This is a note to let you know that I've just added the patch titled
locking/mcs: Fix mcs_spin_lock() ordering
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
locking-mcs-fix-mcs_spin_lock-ordering.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 920c720aa5aa3900a7f1689228fdfc2580a91e7e Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Date: Mon, 1 Feb 2016 15:11:28 +0100
Subject: locking/mcs: Fix mcs_spin_lock() ordering
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
commit 920c720aa5aa3900a7f1689228fdfc2580a91e7e upstream.
Similar to commit b4b29f94856a ("locking/osq: Fix ordering of node
initialisation in osq_lock") the use of xchg_acquire() is
fundamentally broken with MCS like constructs.
Furthermore, it turns out we rely on the global transitivity of this
operation because the unlock path observes the pointer with a
READ_ONCE(), not an smp_load_acquire().
This is non-critical because the MCS code isn't actually used and
mostly serves as documentation, a stepping stone to the more complex
things we've build on top of the idea.
Reported-by: Andrea Parri <parri.andrea@xxxxxxxxx>
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Paul E. McKenney <paulmck@xxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Fixes: 3552a07a9c4a ("locking/mcs: Use acquire/release semantics")
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/locking/mcs_spinlock.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/kernel/locking/mcs_spinlock.h
+++ b/kernel/locking/mcs_spinlock.h
@@ -67,7 +67,13 @@ void mcs_spin_lock(struct mcs_spinlock *
node->locked = 0;
node->next = NULL;
- prev = xchg_acquire(lock, node);
+ /*
+ * We rely on the full barrier with global transitivity implied by the
+ * below xchg() to order the initialization stores above against any
+ * observation of @node. And to provide the ACQUIRE ordering associated
+ * with a LOCK primitive.
+ */
+ prev = xchg(lock, node);
if (likely(prev == NULL)) {
/*
* Lock acquired, don't need to set node->locked to 1. Threads
Patches currently in stable-queue which might be from peterz@xxxxxxxxxxxxx are
queue-4.4/cgroup-make-sure-a-parent-css-isn-t-freed-before-its-children.patch
queue-4.4/x86-edac-sb_edac.c-repair-damage-introduced-when-fixing-channel-address.patch
queue-4.4/efi-expose-non-blocking-set_variable-wrapper-to-efivars.patch
queue-4.4/sched-cgroup-fix-cleanup-cgroup-teardown-init.patch
queue-4.4/asm-generic-futex-re-enable-preemption-in-futex_atomic_cmpxchg_inatomic.patch
queue-4.4/x86-mce-avoid-using-object-after-free-in-genpool.patch
queue-4.4/futex-handle-unlock_pi-race-gracefully.patch
queue-4.4/locking-mcs-fix-mcs_spin_lock-ordering.patch
queue-4.4/futex-acknowledge-a-new-waiter-in-counter-before-plist.patch
queue-4.4/x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html