UPSTREAM: arm64: spinlock: fix spin_unlock_wait for LSE atomics
authorWill Deacon <will.deacon@arm.com>
Wed, 8 Jun 2016 14:10:57 +0000 (15:10 +0100)
committerAmit Pundir <amit.pundir@linaro.org>
Wed, 12 Oct 2016 12:04:22 +0000 (17:34 +0530)
Commit d86b8da04dfa ("arm64: spinlock: serialise spin_unlock_wait against
concurrent lockers") fixed spin_unlock_wait for LL/SC-based atomics under
the premise that the LSE atomics (in particular, the LDADDA instruction)
are indivisible.

Unfortunately, these instructions are only indivisible when used with the
-AL (full ordering) suffix and, consequently, the same issue can
theoretically be observed with LSE atomics, where a later (in program
order) load can be speculated before the write portion of the atomic
operation.

This patch fixes the issue by performing a CAS of the lock once we've
established that it's unlocked, in much the same way as the LL/SC code.

Fixes: d86b8da04dfa ("arm64: spinlock: serialise spin_unlock_wait against concurrent lockers")
Signed-off-by: Will Deacon <will.deacon@arm.com>
Bug: 30369029
Patchset: kaslr-arm64-4.4

(cherry picked from commit 3a5facd09da848193f5bcb0dea098a298bc1a29d)
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: Icedaa4c508784bf43d0b5787586480fd668ccc49

arch/arm64/include/asm/spinlock.h

index 53ee219e76a735a8824df8b8b472ffb9febef29e..43a66881fd57c1b753639aee87958a6b347d4675 100644 (file)
@@ -37,13 +37,17 @@ static inline void arch_spin_unlock_wait(arch_spinlock_t *lock)
 "2:    ldaxr   %w0, %2\n"
 "      eor     %w1, %w0, %w0, ror #16\n"
 "      cbnz    %w1, 1b\n"
+       /* Serialise against any concurrent lockers */
        ARM64_LSE_ATOMIC_INSN(
        /* LL/SC */
 "      stxr    %w1, %w0, %2\n"
-"      cbnz    %w1, 2b\n", /* Serialise against any concurrent lockers */
-       /* LSE atomics */
 "      nop\n"
-"      nop\n")
+"      nop\n",
+       /* LSE atomics */
+"      mov     %w1, %w0\n"
+"      cas     %w0, %w0, %2\n"
+"      eor     %w1, %w1, %w0\n")
+"      cbnz    %w1, 2b\n"
        : "=&r" (lockval), "=&r" (tmp), "+Q" (*lock)
        :
        : "memory");