| From b82ab65560f7f21371d90f94d51b2e535574adeb Mon Sep 17 00:00:00 2001 |
| From: Steven Rostedt <rostedt@goodmis.org> |
| Date: Mon, 19 Aug 2013 11:35:33 -0400 |
| Subject: [PATCH] swait: Add smp_mb() after setting h->list |
| |
| The raw_spin_unlock() is not a full memory barrier. It only keeps |
| things from leaking past it, but does not prevent leaks from entering |
| the critical section. That is: |
| |
| p = 1; |
| |
| raw_spin_lock(); |
| [...] |
| raw_spin_unlock(); |
| |
| y = x |
| |
| Can turn into: |
| |
| p = 1; |
| |
| raw_spin_lock(); |
| |
| load x |
| |
| store p = 1 |
| |
| raw_spin_unlock(); |
| |
| y = x |
| |
| This means that the condition check in __swait_event() (and friends) |
| can be seen before the h->list is set. |
| |
| raw_spin_lock(); |
| |
| load condition; |
| |
| store h->list; |
| |
| raw_spin_unlock(); |
| |
| And the other CPU can see h->list as empty, and this CPU see condition |
| as not set, and possibly miss the wake up. |
| |
| To prevent this from happening, add an mb() after setting the h->list. |
| |
| Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> |
| Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
| Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
| --- |
| kernel/wait-simple.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/kernel/wait-simple.c |
| +++ b/kernel/wait-simple.c |
| @@ -16,6 +16,8 @@ |
| static inline void __swait_enqueue(struct swait_head *head, struct swaiter *w) |
| { |
| list_add(&w->node, &head->list); |
| + /* We can't let the condition leak before the setting of head */ |
| + smp_mb(); |
| } |
| |
| /* Removes w from head->list. Must be called with head->lock locked. */ |
