[tip:x86/urgent] x86/irq: Call chip-> irq_set_affinity in proper context

All of lore.kernel.org
 help / color / mirror / Atom feed

From: tip-bot for Thomas Gleixner <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: hpa@zytor.com, joe.lawrence@stratus.com, mingo@kernel.org,
	jmmahler@gmail.com, tglx@linutronix.de, linux@roeck-us.net,
	bp@alien8.de, linux-kernel@vger.kernel.org,
	jiang.liu@linux.intel.com
Subject: [tip:x86/urgent] x86/irq: Call chip-> irq_set_affinity in proper context
Date: Sat, 16 Jan 2016 13:15:54 -0800	[thread overview]
Message-ID: <tip-e23b257c293ce4bcc8cabb2aa3097b6ed8a8261a@git.kernel.org> (raw)
In-Reply-To: <alpine.DEB.2.11.1601140919420.3575@nanos>

Commit-ID:  e23b257c293ce4bcc8cabb2aa3097b6ed8a8261a
Gitweb:     http://git.kernel.org/tip/e23b257c293ce4bcc8cabb2aa3097b6ed8a8261a
Author:     Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Thu, 14 Jan 2016 08:43:38 +0100
Committer:  Thomas Gleixner <tglx@linutronix.de>
CommitDate: Fri, 15 Jan 2016 13:43:58 +0100

x86/irq: Call chip->irq_set_affinity in proper context

setup_ioapic_dest() calls irqchip->irq_set_affinity() completely
unprotected. That's wrong in several aspects:

 - it opens a race window where irq_set_affinity() can be interrupted and the
   irq chip left in unconsistent state.

 - it triggers a lockdep splat when we fix the vector race for 4.3+ because
   vector lock is taken with interrupts enabled.

The proper calling convention is irq descriptor lock held and interrupts
disabled.

Reported-and-tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Jeremiah Mahler <jmmahler@gmail.com>
Cc: andy.shevchenko@gmail.com
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Joe Lawrence <joe.lawrence@stratus.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1601140919420.3575@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
 arch/x86/kernel/apic/io_apic.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index f253218..fdb0fbf 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -2521,6 +2521,7 @@ void __init setup_ioapic_dest(void)
 {
 	int pin, ioapic, irq, irq_entry;
 	const struct cpumask *mask;
+	struct irq_desc *desc;
 	struct irq_data *idata;
 	struct irq_chip *chip;
 
@@ -2536,7 +2537,9 @@ void __init setup_ioapic_dest(void)
 		if (irq < 0 || !mp_init_irq_at_boot(ioapic, irq))
 			continue;
 
-		idata = irq_get_irq_data(irq);
+		desc = irq_to_desc(irq);
+		raw_spin_lock_irq(&desc->lock);
+		idata = irq_desc_get_irq_data(desc);
 
 		/*
 		 * Honour affinities which have been set in early boot
@@ -2550,6 +2553,7 @@ void __init setup_ioapic_dest(void)
 		/* Might be lapic_chip for irq 0 */
 		if (chip->irq_set_affinity)
 			chip->irq_set_affinity(idata, mask, false);
+		raw_spin_unlock_irq(&desc->lock);
 	}
 }
 #endif

     prev parent reply	other threads:[~2016-01-16 21:17 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-31 16:30 [patch 00/14] x86/irq: Plug various vector cleanup races Thomas Gleixner
2015-12-31 16:30 ` [patch 01/14] x86/irq: Fix a race in x86_vector_free_irqs() Thomas Gleixner
2015-12-31 16:30 ` [patch 02/14] x86/irq: Validate that irq descriptor is still active Thomas Gleixner
2016-01-16 21:16   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 04/14] x86/irq: Reorganize the return path in assign_irq_vector Thomas Gleixner
2016-01-16 21:17   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 03/14] x86/irq: Do not use apic_chip_data.old_domain as temporary buffer Thomas Gleixner
2015-12-31 16:30 ` [patch 05/14] x86/irq: Reorganize the search in assign_irq_vector Thomas Gleixner
2016-01-16 21:17   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 06/14] x86/irq: Check vector allocation early Thomas Gleixner
2016-01-16 21:17   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 08/14] x86/irq: Get rid of code duplication Thomas Gleixner
2016-01-16 21:18   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 07/14] x86/irq: Copy vectormask instead of an AND operation Thomas Gleixner
2016-01-16 21:18   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 09/14] x86/irq: Remove offline cpus from vector cleanup Thomas Gleixner
2016-01-16 21:18   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 10/14] x86/irq: Clear move_in_progress before sending cleanup IPI Thomas Gleixner
2016-01-16 21:19   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 11/14] x86/irq: Remove the cpumask allocation from send_cleanup_vector() Thomas Gleixner
2016-01-16 21:19   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 12/14] x86/irq: Remove outgoing CPU from vector cleanup mask Thomas Gleixner
2016-01-16 21:19   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 13/14] x86/irq: Call irq_force_move_complete with irq descriptor Thomas Gleixner
2016-01-16 21:20   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2015-12-31 16:30 ` [patch 14/14] x86/irq: Plug vector cleanup race Thomas Gleixner
2016-01-16 21:20   ` [tip:x86/urgent] " tip-bot for Thomas Gleixner
2016-01-04 15:35 ` [patch 00/14] x86/irq: Plug various vector cleanup races Joe Lawrence
2016-01-14  8:24   ` Thomas Gleixner
2016-01-14 10:33     ` Borislav Petkov
2016-01-16 21:37       ` Joe Lawrence
2016-01-18 15:00         ` Joe Lawrence
2016-01-18 15:43           ` Borislav Petkov
2016-01-18 16:38             ` Joe Lawrence
2016-01-20  3:57           ` Joe Lawrence
2016-01-20  8:26             ` Borislav Petkov
2016-01-22 15:28               ` Joe Lawrence
2016-01-16 21:15     ` tip-bot for Thomas Gleixner [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f253218 dfblob:fdb0fbf )
 OR (
bs:"[tip:x86/urgent] x86/irq: Call chip-> irq_set_affinity in proper context" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-e23b257c293ce4bcc8cabb2aa3097b6ed8a8261a@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=jiang.liu@linux.intel.com \
    --cc=jmmahler@gmail.com \
    --cc=joe.lawrence@stratus.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=linux@roeck-us.net \
    --cc=mingo@kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.