kernel/jump_label.c · d19e48fe5da7b83d02ed4aec3567f08ae02a168c · Upstream / linux-stable

locking/static_key: Fix concurrent static_key_slow_inc() · 71ef2c11

Paolo Bonzini authored Jun 21, 2016

commit 4c5ea0a9 upstream.

The following scenario is possible:

    CPU 1                                   CPU 2
    static_key_slow_inc()
     atomic_inc_not_zero()
      -> key.enabled == 0, no increment
     jump_label_lock()
     atomic_inc_return()
      -> key.enabled == 1 now
                                            static_key_slow_inc()
                                             atomic_inc_not_zero()
                                              -> key.enabled == 1, inc to 2
                                             return
                                            ** static key is wrong!
     jump_label_update()
     jump_label_unlock()

Testing the static key at the point marked by (**) will follow the
wrong path for jumps that have not been patched yet.  This can
actually happen when creating many KVM virtual machines with userspace
LAPIC emulation; just run several copies of the following program...

71ef2c11

jump_label.c 13.6 KB

Replace jump_label.c