Re: [PATCH] MTRR: Fix race causing set_mtrr to go into infinite loop
From: Chuck Ebbert
Date: Mon Jun 25 2007 - 18:05:29 EST
On 06/25/2007 05:38 PM, Loic Prylli wrote:
[cc: Andi]
> Processors synchronization in set_mtrr requires the .gate field
> to be set after .count field is properly initialized. Without an explicit
> barrier, the compiler was reordering those memory stores. That was sometimes
> causing a processor (in ipi_handler) to see the .gate change and
> decrement .count before the latter is set by set_mtrr() (which
> then hangs in a infinite loop with irqs disabled).
>
> Signed-off-by: Loic Prylli <loic@xxxxxxxx>
> ---
> arch/i386/kernel/cpu/mtrr/main.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/arch/i386/kernel/cpu/mtrr/main.c b/arch/i386/kernel/cpu/mtrr/main.c
> index 55b0051..75dc6d5 100644
> --- a/arch/i386/kernel/cpu/mtrr/main.c
> +++ b/arch/i386/kernel/cpu/mtrr/main.c
> @@ -229,6 +229,8 @@ static void set_mtrr(unsigned int reg, unsigned long base,
> data.smp_size = size;
> data.smp_type = type;
> atomic_set(&data.count, num_booting_cpus() - 1);
> + /* make sure data.count is visible before unleashing other CPUs */
> + smp_wmb();
> atomic_set(&data.gate,0);
>
> /* Start the ball rolling on other CPUs */
> @@ -242,6 +244,7 @@ static void set_mtrr(unsigned int reg, unsigned long base,
>
> /* ok, reset count and toggle gate */
> atomic_set(&data.count, num_booting_cpus() - 1);
> + smp_wmb();
> atomic_set(&data.gate,1);
>
> /* do our MTRR business */
> @@ -260,6 +263,7 @@ static void set_mtrr(unsigned int reg, unsigned long base,
> cpu_relax();
>
> atomic_set(&data.count, num_booting_cpus() - 1);
> + smp_wmb();
> atomic_set(&data.gate,0);
>
> /*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/