Re: [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
Cc: evgreen@chromium.org, arnd@arndb.de, linux-efi@vger.kernel.org,
	linux-kernel@vger.kernel.org, kernel@gpiccoli.net,
	ardb@kernel.org, davidgow@google.com, jwerner@chromium.org,
	Petr Mladek <pmladek@suse.com>
Subject: Re: [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups
Date: Thu, 1 Sep 2022 20:28:57 +0200	[thread overview]
Message-ID: <YxD56RTI9v/P2QOL@kroah.com> (raw)
In-Reply-To: <85683284-db85-7e3a-57bd-750e1c204e3e@igalia.com>

On Thu, Sep 01, 2022 at 02:46:48PM -0300, Guilherme G. Piccoli wrote:
> On 01/09/2022 13:44, Greg KH wrote:
> > [...]
> >>> How are we supposed to know this here?
> >>>
> >>
> >> Reading the code?
> >> Or you mean, in the commit description this should be mentioned?
> > 
> > Yes, and in the comment as this type of call is very rare and should
> > almost never be used.
> 
> OK, I can add that, for sure.
> 
> 
> >> [...]
> >> I don't think it is so simple - we are in the panic path.
> > 
> > Great, then the lock doesn't matter :)
> > 
> >> So, imagine the lock was taken in CPU0, where GSMI is doing some
> >> operation. During that operation, CPU1 panics!
> >>
> >> When that happens, panic() executes in CPU1, disabling CPU0 through
> >> "strong" mechanisms (NMI). So, CPU0 had the lock, it is now off, and
> >> when CPU1 goes through the panic notifiers, it'll eventually wait
> >> forever for this lock in the GSMI handler, unless we have this patch
> >> that would prevent the handler to run in such case.
> >> Makes sense?
> > 
> > I'm trying to say "if you are in panic, never grab the lock in the first
> > place".  So change the place when you grab the lock, not here.
> > 
> 
> Evan, any comment here?
> I think the patch is still well suited for this case. Suggestions on how
> to improve it are welcome, of course.
> 
> I honestly didn't understand exactly what you're suggesting Greg...
> Mind clarifying?

Something like this totally untested code:

diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
index adaa492c3d2d..6ad41b22671c 100644
--- a/drivers/firmware/google/gsmi.c
+++ b/drivers/firmware/google/gsmi.c
@@ -19,6 +19,7 @@
 #include <linux/dma-mapping.h>
 #include <linux/fs.h>
 #include <linux/slab.h>
+#include <linux/panic.h>
 #include <linux/panic_notifier.h>
 #include <linux/ioctl.h>
 #include <linux/acpi.h>
@@ -611,6 +612,11 @@ static const struct attribute *gsmi_attrs[] = {
 	NULL,
 };
 
+static bool panic_in_progress(void)
+{
+	return unlikely(atomic_read(&panic_cpu) != PANIC_CPU_INVALID);
+}
+
 static int gsmi_shutdown_reason(int reason)
 {
 	struct gsmi_log_entry_type_1 entry = {
@@ -629,7 +635,8 @@ static int gsmi_shutdown_reason(int reason)
 	if (saved_reason & (1 << reason))
 		return 0;
 
-	spin_lock_irqsave(&gsmi_dev.lock, flags);
+	if (!panic_in_progress())
+		spin_lock_irqsave(&gsmi_dev.lock, flags);
 
 	saved_reason |= (1 << reason);
 
@@ -644,7 +651,8 @@ static int gsmi_shutdown_reason(int reason)
 
 	rc = gsmi_exec(GSMI_CALLBACK, GSMI_CMD_SET_EVENT_LOG);
 
-	spin_unlock_irqrestore(&gsmi_dev.lock, flags);
+	if (!panic_in_progress())
+		spin_unlock_irqrestore(&gsmi_dev.lock, flags);
 
 	if (rc < 0)
 		printk(KERN_ERR "gsmi: Log Shutdown Reason failed\n");



That being said, are you sure spinlocks are still held in the panic
notifier?  What about the call to bust_spinlocks() that is called in
panic() already?  Wouldn't that have already dropped whatever you were
worried about here?

thanks,

greg k-h

next prev parent reply	other threads:[~2022-09-01 18:29 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-19 15:50 [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups Guilherme G. Piccoli
2022-09-01 15:52 ` Greg KH
2022-09-01 15:59   ` Guilherme G. Piccoli
2022-09-01 16:04     ` Greg KH
2022-09-01 16:24       ` Guilherme G. Piccoli
2022-09-01 16:44         ` Greg KH
2022-09-01 17:46           ` Guilherme G. Piccoli
2022-09-01 18:28             ` Greg KH [this message]
2022-09-01 18:46               ` Guilherme G. Piccoli
2022-09-01 18:59                 ` Greg KH
2022-09-01 19:02                   ` Guilherme G. Piccoli
2022-09-01 22:13                     ` Andrew Morton
2022-09-06 17:09                       ` Evan Green
2022-09-08  0:35                         ` Guilherme G. Piccoli

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:adaa492c3d2 dfblob:6ad41b22671 )
 OR (
bs:"Re: [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YxD56RTI9v/P2QOL@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=ardb@kernel.org \
    --cc=arnd@arndb.de \
    --cc=davidgow@google.com \
    --cc=evgreen@chromium.org \
    --cc=gpiccoli@igalia.com \
    --cc=jwerner@chromium.org \
    --cc=kernel@gpiccoli.net \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pmladek@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.