releases/4.9.62/mips-fix-race-on-setting-and-getting-cpu_online_mask.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 6f542ebeaee0ee552a902ce3892220fc22c7ec8e Mon Sep 17 00:00:00 2001
 From: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
 Date: Thu, 3 Aug 2017 08:20:22 +0200
 Subject: MIPS: Fix race on setting and getting cpu_online_mask

 From: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>

 commit 6f542ebeaee0ee552a902ce3892220fc22c7ec8e upstream.

 While testing cpu hoptlug (cpu down and up in loops) on kernel 4.4, it was
 observed that occasionally check for cpu online will fail in kernel/cpu.c,
 _cpu_up:

 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/kernel/cpu.c?h=v4.4.79#n485
  518        /* Arch-specific enabling code. */
  519        ret = __cpu_up(cpu, idle);
  520
  521        if (ret != 0)
  522                goto out_notify;
  523        BUG_ON(!cpu_online(cpu));

 Reason is race between start_secondary and _cpu_up. cpu_callin_map is set
 before cpu_online_mask. In __cpu_up, cpu_callin_map is waited for, but cpu
 online mask is not, resulting in race in which secondary processor started
 and set cpu_callin_map, but not yet set the online mask,resulting in above
 BUG being hit.

 Upstream differs in the area. cpu_online check is in bringup_wait_for_ap,
 which is after cpu reached AP_ONLINE_IDLE,where secondary passed its start
 function. Nonetheless, fix makes start_secondary safe and not depending on
 other locks throughout the code. It protects as well against cpu_online
 checks put in between sometimes in the future.

 Fix this by moving completion after all flags are set.

 Signed-off-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
 Cc: Alexander Sverdlin <alexander.sverdlin@nokia.com>
 Cc: linux-mips@linux-mips.org
 Patchwork: https://patchwork.linux-mips.org/patch/16925/
 Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  arch/mips/kernel/smp.c |    6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)

 --- a/arch/mips/kernel/smp.c
 +++ b/arch/mips/kernel/smp.c
 @@ -371,9 +371,6 @@ asmlinkage void start_secondary(void)
  	cpumask_set_cpu(cpu, &cpu_coherent_mask);
  	notify_cpu_starting(cpu);

 -	complete(&cpu_running);
 -	synchronise_count_slave(cpu);
 -
  	set_cpu_online(cpu, true);

  	set_cpu_sibling_map(cpu);
 @@ -381,6 +378,9 @@ asmlinkage void start_secondary(void)

  	calculate_cpu_foreign_map();

 +	complete(&cpu_running);
 +	synchronise_count_slave(cpu);
 +
  	/*
  	 * irq will be enabled in ->smp_finish(), enabling it too early
  	 * is dangerous.
	From 6f542ebeaee0ee552a902ce3892220fc22c7ec8e Mon Sep 17 00:00:00 2001
	From: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
	Date: Thu, 3 Aug 2017 08:20:22 +0200
	Subject: MIPS: Fix race on setting and getting cpu_online_mask

	From: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>

	commit 6f542ebeaee0ee552a902ce3892220fc22c7ec8e upstream.

	While testing cpu hoptlug (cpu down and up in loops) on kernel 4.4, it was
	observed that occasionally check for cpu online will fail in kernel/cpu.c,
	_cpu_up:

	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/kernel/cpu.c?h=v4.4.79#n485
	518 /* Arch-specific enabling code. */
	519 ret = __cpu_up(cpu, idle);
	520
	521 if (ret != 0)
	522 goto out_notify;
	523 BUG_ON(!cpu_online(cpu));

	Reason is race between start_secondary and _cpu_up. cpu_callin_map is set
	before cpu_online_mask. In __cpu_up, cpu_callin_map is waited for, but cpu
	online mask is not, resulting in race in which secondary processor started
	and set cpu_callin_map, but not yet set the online mask,resulting in above
	BUG being hit.

	Upstream differs in the area. cpu_online check is in bringup_wait_for_ap,
	which is after cpu reached AP_ONLINE_IDLE,where secondary passed its start
	function. Nonetheless, fix makes start_secondary safe and not depending on
	other locks throughout the code. It protects as well against cpu_online
	checks put in between sometimes in the future.

	Fix this by moving completion after all flags are set.

	Signed-off-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
	Cc: Alexander Sverdlin <alexander.sverdlin@nokia.com>
	Cc: linux-mips@linux-mips.org
	Patchwork: https://patchwork.linux-mips.org/patch/16925/
	Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	arch/mips/kernel/smp.c \| 6 +++---
	1 file changed, 3 insertions(+), 3 deletions(-)

	--- a/arch/mips/kernel/smp.c
	+++ b/arch/mips/kernel/smp.c
	@@ -371,9 +371,6 @@ asmlinkage void start_secondary(void)
	cpumask_set_cpu(cpu, &cpu_coherent_mask);
	notify_cpu_starting(cpu);

	- complete(&cpu_running);
	- synchronise_count_slave(cpu);
	-
	set_cpu_online(cpu, true);

	set_cpu_sibling_map(cpu);
	@@ -381,6 +378,9 @@ asmlinkage void start_secondary(void)

	calculate_cpu_foreign_map();

	+ complete(&cpu_running);
	+ synchronise_count_slave(cpu);
	+
	/*
	* irq will be enabled in ->smp_finish(), enabling it too early
	* is dangerous.