linux/arch
Christian Borntraeger 1365039d0c KVM: s390: Fix ipte locking
ipte_unlock_siif uses cmpxchg to replace the in-memory data of the ipte
lock together with ACCESS_ONCE for the intial read.

union ipte_control {
        unsigned long val;
        struct {
                unsigned long k  : 1;
                unsigned long kh : 31;
                unsigned long kg : 32;
        };
};
[...]
static void ipte_unlock_siif(struct kvm_vcpu *vcpu)
{
        union ipte_control old, new, *ic;

        ic = &vcpu->kvm->arch.sca->ipte_control;
        do {
                new = old = ACCESS_ONCE(*ic);
                new.kh--;
                if (!new.kh)
                        new.k = 0;
        } while (cmpxchg(&ic->val, old.val, new.val) != old.val);
        if (!new.kh)
                wake_up(&vcpu->kvm->arch.ipte_wq);
}

The new value, is loaded twice from memory with gcc 4.7.2 of
fedora 18, despite the ACCESS_ONCE:

--->

l       %r4,0(%r3)      <--- load first 32 bit of lock (k and kh) in r4
alfi    %r4,2147483647  <--- add -1 to r4
llgtr   %r4,%r4         <--- zero out the sign bit of r4
lg      %r1,0(%r3)      <--- load all 64 bit of lock into new
lgr     %r2,%r1         <--- load the same into old
risbg   %r1,%r4,1,31,32 <--- shift and insert r4 into the bits 1-31 of
new
llihf   %r4,2147483647
ngrk    %r4,%r1,%r4
jne     aa0 <ipte_unlock+0xf8>
nihh    %r1,32767
lgr     %r4,%r2
csg     %r4,%r1,0(%r3)
cgr     %r2,%r4
jne     a70 <ipte_unlock+0xc8>

If the memory value changes between the first load (l) and the second
load (lg) we are broken. If that happens VCPU threads will hang
(unkillable) in handle_ipte_interlock.

Andreas Krebbel analyzed this and tracked it down to a compiler bug in
that version:
"while it is not that obvious the C99 standard basically forbids
duplicating the memory access also in that case. For an argumentation of
a similiar case please see:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=22278#c43

For the implementation-defined cases regarding volatile there are some
GCC-specific clarifications which can be found here:
https://gcc.gnu.org/onlinedocs/gcc/Volatiles.html#Volatiles

I've tracked down the problem with a reduced testcase. The problem was
that during a tree level optimization (SRA - scalar replacement of
aggregates) the volatile marker is lost. And an RTL level optimizer (CSE
- common subexpression elimination) then propagated the memory read into
  its second use introducing another access to the memory location. So
indeed Christian's suspicion that the union access has something to do
with it is correct (since it triggered the SRA optimization).

This issue has been reported and fixed in the GCC 4.8 development cycle:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145"

This patch replaces the ACCESS_ONCE scheme with a barrier() based scheme
that should work for all supported compilers.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: stable@vger.kernel.org # v3.16+
2014-11-07 11:10:26 +01:00
..
alpha Merge git://git.infradead.org/users/eparis/audit 2014-10-19 16:25:56 -07:00
arc The "weak" attribute is commonly used for the default version of a 2014-10-23 15:04:27 -07:00
arm Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2014-11-02 12:56:20 -08:00
arm64 arm64 fixes: 2014-10-24 12:48:04 -07:00
avr32 Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-10-18 18:11:04 -07:00
blackfin Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2014-10-15 07:48:18 +02:00
c6x irq_work: Introduce arch_irq_work_has_interrupt() 2014-09-13 18:38:07 +02:00
cris Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-13 16:23:15 +02:00
frv frv: remove unused declarations of __start___ex_table and __stop___ex_table 2014-10-14 02:18:28 +02:00
hexagon Merge branch 'locking-arch-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-13 15:48:00 +02:00
ia64 Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-23 14:45:09 -07:00
m32r Merge branch 'locking-arch-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-13 15:48:00 +02:00
m68k Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu 2014-10-14 03:51:22 +02:00
metag Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2014-10-15 07:48:18 +02:00
microblaze microblaze: Wire up bpf syscall 2014-10-27 09:25:34 +01:00
mips MIPS: SEAD3: Fix I2C device registration. 2014-10-24 13:34:42 +02:00
mn10300 Merge branch 'locking-arch-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-13 15:48:00 +02:00
openrisc Merge git://git.infradead.org/users/eparis/audit 2014-10-19 16:25:56 -07:00
parisc Merge git://git.infradead.org/users/eparis/audit 2014-10-19 16:25:56 -07:00
powerpc Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-31 14:01:47 -07:00
s390 KVM: s390: Fix ipte locking 2014-11-07 11:10:26 +01:00
score score: use Kbuild logic to include <asm-generic/sections.h> 2014-10-09 22:25:46 -04:00
sh sh: fix sh770x SCIF memory regions 2014-10-29 16:33:15 -07:00
sparc sparc: Hook up bpf system call. 2014-10-28 11:30:43 -07:00
tile Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2014-10-15 07:48:18 +02:00
um Merge git://git.infradead.org/users/eparis/audit 2014-10-19 16:25:56 -07:00
unicore32 nosave: consolidate __nosave_{begin,end} in <asm/sections.h> 2014-10-09 22:26:04 -04:00
x86 A small set of x86 fixes. The most serious is an SRCU lockdep fix. 2014-11-02 12:31:02 -08:00
xtensa Merge git://git.infradead.org/users/eparis/audit 2014-10-19 16:25:56 -07:00
.gitignore
Kconfig