The following commit has been merged into the x86/alternatives branch of tip:

Commit-ID:     52ebfe7412ce4b3af54fe962af58efe9b25cd9a9
Gitweb:        https://git.kernel.org/tip/52ebfe7412ce4b3af54fe962af58efe9b25cd9a9
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Thu, 17 Apr 2025 14:34:13 +02:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 17 Apr 2025 14:46:25 +02:00

x86/mm: Remove the mm_cpumask(prev) warning from switch_mm_irqs_off()

The CONFIG_DEBUG_VM=y warning in switch_mm_irqs_off() started
triggering in testing:

	VM_WARN_ON_ONCE(prev != &init_mm && !cpumask_test_cpu(cpu, mm_cpumask(prev)));

AFAIU what happens is that unuse_temporary_mm() clears the mm_cpumask()
for the current CPU, while switch_mm_irqs_off() then checks that the
mm_cpumask() bit is set for the current CPU.

While this behaviour hasn't really changed since the following commit:

  209954cbc7d0 ("x86/mm/tlb: Update mm_cpumask lazily")

introduced both, but the warning is wrong, so remove it.

[ mingo: Patchified Peter's email. ]

Reported-by: syzbot+c2537ce72a879a38113e@syzkaller.appspotmail.com
Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Rik van Riel <riel@surriel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org
Link: https://lore.kernel.org/r/20250414135629.GA17910@noisy.programming.kicks-ass.net
---
 arch/x86/mm/tlb.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index c9b87e5..79c124f 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -905,14 +905,6 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next,
 		this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING);
 		barrier();
 
-		/*
-		 * Leave this CPU in prev's mm_cpumask. Atomic writes to
-		 * mm_cpumask can be expensive under contention. The CPU
-		 * will be removed lazily at TLB flush time.
-		 */
-		VM_WARN_ON_ONCE(prev != &init_mm && !cpumask_test_cpu(cpu,
-				mm_cpumask(prev)));
-
 		/* Start receiving IPIs and then read tlb_gen (and LAM below) */
 		if (next != &init_mm && !cpumask_test_cpu(cpu, mm_cpumask(next)))
 			cpumask_set_cpu(cpu, mm_cpumask(next));

Hi Peter, Ingo,

Thanks for addressing the problem!

It's been a couple of weeks since the commit has been merged into
x86/alternatives. However, it doesn't appear to be in linux-next yet,
which unfortunately prevents syzbot from fuzzing the linux-next tree.

When could we expect the commit to reach linux-next? If it's possible
to get it there sooner, that would be much appreciated.

Thanks,
Aleksandr

On Thu, 17 Apr 2025 13:02:48 -0000 tip-bot2 for Peter Zijlstra <tip-bot2@linutronix.de> wrote:
> The following commit has been merged into the x86/alternatives branch of tip:
> 
> Commit-ID:     52ebfe7412ce4b3af54fe962af58efe9b25cd9a9
> Gitweb:        https://git.kernel.org/tip/52ebfe7412ce4b3af54fe962af58efe9b25cd9a9
> Author:        Peter Zijlstra <peterz@infradead.org>
> AuthorDate:    Thu, 17 Apr 2025 14:34:13 +02:00
> Committer:     Ingo Molnar <mingo@kernel.org>
> CommitterDate: Thu, 17 Apr 2025 14:46:25 +02:00
> 
> x86/mm: Remove the mm_cpumask(prev) warning from switch_mm_irqs_off()
>