On 08.11.2017 09:41, Christian Borntraeger wrote:
> swait_active does not enforce any ordering and it can therefore trigger
> some subtle races when the CPU moves the read for the check before a
> previous store and that store is then used on another CPU that is
> preparing the swait.
>
> On s390 there is a call to swait_active in kvm_s390_vcpu_wakeup. The
> good thing is, on s390 all potential races cannot happen because all
> callers of kvm_s390_vcpu_wakeup do not store (no race) or use an atomic
> operation, which handles memory ordering. Since this is not guaranteed
> by the Linux semantics (but by the implementation on s390) let's add
> smp_mb_after_atomic to make this obvious and document the ordering.
>
> Suggested-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Acked-by: Halil Pasic <pasic@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
> ---
> arch/s390/kvm/interrupt.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
> index a832ad0..23d8fb2 100644
> --- a/arch/s390/kvm/interrupt.c
> +++ b/arch/s390/kvm/interrupt.c
> @@ -1074,6 +1074,12 @@ void kvm_s390_vcpu_wakeup(struct kvm_vcpu *vcpu)
> * in kvm_vcpu_block without having the waitqueue set (polling)
> */
> vcpu->valid_wakeup = true;
> + /*
> + * This is mostly to document, that the read in swait_active could
> + * be moved before other stores, leading to subtle races.
> + * All current users do not store or use an atomic like update
Wonder if it makes sense to document it in a way, that future code
changes (outside of kvm_s390_vcpu_wakeup) will outdate documentation.
/*
* The read in swait_active could be moved before other stores, so avoid
* any subtle races with potential callers.
*/
Whatever you go for:
Reviewed-by: David Hildenbrand <david@xxxxxxxxxx>
> + */
> + smp_mb__after_atomic();
> if (swait_active(&vcpu->wq)) {
> /*
> * The vcpu gave up the cpu voluntarily, mark it as a good
>
--
Thanks,
David / dhildenb
