Patch "x86/irq: Call chip->irq_set_affinity in proper context" has been added to the 4.4-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    x86/irq: Call chip->irq_set_affinity in proper context

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-irq-call-chip-irq_set_affinity-in-proper-context.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From e23b257c293ce4bcc8cabb2aa3097b6ed8a8261a Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 14 Jan 2016 08:43:38 +0100
Subject: x86/irq: Call chip->irq_set_affinity in proper context

From: Thomas Gleixner <tglx@linutronix.de>

commit e23b257c293ce4bcc8cabb2aa3097b6ed8a8261a upstream.

setup_ioapic_dest() calls irqchip->irq_set_affinity() completely
unprotected. That's wrong in several aspects:

 - it opens a race window where irq_set_affinity() can be interrupted and the
   irq chip left in unconsistent state.

 - it triggers a lockdep splat when we fix the vector race for 4.3+ because
   vector lock is taken with interrupts enabled.

The proper calling convention is irq descriptor lock held and interrupts
disabled.

Reported-and-tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Jeremiah Mahler <jmmahler@gmail.com>
Cc: andy.shevchenko@gmail.com
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Joe Lawrence <joe.lawrence@stratus.com>
Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1601140919420.3575@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/apic/io_apic.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -2521,6 +2521,7 @@ void __init setup_ioapic_dest(void)
 {
 	int pin, ioapic, irq, irq_entry;
 	const struct cpumask *mask;
+	struct irq_desc *desc;
 	struct irq_data *idata;
 	struct irq_chip *chip;
 
@@ -2536,7 +2537,9 @@ void __init setup_ioapic_dest(void)
 		if (irq < 0 || !mp_init_irq_at_boot(ioapic, irq))
 			continue;
 
-		idata = irq_get_irq_data(irq);
+		desc = irq_to_desc(irq);
+		raw_spin_lock_irq(&desc->lock);
+		idata = irq_desc_get_irq_data(desc);
 
 		/*
 		 * Honour affinities which have been set in early boot
@@ -2550,6 +2553,7 @@ void __init setup_ioapic_dest(void)
 		/* Might be lapic_chip for irq 0 */
 		if (chip->irq_set_affinity)
 			chip->irq_set_affinity(idata, mask, false);
+		raw_spin_unlock_irq(&desc->lock);
 	}
 }
 #endif


Patches currently in stable-queue which might be from tglx@linutronix.de are

queue-4.4/x86-irq-validate-that-irq-descriptor-is-still-active.patch
queue-4.4/x86-irq-remove-outgoing-cpu-from-vector-cleanup-mask.patch
queue-4.4/x86-irq-get-rid-of-code-duplication.patch
queue-4.4/x86-entry-compat-add-missing-clac-to-entry_int80_32.patch
queue-4.4/tick-nohz-set-the-correct-expiry-when-switching-to-nohz-lowres-mode.patch
queue-4.4/irqchip-mxs-add-missing-set_handle_irq.patch
queue-4.4/genirq-validate-action-before-dereferencing-it-in-handle_irq_event_percpu.patch
queue-4.4/x86-irq-remove-offline-cpus-from-vector-cleanup.patch
queue-4.4/posix-clock-fix-return-code-on-the-poll-method-s-error-path.patch
queue-4.4/x86-irq-reorganize-the-return-path-in-assign_irq_vector.patch
queue-4.4/cputime-prevent-32bit-overflow-in-time_to_cputime.patch
queue-4.4/x86-irq-copy-vectormask-instead-of-an-and-operation.patch
queue-4.4/x86-irq-call-irq_force_move_complete-with-irq-descriptor.patch
queue-4.4/x86-irq-call-chip-irq_set_affinity-in-proper-context.patch
queue-4.4/x86-irq-plug-vector-cleanup-race.patch
queue-4.4/x86-irq-do-not-use-apic_chip_data.old_domain-as-temporary-buffer.patch
queue-4.4/clockevents-tcb_clksrc-prevent-disabling-an-already-disabled-clock.patch
queue-4.4/x86-irq-reorganize-the-search-in-assign_irq_vector.patch
queue-4.4/x86-irq-remove-the-cpumask-allocation-from-send_cleanup_vector.patch
queue-4.4/x86-irq-fix-a-race-in-x86_vector_free_irqs.patch
queue-4.4/x86-irq-check-vector-allocation-early.patch
queue-4.4/irqchip-omap-intc-add-support-for-spurious-irq-handling.patch
queue-4.4/x86-irq-clear-move_in_progress-before-sending-cleanup-ipi.patch
queue-4.4/x86-mpx-fix-off-by-one-comparison-with-nr_registers.patch
queue-4.4/irqchip-atmel-aic-fix-wrong-bit-operation-for-irq-priority.patch
queue-4.4/revert-workqueue-make-sure-delayed-work-run-in-local-cpu.patch