Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86/pti updates from Thomas Gleixner: "A mixed bag of fixes and updates for the ghosts which are hunting us. The scheduler fixes have been pulled into that branch to avoid conflicts. - A set of fixes to address a khread_parkme() race which caused lost wakeups and loss of state. - A deadlock fix for stop_machine() solved by moving the wakeups outside of the stopper_lock held region. - A set of Spectre V1 array access restrictions. The possible problematic spots were discuvered by Dan Carpenters new checks in smatch. - Removal of an unused file which was forgotten when the rest of that functionality was removed" * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vdso: Remove unused file perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] sched/core: Introduce set_special_state() kthread, sched/wait: Fix kthread_parkme() completion issue kthread, sched/wait: Fix kthread_parkme() wait-loop sched/fair: Fix the update of blocked load when newly idle stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
author: Linus Torvalds <torvalds@linux-foundation.org> 2018-05-13 13:53:08 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-05-13 13:53:08 -0400
commit: 66e1c94db3cd4e094de66a6be68c3ab6d17e0c52 (patch)
tree: 920eecb13e08704407ce3aa9739699366b3ef130 /include/linux
parent: 86a4ac433b927a610c09aa6cfb1926d94a6b37b7 (diff)
parent: e0f6d1a526b6adfa9ca3b336b83ece0eed345033 (diff)
3 files changed, 47 insertions, 6 deletions
diff --git a/include/linux/kthread.h b/include/linux/kthread.h
index c1961761311d..2803264c512f 100644
--- a/include/linux/kthread.h
+++ b/include/linux/kthread.h
@@ -62,6 +62,7 @@ void *kthread_probe_data(struct task_struct *k);
 int kthread_park(struct task_struct *k);
 void kthread_unpark(struct task_struct *k);
 void kthread_parkme(void);
+void kthread_park_complete(struct task_struct *k);
 int kthreadd(void *unused);
 extern struct task_struct *kthreadd_task;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index b3d697f3b573..c2413703f45d 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -112,17 +112,36 @@ struct task_group;
 #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
+/*
+ * Special states are those that do not use the normal wait-loop pattern. See
+ * the comment with set_special_state().
+ */
+#define is_special_task_state(state)                            \
+        ((state) & (__TASK_STOPPED | __TASK_TRACED | TASK_DEAD))
 #define __set_current_state(state_value)                        \
        do {                                                    \
+                WARN_ON_ONCE(is_special_task_state(state_value));\
                current->task_state_change = _THIS_IP_;         \
                current->state = (state_value);                 \
        } while (0)
 #define set_current_state(state_value)                          \
        do {                                                    \
+                WARN_ON_ONCE(is_special_task_state(state_value));\
                current->task_state_change = _THIS_IP_;         \
                smp_store_mb(current->state, (state_value));    \
        } while (0)
+#define set_special_state(state_value)                                  \
+        do {                                                            \
+                unsigned long flags; /* may shadow */                   \
+                WARN_ON_ONCE(!is_special_task_state(state_value));      \
+                raw_spin_lock_irqsave(&current->pi_lock, flags);        \
+                current->task_state_change = _THIS_IP_;                 \
+                current->state = (state_value);                         \
+                raw_spin_unlock_irqrestore(&current->pi_lock, flags);   \
+        } while (0)
 #else
 /*
 * set_current_state() includes a barrier so that the write of current->state
@@ -144,8 +163,8 @@ struct task_group;
 *
 * The above is typically ordered against the wakeup, which does:
 *
- *      need_sleep = false;
+ *   need_sleep = false;
- *      wake_up_state(p, TASK_UNINTERRUPTIBLE);
+ *   wake_up_state(p, TASK_UNINTERRUPTIBLE);
 *
 * Where wake_up_state() (and all other wakeup primitives) imply enough
 * barriers to order the store of the variable against wakeup.
@@ -154,12 +173,33 @@ struct task_group;
 * once it observes the TASK_UNINTERRUPTIBLE store the waking CPU can issue a
 * TASK_RUNNING store which can collide with __set_current_state(TASK_RUNNING).
 *
- * This is obviously fine, since they both store the exact same value.
+ * However, with slightly different timing the wakeup TASK_RUNNING store can
+ * also collide with the TASK_UNINTERRUPTIBLE store. Loosing that store is not
+ * a problem either because that will result in one extra go around the loop
+ * and our @cond test will save the day.
 *
 * Also see the comments of try_to_wake_up().
 */
-#define __set_current_state(state_value) do { current->state = (state_value); } while (0)
+#define __set_current_state(state_value)                                \
-#define set_current_state(state_value)   smp_store_mb(current->state, (state_value))
+        current->state = (state_value)
+#define set_current_state(state_value)                                  \
+        smp_store_mb(current->state, (state_value))
+/*
+ * set_special_state() should be used for those states when the blocking task
+ * can not use the regular condition based wait-loop. In that case we must
+ * serialize against wakeups such that any possible in-flight TASK_RUNNING stores
+ * will not collide with our state change.
+ */
+#define set_special_state(state_value)                                  \
+        do {                                                            \
+                unsigned long flags; /* may shadow */                   \
+                raw_spin_lock_irqsave(&current->pi_lock, flags);        \
+                current->state = (state_value);                         \
+                raw_spin_unlock_irqrestore(&current->pi_lock, flags);   \
+        } while (0)
 #endif
 /* Task command name length: */
diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h
index a7ce74c74e49..113d1ad1ced7 100644
--- a/include/linux/sched/signal.h
+++ b/include/linux/sched/signal.h
@@ -280,7 +280,7 @@ static inline void kernel_signal_stop(void)
 {
        spin_lock_irq(&current->sighand->siglock);
        if (current->jobctl & JOBCTL_STOP_DEQUEUED)
-                __set_current_state(TASK_STOPPED);
+                set_special_state(TASK_STOPPED);
        spin_unlock_irq(&current->sighand->siglock);
        schedule();
author	Linus Torvalds <torvalds@linux-foundation.org>	2018-05-13 13:53:08 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-05-13 13:53:08 -0400
commit	66e1c94db3cd4e094de66a6be68c3ab6d17e0c52 (patch)
tree	920eecb13e08704407ce3aa9739699366b3ef130 /include/linux
parent	86a4ac433b927a610c09aa6cfb1926d94a6b37b7 (diff)
parent	e0f6d1a526b6adfa9ca3b336b83ece0eed345033 (diff)