Re: x86/mm: Finishing off the fix for a should_flush_tlb race

[Seth Forshee]

On Fri, Oct 10, 2025 at 01:45:45PM -0700, Dave Hansen wrote:
> On 10/9/25 07:01, Stephen Dolan wrote:
> > That way, either shootdown sees LOADED_MM_SWITCHING and sends an IPI, or
> > switch_mm_irqs_off sees the updated tlb_gen. The problem in both cases
> > is about the *before*-ness in switch_mm_irqs_off:
> > 
> >   - in the latest tree, there isn't enough fencing to enforce this
> >     ordering.
> 
> Stephen, thank you again for the stunningly great bug report!
> 
> I'll plan to stick the upstream fix into our x86/urgent pile early next
> week.
> 
> >   - in the stable kernel trees (6.1, 6.6, 6.12), the code is in the
> >     wrong order.
> 
> This fix also makes sense to me. It's a bummer that the stable fixes are
> diverging, but I don't have a better idea. So:
> 
> Acked-by: Dave Hansen <dave.hansen@xxxxxxxxx>
> 
> It would be best if you could just submit that patch directly to the
> stable trees:
> 
> https://www.kernel.org/doc/Documentation/process/stable-kernel-rules.rst
> 
> after the equivalent upstream fix lands (even though it is a different
> logical patch).

I wanted to check on the status of the stable patches, since I see the
upstream fix went into 6.18 but there's still no fix in the 6.12 stable
tree. We've been seeing segfaults during a test case with 6.12, and
after bisecting we found that reverting both "x86/mm: Eliminate window
where TLB flushes may be inadvertently skipped" and "x86/mm/tlb: Only
trim the mm_cpumask once a second" seems to get rid of the segfaults.
I'll try to get some testing with the proposed stable patch today.

Thanks,
Seth