID: References: <281e8018-5506-4a79-8775-e0de7e58b95f@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <281e8018-5506-4a79-8775-e0de7e58b95f@intel.com> On Fri, Oct 10, 2025 at 01:45:45PM -0700, Dave Hansen wrote: > On 10/9/25 07:01, Stephen Dolan wrote: > > That way, either shootdown sees LOADED_MM_SWITCHING and sends an IPI, or > > switch_mm_irqs_off sees the updated tlb_gen. The problem in both cases > > is about the *before*-ness in switch_mm_irqs_off: > > > > - in the latest tree, there isn't enough fencing to enforce this > > ordering. > > Stephen, thank you again for the stunningly great bug report! > > I'll plan to stick the upstream fix into our x86/urgent pile early next > week. > > > - in the stable kernel trees (6.1, 6.6, 6.12), the code is in the > > wrong order. > > This fix also makes sense to me. It's a bummer that the stable fixes are > diverging, but I don't have a better idea. So: > > Acked-by: Dave Hansen > > It would be best if you could just submit that patch directly to the > stable trees: > > https://www.kernel.org/doc/Documentation/process/stable-kernel-rules.rst > > after the equivalent upstream fix lands (even though it is a different > logical patch). I wanted to check on the status of the stable patches, since I see the upstream fix went into 6.18 but there's still no fix in the 6.12 stable tree. We've been seeing segfaults during a test case with 6.12, and after bisecting we found that reverting both "x86/mm: Eliminate window where TLB flushes may be inadvertently skipped" and "x86/mm/tlb: Only trim the mm_cpumask once a second" seems to get rid of the segfaults. I'll try to get some testing with the proposed stable patch today. Thanks, Seth