Re: [PATCH v4 4/4] arm64: escalate smp_send_stop() to an SDEI NMI as a last resort

Next message: Gary Guo: "[PATCH 2/3] pci: fix dyn_id add TOCTOU"
Previous message: Kiryl Shutsemau: "Re: [PATCH v4 0/4] arm64: cross-CPU NMI via SDEI"
In reply to: Catalin Marinas: "Re: [PATCH v4 4/4] arm64: escalate smp_send_stop() to an SDEI NMI as a last resort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kiryl Shutsemau

Date: Fri Jun 26 2026 - 15:46:27 EST

On Fri, Jun 26, 2026 at 06:08:41PM +0100, Catalin Marinas wrote:
> On Wed, Jun 17, 2026 at 08:20:05PM +0100, Kiryl Shutsemau wrote:
> > +void sdei_nmi_stop_cpus(const cpumask_t *mask)
> > +{
> > + unsigned int cpu;
> > +
> > + WRITE_ONCE(sdei_nmi_stopping, true);
> > +
> > + /*
> > + * Publish the flag before signalling. The SMC is a context-sync
> > + * event, not a barrier, so WRITE_ONCE() alone could let the store be
> > + * observed after the event it triggers. The barrier is cumulative: a
> > + * target that sees the event is guaranteed to see the flag.
> > + */
> > + smp_wmb();
> > +
> > + for_each_cpu(cpu, mask)
> > + sdei_nmi_fire(cpu);
> > +}
>
> The smp_wmb() is not sufficient here. In the GIC IPI code we use a
> dsb(ishst). It should be similar here. I think TF-A does this already
> but it's unclear from the SDEI spec that it is mandated.

You're right, I'll switch it to dsb(ishst) to match gic_ipi_send_mask().

And as you pointed, the xame fix is needed in 3/4: the backtrace path
publishes backtrace_mask before signalling and currently has no barrier
at all (as the bot spotted), so it needs the dsb(ishst) there too.

I'll also drop the now-incorrect "cumulative wmb" comment.

--
Kiryl Shutsemau / Kirill A. Shutemov