From: Mathieu Desnoyers mathieu.desnoyers@efficios.com
mainline inclusion from mainline-v6.5-rc7 commit ce29ddc47b91f97e7f69a0fb7cbb5845f52a9825 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8BN94 CVE: NA
--------------------------------
The function sync_runqueues_membarrier_state() should copy the membarrier state from the @mm received as parameter to each runqueue currently running tasks using that mm.
However, the use of smp_call_function_many() skips the current runqueue, which is unintended. Replace by a call to on_each_cpu_mask().
Fixes: 227a4aadc75b ("sched/membarrier: Fix p->mm->membarrier_state racy load") Reported-by: Nadav Amit nadav.amit@gmail.com Signed-off-by: Mathieu Desnoyers mathieu.desnoyers@efficios.com Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Signed-off-by: Ingo Molnar mingo@kernel.org Cc: stable@vger.kernel.org # 5.4.x+ Link: https://lore.kernel.org/r/74F1E842-4A84-47BF-B6C2-5407DFDD4A4A@gmail.com Signed-off-by: Xia Fukun xiafukun@huawei.com --- kernel/sched/membarrier.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/kernel/sched/membarrier.c b/kernel/sched/membarrier.c index 8c4e14e6544a..1757074be994 100644 --- a/kernel/sched/membarrier.c +++ b/kernel/sched/membarrier.c @@ -255,9 +255,7 @@ static int sync_runqueues_membarrier_state(struct mm_struct *mm) } rcu_read_unlock();
- preempt_disable(); - smp_call_function_many(tmpmask, ipi_sync_rq_state, mm, 1); - preempt_enable(); + on_each_cpu_mask(tmpmask, ipi_sync_rq_state, mm, true);
free_cpumask_var(tmpmask); cpus_read_unlock();