On Mon, Jan 29, 2018 at 07:04:14PM +0100, Peter Zijlstra wrote:

On Tue, Jan 23, 2018 at 10:57:30AM -0500, Mathieu Desnoyers wrote:

quoted

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index f38c4c7e256a..041893128f51 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c

@@ -2662,9 +2662,13 @@ static struct rq *finish_task_switch(struct task_struct *prev)
 	 * thread, mmdrop()'s implicit full barrier is required by the
 	 * membarrier system call, because the current active_mm can
 	 * become the current mm without going through switch_mm().
+	 * membarrier also requires a core serializing instruction
+	 * before going back to user-space after storing to rq->curr.
 	 */
-	if (mm)
+	if (mm) {
+		membarrier_mm_sync_core_before_usermode(mm);
 		mmdrop(mm);
+	}

*confused*, when we switch from process A to process B, context_switch()
will not set rq->prev_mm and the above mm will be NULL and we'll not
pass through your_function_names_are_waaay_too_long and we'll not get
cookies.

And if there's anything more complicated going on, the comment/changelog
are not adequate.

Aaah, its the case where we do not pass through switch_mm(), the partial
comment got to me. I only realized after reading the next patch.

quoted

 	if (unlikely(prev_state == TASK_DEAD)) {
 		if (prev->sched_class->task_dead)
 			prev->sched_class->task_dead(prev);