Re: [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups

public inbox for linux-efi@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
Cc: evgreen@chromium.org, arnd@arndb.de, linux-efi@vger.kernel.org,
	linux-kernel@vger.kernel.org, kernel@gpiccoli.net,
	ardb@kernel.org, davidgow@google.com, jwerner@chromium.org,
	Petr Mladek <pmladek@suse.com>
Subject: Re: [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups
Date: Thu, 1 Sep 2022 20:28:57 +0200	[thread overview]
Message-ID: <YxD56RTI9v/P2QOL@kroah.com> (raw)
In-Reply-To: <85683284-db85-7e3a-57bd-750e1c204e3e@igalia.com>

On Thu, Sep 01, 2022 at 02:46:48PM -0300, Guilherme G. Piccoli wrote:
> On 01/09/2022 13:44, Greg KH wrote:
> > [...]
> >>> How are we supposed to know this here?
> >>>
> >>
> >> Reading the code?
> >> Or you mean, in the commit description this should be mentioned?
> > 
> > Yes, and in the comment as this type of call is very rare and should
> > almost never be used.
> 
> OK, I can add that, for sure.
> 
> 
> >> [...]
> >> I don't think it is so simple - we are in the panic path.
> > 
> > Great, then the lock doesn't matter :)
> > 
> >> So, imagine the lock was taken in CPU0, where GSMI is doing some
> >> operation. During that operation, CPU1 panics!
> >>
> >> When that happens, panic() executes in CPU1, disabling CPU0 through
> >> "strong" mechanisms (NMI). So, CPU0 had the lock, it is now off, and
> >> when CPU1 goes through the panic notifiers, it'll eventually wait
> >> forever for this lock in the GSMI handler, unless we have this patch
> >> that would prevent the handler to run in such case.
> >> Makes sense?
> > 
> > I'm trying to say "if you are in panic, never grab the lock in the first
> > place".  So change the place when you grab the lock, not here.
> > 
> 
> Evan, any comment here?
> I think the patch is still well suited for this case. Suggestions on how
> to improve it are welcome, of course.
> 
> I honestly didn't understand exactly what you're suggesting Greg...
> Mind clarifying?

Something like this totally untested code:

diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
index adaa492c3d2d..6ad41b22671c 100644
--- a/drivers/firmware/google/gsmi.c
+++ b/drivers/firmware/google/gsmi.c
@@ -19,6 +19,7 @@
 #include <linux/dma-mapping.h>
 #include <linux/fs.h>
 #include <linux/slab.h>
+#include <linux/panic.h>
 #include <linux/panic_notifier.h>
 #include <linux/ioctl.h>
 #include <linux/acpi.h>
@@ -611,6 +612,11 @@ static const struct attribute *gsmi_attrs[] = {
 	NULL,
 };
 
+static bool panic_in_progress(void)
+{
+	return unlikely(atomic_read(&panic_cpu) != PANIC_CPU_INVALID);
+}
+
 static int gsmi_shutdown_reason(int reason)
 {
 	struct gsmi_log_entry_type_1 entry = {
@@ -629,7 +635,8 @@ static int gsmi_shutdown_reason(int reason)
 	if (saved_reason & (1 << reason))
 		return 0;
 
-	spin_lock_irqsave(&gsmi_dev.lock, flags);
+	if (!panic_in_progress())
+		spin_lock_irqsave(&gsmi_dev.lock, flags);
 
 	saved_reason |= (1 << reason);
 
@@ -644,7 +651,8 @@ static int gsmi_shutdown_reason(int reason)
 
 	rc = gsmi_exec(GSMI_CALLBACK, GSMI_CMD_SET_EVENT_LOG);
 
-	spin_unlock_irqrestore(&gsmi_dev.lock, flags);
+	if (!panic_in_progress())
+		spin_unlock_irqrestore(&gsmi_dev.lock, flags);
 
 	if (rc < 0)
 		printk(KERN_ERR "gsmi: Log Shutdown Reason failed\n");



That being said, are you sure spinlocks are still held in the panic
notifier?  What about the call to bust_spinlocks() that is called in
panic() already?  Wouldn't that have already dropped whatever you were
worried about here?

thanks,

greg k-h

next prev parent reply	other threads:[~2022-09-01 18:29 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-19 15:50 [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups Guilherme G. Piccoli
2022-09-01 15:52 ` Greg KH
2022-09-01 15:59   ` Guilherme G. Piccoli
2022-09-01 16:04     ` Greg KH
2022-09-01 16:24       ` Guilherme G. Piccoli
2022-09-01 16:44         ` Greg KH
2022-09-01 17:46           ` Guilherme G. Piccoli
2022-09-01 18:28             ` Greg KH [this message]
2022-09-01 18:46               ` Guilherme G. Piccoli
2022-09-01 18:59                 ` Greg KH
2022-09-01 19:02                   ` Guilherme G. Piccoli
2022-09-01 22:13                     ` Andrew Morton
2022-09-06 17:09                       ` Evan Green
2022-09-08  0:35                         ` Guilherme G. Piccoli

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:adaa492c3d2 dfblob:6ad41b22671 )
 OR (
bs:"Re: [PATCH V3] firmware: google: Test spinlock on panic path to avoid lockups" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YxD56RTI9v/P2QOL@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=ardb@kernel.org \
    --cc=arnd@arndb.de \
    --cc=davidgow@google.com \
    --cc=evgreen@chromium.org \
    --cc=gpiccoli@igalia.com \
    --cc=jwerner@chromium.org \
    --cc=kernel@gpiccoli.net \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pmladek@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox