Re: [PATCH v3 3/3] powerpc/kexec: fix double get_cpu() imbalance in kexec_prepare_cpus

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Shrikanth Hegde <sshegde@linux.ibm.com>
To: Aboorva Devarajan <aboorvad@linux.ibm.com>,
	Madhavan Srinivasan <maddy@linux.ibm.com>,
	linuxppc-dev@lists.ozlabs.org
Cc: Athira Rajeev <atrajeev@linux.vnet.ibm.com>,
	Christophe Leroy <chleroy@kernel.org>,
	linux-kernel@vger.kernel.org,
	Sourabh Jain <sourabhjain@linux.ibm.com>,
	Ritesh Harjani <ritesh.list@gmail.com>
Subject: Re: [PATCH v3 3/3] powerpc/kexec: fix double get_cpu() imbalance in kexec_prepare_cpus
Date: Fri, 5 Jun 2026 16:33:13 +0530	[thread overview]
Message-ID: <e99487c8-4630-4a44-adca-71d903ec73af@linux.ibm.com> (raw)
In-Reply-To: <20260605082912.305100-4-aboorvad@linux.ibm.com>



On 6/5/26 1:59 PM, Aboorva Devarajan wrote:
> kexec_prepare_cpus_wait() calls get_cpu() internally to obtain the
> current CPU id. kexec_prepare_cpus() calls kexec_prepare_cpus_wait()
> twice -- once for KEXEC_STATE_IRQS_OFF and once for
> KEXEC_STATE_REAL_MODE -- but only issues a single put_cpu() at the end,
> leaving preempt_count elevated by one extra nesting level.
> 
> In practice the imbalance does not trigger a 'scheduling while atomic'
> splat because the kexec path is a one-way trip: IRQs are already
> disabled, no schedule() occurs after the leak, and
> default_machine_kexec() overwrites preempt_count with HARDIRQ_OFFSET
> before jumping into kexec_sequence() which never returns. However the
> bookkeeping is still wrong.
> 
> kexec_prepare_cpus() calls local_irq_disable()/hard_irq_disable()
> before invoking kexec_prepare_cpus_wait(), so the CPU is already pinned
> and the get_cpu()/put_cpu() preempt_disable() bracketing is unnecessary.
> Only the current CPU id is needed, so replace get_cpu() with
> raw_smp_processor_id() and drop the now-unneeded put_cpu().
> 
> Fixes: 1fc711f7ffb0 ("powerpc/kexec: Fix race in kexec shutdown")
> Signed-off-by: Aboorva Devarajan <aboorvad@linux.ibm.com>
> ---
>   arch/powerpc/kexec/core_64.c | 4 +---
>   1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/arch/powerpc/kexec/core_64.c b/arch/powerpc/kexec/core_64.c
> index 825ab8a88f18..58c13a59b93b 100644
> --- a/arch/powerpc/kexec/core_64.c
> +++ b/arch/powerpc/kexec/core_64.c
> @@ -169,7 +169,7 @@ static void kexec_prepare_cpus_wait(int wait_state)
>   	int my_cpu, i, notified=-1;
>   
>   	hw_breakpoint_disable();
> -	my_cpu = get_cpu();
> +	my_cpu = raw_smp_processor_id();
>   	/* Make sure each CPU has at least made it to the state we need.
>   	 *
>   	 * FIXME: There is a (slim) chance of a problem if not all of the CPUs
> @@ -267,8 +267,6 @@ static void kexec_prepare_cpus(void)
>   	/* after we tell the others to go down */
>   	if (ppc_md.kexec_cpu_down)
>   		ppc_md.kexec_cpu_down(0, 0);
> -
> -	put_cpu();
>   }
>   
>   #else /* ! SMP */


Reviewed-by: Shrikanth Hegde <sshegde@linux.ibm.com>

next prev parent reply	other threads:[~2026-06-05 11:03 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-05  8:29 [PATCH v3 0/3] powerpc: fix preempt_count imbalances in perf and kexec paths Aboorva Devarajan
2026-06-05  8:29 ` [PATCH v3 1/3] powerpc/perf: fix preempt count underflow in fsl_emb_pmu_del Aboorva Devarajan
2026-06-05  8:29 ` [PATCH v3 2/3] powerpc/powernv: fix preempt count leak in pnv_kexec_wait_secondaries_down Aboorva Devarajan
2026-06-05  8:29 ` [PATCH v3 3/3] powerpc/kexec: fix double get_cpu() imbalance in kexec_prepare_cpus Aboorva Devarajan
2026-06-05 11:03   ` Shrikanth Hegde [this message]
2026-06-19  6:15 ` [PATCH v3 0/3] powerpc: fix preempt_count imbalances in perf and kexec paths Ritesh Harjani

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e99487c8-4630-4a44-adca-71d903ec73af@linux.ibm.com \
    --to=sshegde@linux.ibm.com \
    --cc=aboorvad@linux.ibm.com \
    --cc=atrajeev@linux.vnet.ibm.com \
    --cc=chleroy@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=maddy@linux.ibm.com \
    --cc=ritesh.list@gmail.com \
    --cc=sourabhjain@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.