From: Shinichiro Kawasaki <shinichiro.kawasaki@wdc.com>
To: Thomas Gleixner <tglx@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Ihor Solodrai <ihor.solodrai@linux.dev>,
Shrikanth Hegde <sshegde@linux.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Michael Jeanson <mjeanson@efficios.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Alexander Potapenko <glider@google.com>,
"kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>
Subject: Re: [patch V2 3/4] sched/mmcid: Drop per CPU CID immediately when switching to per task mode
Date: Tue, 10 Feb 2026 14:55:16 +0000 [thread overview]
Message-ID: <aYtE2xHG2A8DWWmD@shinmob> (raw)
In-Reply-To: <87wm0kafk2.ffs@tglx>
On Feb 10, 2026 / 14:33, Thomas Gleixner wrote:
[...]
> Can you please try the fix below?
>
> Thanks
>
> tglx
> ---
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index 854984967fe2..61c2d65156b5 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -10729,10 +10729,9 @@ void sched_mm_cid_exit(struct task_struct *t)
> return;
> /*
> * Mode change. The task has the CID unset
> - * already. The CPU CID is still valid and
> - * does not have MM_CID_TRANSIT set as the
> - * mode change has just taken effect under
> - * mm::mm_cid::lock. Drop it.
> + * already and dealt with an eventually set
> + * TRANSIT bit. If the CID is owned by the CPU
> + * then drop it.
> */
> mm_drop_cid_on_cpu(mm, this_cpu_ptr(mm->mm_cid.pcpu));
> }
> diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
> index bd350e40859d..1b4283e9edc3 100644
> --- a/kernel/sched/sched.h
> +++ b/kernel/sched/sched.h
> @@ -3758,8 +3758,10 @@ static __always_inline void mm_unset_cid_on_task(struct task_struct *t)
> static __always_inline void mm_drop_cid_on_cpu(struct mm_struct *mm, struct mm_cid_pcpu *pcp)
> {
> /* Clear the ONCPU bit, but do not set UNSET in the per CPU storage */
> - pcp->cid = cpu_cid_to_cid(pcp->cid);
> - mm_drop_cid(mm, pcp->cid);
> + if (cid_on_cpu(pcp->cid)) {
> + pcp->cid = cpu_cid_to_cid(pcp->cid);
> + mm_drop_cid(mm, pcp->cid);
> + }
> }
>
> static inline unsigned int __mm_get_cid(struct mm_struct *mm, unsigned int max_cids)
>
Thomas, the fix patch worked! I applied the patch on top of v6.19 kernel, then
the KASAN is no longer observed. I confirmed it with my two test nodes. Thank
you very much for the swift fix :)
In case the patch will be posted as a formal one,
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
P.S. I stop working here tonight. If my response will be required, I will do so
tomorrow.
next prev parent reply other threads:[~2026-02-10 14:55 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-02 9:39 [patch V2 0/4] sched/mmcid: Cure mode transition woes Thomas Gleixner
2026-02-02 9:39 ` [patch V2 1/4] sched/mmcid: Prevent live lock on task to CPU mode transition Thomas Gleixner
2026-02-02 14:50 ` Mathieu Desnoyers
2026-02-04 13:27 ` [tip: sched/urgent] " tip-bot2 for Thomas Gleixner
2026-02-02 9:39 ` [patch V2 2/4] sched/mmcid: Protect transition on weakly ordered systems Thomas Gleixner
2026-02-02 14:53 ` Mathieu Desnoyers
2026-02-04 13:27 ` [tip: sched/urgent] " tip-bot2 for Thomas Gleixner
2026-02-02 9:39 ` [patch V2 3/4] sched/mmcid: Drop per CPU CID immediately when switching to per task mode Thomas Gleixner
2026-02-04 13:27 ` [tip: sched/urgent] " tip-bot2 for Thomas Gleixner
2026-02-10 7:33 ` [patch V2 3/4] " Shinichiro Kawasaki
2026-02-10 10:44 ` Thomas Gleixner
2026-02-10 11:51 ` Shinichiro Kawasaki
2026-02-10 13:03 ` Peter Zijlstra
2026-02-10 14:15 ` Shinichiro Kawasaki
2026-02-10 13:33 ` Thomas Gleixner
2026-02-10 14:55 ` Shinichiro Kawasaki [this message]
2026-02-10 16:20 ` [PATCH] sched/mmcid: Don't assume CID is CPU owned on mode switch Thomas Gleixner
2026-02-10 16:28 ` Mathieu Desnoyers
2026-02-11 10:33 ` Takashi Iwai
2026-02-11 21:00 ` Linus Torvalds
2026-02-02 9:39 ` [patch V2 4/4] sched/mmcid: Optimize transitional CIDs when scheduling out Thomas Gleixner
2026-02-02 14:56 ` Mathieu Desnoyers
2026-02-04 13:27 ` [tip: sched/urgent] " tip-bot2 for Thomas Gleixner
2026-02-02 10:14 ` [patch V2 0/4] sched/mmcid: Cure mode transition woes Peter Zijlstra
2026-02-02 11:46 ` Mathieu Desnoyers
2026-02-02 12:54 ` Peter Zijlstra
2026-02-02 21:22 ` Mathieu Desnoyers
2026-02-04 10:53 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYtE2xHG2A8DWWmD@shinmob \
--to=shinichiro.kawasaki@wdc.com \
--cc=glider@google.com \
--cc=ihor.solodrai@linux.dev \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mjeanson@efficios.com \
--cc=peterz@infradead.org \
--cc=ryabinin.a.a@gmail.com \
--cc=sshegde@linux.ibm.com \
--cc=tglx@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox