From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Jean-Philippe Brucker" <jean-philippe.brucker@arm.com>,
"Jérôme Glisse" <jglisse@redhat.com>,
"Michal Hocko" <mhocko@suse.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Sasha Levin" <sashal@kernel.org>,
linux-mm@kvack.org
Subject: [PATCH AUTOSEL 4.14 59/60] mm/mmu_notifier: use hlist_add_head_rcu()
Date: Fri, 19 Jul 2019 00:11:08 -0400 [thread overview]
Message-ID: <20190719041109.18262-59-sashal@kernel.org> (raw)
In-Reply-To: <20190719041109.18262-1-sashal@kernel.org>
From: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
[ Upstream commit 543bdb2d825fe2400d6e951f1786d92139a16931 ]
Make mmu_notifier_register() safer by issuing a memory barrier before
registering a new notifier. This fixes a theoretical bug on weakly
ordered CPUs. For example, take this simplified use of notifiers by a
driver:
my_struct->mn.ops = &my_ops; /* (1) */
mmu_notifier_register(&my_struct->mn, mm)
...
hlist_add_head(&mn->hlist, &mm->mmu_notifiers); /* (2) */
...
Once mmu_notifier_register() releases the mm locks, another thread can
invalidate a range:
mmu_notifier_invalidate_range()
...
hlist_for_each_entry_rcu(mn, &mm->mmu_notifiers, hlist) {
if (mn->ops->invalidate_range)
The read side relies on the data dependency between mn and ops to ensure
that the pointer is properly initialized. But the write side doesn't have
any dependency between (1) and (2), so they could be reordered and the
readers could dereference an invalid mn->ops. mmu_notifier_register()
does take all the mm locks before adding to the hlist, but those have
acquire semantics which isn't sufficient.
By calling hlist_add_head_rcu() instead of hlist_add_head() we update the
hlist using a store-release, ensuring that readers see prior
initialization of my_struct. This situation is better illustated by
litmus test MP+onceassign+derefonce.
Link: http://lkml.kernel.org/r/20190502133532.24981-1-jean-philippe.brucker@arm.com
Fixes: cddb8a5c14aa ("mmu-notifiers: core")
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Cc: Jérôme Glisse <jglisse@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/mmu_notifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c
index 314285284e6e..70d0efb06374 100644
--- a/mm/mmu_notifier.c
+++ b/mm/mmu_notifier.c
@@ -267,7 +267,7 @@ static int do_mmu_notifier_register(struct mmu_notifier *mn,
* thanks to mm_take_all_locks().
*/
spin_lock(&mm->mmu_notifier_mm->lock);
- hlist_add_head(&mn->hlist, &mm->mmu_notifier_mm->list);
+ hlist_add_head_rcu(&mn->hlist, &mm->mmu_notifier_mm->list);
spin_unlock(&mm->mmu_notifier_mm->lock);
mm_drop_all_locks(mm);
--
2.20.1
next prev parent reply other threads:[~2019-07-19 4:19 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-19 4:10 [PATCH AUTOSEL 4.14 01/60] drm/panel: simple: Fix panel_simple_dsi_probe Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 02/60] usb: core: hub: Disable hub-initiated U1/U2 Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 03/60] tty: max310x: Fix invalid baudrate divisors calculator Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 04/60] pinctrl: rockchip: fix leaked of_node references Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 05/60] tty: serial: cpm_uart - fix init when SMC is relocated Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 06/60] drm/edid: Fix a missing-check bug in drm_load_edid_firmware() Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 07/60] PCI: Return error if cannot probe VF Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 08/60] drm/bridge: tc358767: read display_props in get_modes() Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 09/60] drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 10/60] drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 11/60] memstick: Fix error cleanup path of memstick_init Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 12/60] tty/serial: digicolor: Fix digicolor-usart already registered warning Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 13/60] tty: serial: msm_serial: avoid system lockup condition Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 14/60] serial: 8250: Fix TX interrupt handling condition Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 15/60] drm/virtio: Add memory barriers for capset cache Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 16/60] phy: renesas: rcar-gen2: Fix memory leak at error paths Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 17/60] powerpc/pseries/mobility: prevent cpu hotplug during DT update Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 18/60] drm/rockchip: Properly adjust to a true clock in adjusted_mode Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 19/60] iio:core: Fix bug in length of event info_mask and catch unhandled bits set in masks Sasha Levin
2019-07-21 17:27 ` Jonathan Cameron
2019-07-28 15:38 ` Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 20/60] tty: serial_core: Set port active bit in uart_port_activate Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 21/60] usb: gadget: Zero ffs_io_data Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 22/60] usb: gadget: storage: Remove warning message Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 23/60] powerpc/pci/of: Fix OF flags parsing for 64bit BARs Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 24/60] drm/msm: Depopulate platform on probe failure Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 25/60] serial: mctrl_gpio: Check if GPIO property exisits before requesting it Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 26/60] PCI: sysfs: Ignore lockdep for remove attribute Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 27/60] iio: st_accel: fix iio_triggered_buffer_{pre,post}enable positions Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 28/60] kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 29/60] PCI: xilinx-nwl: Fix Multi MSI data programming Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 30/60] iio: iio-utils: Fix possible incorrect mask calculation Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 31/60] powerpc/xmon: Fix disabling tracing while in xmon Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 32/60] recordmcount: Fix spurious mcount entries on powerpc Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 33/60] mfd: core: Set fwnode for created devices Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 34/60] mfd: arizona: Fix undefined behavior Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 35/60] mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 36/60] um: Silence lockdep complaint about mmap_sem Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 37/60] powerpc/4xx/uic: clear pending interrupt after irq type/pol change Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 38/60] RDMA/i40iw: Set queue pair state when being queried Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 39/60] serial: sh-sci: Terminate TX DMA during buffer flushing Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 40/60] serial: sh-sci: Fix TX DMA buffer flushing and workqueue races Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 41/60] PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 Sasha Levin
2019-07-19 8:33 ` Jon Hunter
2019-07-19 13:31 ` Sasha Levin
2019-07-19 13:53 ` Lorenzo Pieralisi
2019-07-28 15:42 ` Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 42/60] kallsyms: exclude kasan local symbols on s390 Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 43/60] perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 44/60] perf session: Fix potential NULL pointer dereference found by the smatch tool Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 45/60] perf annotate: Fix dereferencing freed memory " Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 46/60] RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 47/60] PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 48/60] powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 49/60] f2fs: avoid out-of-range memory access Sasha Levin
2019-07-19 4:10 ` [PATCH AUTOSEL 4.14 50/60] mailbox: handle failed named mailbox channel request Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 51/60] powerpc/eeh: Handle hugepages in ioremap space Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 52/60] s390/dasd: Make layout analysis ESE compatible Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 53/60] block/bio-integrity: fix a memory leak bug Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 54/60] sh: prevent warnings when using iounmap Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 55/60] mm/kmemleak.c: fix check for softirq context Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 56/60] 9p: pass the correct prototype to read_cache_page Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 57/60] mm/gup.c: mark undo_dev_pagemap as __maybe_unused Sasha Levin
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 58/60] mm/gup.c: remove some BUG_ONs from get_gate_page() Sasha Levin
2019-07-19 4:11 ` Sasha Levin [this message]
2019-07-19 4:11 ` [PATCH AUTOSEL 4.14 60/60] locking/lockdep: Fix lock used or unused stats error Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190719041109.18262-59-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=jean-philippe.brucker@arm.com \
--cc=jglisse@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).