Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2473643imm; Mon, 28 May 2018 08:45:36 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqCc/CCrSK0yoXigqed8IAlap+6X6oxwYdQrV4cZyjtZ46OxUAaQ9c9MDkugZfVyKEdXbId X-Received: by 2002:a62:8d51:: with SMTP id z78-v6mr13952312pfd.69.1527522336148; Mon, 28 May 2018 08:45:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527522336; cv=none; d=google.com; s=arc-20160816; b=cpApfFO4x8VNPNYsRQml+AS+6zPOr4kfLiA0eVHnDMTHTqgUhvCFrhVOqXGI2E1JYW HtEx02Y/lJVn2iNvFrz7kzY9ICdA2Ajw8z1JnR6yVfWc+TP9V2A3sURpdxZjTO8oZnWr PjLaX0j99qNiGRvK20pDWQxkSSBogMyRRucNiOwv1hv2zExDjeOHVLKzDFUczOpNi8VJ 8B7YTbCLgLlpPMxgPUjWzeuN5luTAjQ7idiqPBAZ22l+/UVsXv77jEQM4u7eEG0iy8GA nX0y3pouOpE8ccG/207tJ56h47Lo481m/PNPk6+hDRix8KNcRSNZfMZXEJVjv1eD9hk3 vtig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=4oRTqkIy9hq6SRR6u2twbkPeXKCOIUKv0ua4Eoo0gH4=; b=w4yrYkMHuhn4OyZ45KXDPcUKbriW1157QqZRaH7ACr5emgqdVe3Wa4xbw97FaMtBmZ AdR6ks82x/J0bqTbhCs8X2CNcjM8xKXudRa1PGBAnk1FkX2mxmaD3H8T+n/iCDFEAkr4 9WH4qcRmNWhYFutS55JG7VT406CjKv+tuqC3LvZ5SEWUl3FsR4UUU1EHS9ltZXnPjIVV gXSpzHVR2kY0rFanJeviEQZxkVOt+QzrXx5tEfLsBLvI0wkVuvXwreY8ZxRSnlrx3ARy uW4BSr5tN8LZXFq137Y8Wn9pDY6r475jn9iMfLgKPMpTm/erKGzLhA88En63qr2X7HrM 3h4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0EzeoN8c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k25-v6si3388404pfi.177.2018.05.28.08.45.21; Mon, 28 May 2018 08:45:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0EzeoN8c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S969144AbeE1Por (ORCPT + 99 others); Mon, 28 May 2018 11:44:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:37272 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966814AbeE1KRI (ORCPT ); Mon, 28 May 2018 06:17:08 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 916CB206B7; Mon, 28 May 2018 10:17:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527502628; bh=j+SC21TKF0GI95eK9KbXYe0mm+PAxC7e4MlWMhru+ew=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0EzeoN8cainw2aCXCCW7xKbQlTiiglpo4CD2wIvpfhatFljbj33qEpVCJzRl2+cI6 8uiFHkInXeCwvXnShEtvtdKggi5/D86xM0xCdAQKDNzryMcdooF2CyJWJ8DPtmeuFv Pg9h4+hn6EbFN85LTex4Z7hz5tUEOnf4+qXhslNI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Will Deacon , "Peter Zijlstra (Intel)" , Linus Torvalds , Thomas Gleixner , Ingo Molnar , Sasha Levin Subject: [PATCH 4.4 070/268] locking/qspinlock: Ensure node->count is updated before initialising node Date: Mon, 28 May 2018 12:00:44 +0200 Message-Id: <20180528100209.755214820@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100202.045206534@linuxfoundation.org> References: <20180528100202.045206534@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Will Deacon [ Upstream commit 11dc13224c975efcec96647a4768a6f1bb7a19a8 ] When queuing on the qspinlock, the count field for the current CPU's head node is incremented. This needn't be atomic because locking in e.g. IRQ context is balanced and so an IRQ will return with node->count as it found it. However, the compiler could in theory reorder the initialisation of node[idx] before the increment of the head node->count, causing an IRQ to overwrite the initialised node and potentially corrupt the lock state. Avoid the potential for this harmful compiler reordering by placing a barrier() between the increment of the head node->count and the subsequent node initialisation. Signed-off-by: Will Deacon Acked-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1518528177-19169-3-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- kernel/locking/qspinlock.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/kernel/locking/qspinlock.c +++ b/kernel/locking/qspinlock.c @@ -423,6 +423,14 @@ queue: tail = encode_tail(smp_processor_id(), idx); node += idx; + + /* + * Ensure that we increment the head node->count before initialising + * the actual node. If the compiler is kind enough to reorder these + * stores, then an IRQ could overwrite our assignments. + */ + barrier(); + node->locked = 0; node->next = NULL; pv_init_node(node);