[PATCH v2] irqchip/gic-v3-its: fix raw_local_irq_restore() called with IRQs enabled

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] irqchip/gic-v3-its: fix raw_local_irq_restore() called with IRQs enabled
@ 2024-12-30 15:08 Tomas Krcka
  2025-01-13 14:26 ` Krcka, Tomas
  2025-01-15  9:16 ` [tip: irq/urgent] irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() tip-bot2 for Tomas Krcka
  0 siblings, 2 replies; 3+ messages in thread
From: Tomas Krcka @ 2024-12-30 15:08 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: nh-open-source, Tomas Krcka, Marc Zyngier, stable,
	Thomas Gleixner, Hagar Hemdan, linux-kernel

The following call-chain leads to misuse of spinlock_irq
when spinlock_irqsave was hold.

irq_set_vcpu_affinity
  -> irq_get_desc_lock (spinlock_irqsave)
   -> its_irq_set_vcpu_affinity
    -> guard(raw_spin_lock_irq) <--- this enables interrupts
  -> irq_put_desc_unlock // <--- WARN IRQs enabled

Fix the issue by using guard(raw_spinlock), since the function is
already called with irqsave and raw_spin_lock was used before the commit
b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()")
introducing the guard as well.

This was discovered through the lock debugging, and the corresponding
log is as follows:

raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 38 PID: 444 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x2c/0x38
 Call trace:
  warn_bogus_irq_restore+0x2c/0x38
   _raw_spin_unlock_irqrestore+0x68/0x88
   __irq_put_desc_unlock+0x1c/0x48
   irq_set_vcpu_affinity+0x74/0xc0
   its_map_vlpi+0x44/0x88
   kvm_vgic_v4_set_forwarding+0x148/0x230
   kvm_arch_irq_bypass_add_producer+0x20/0x28
   __connect+0x98/0xb8
   irq_bypass_register_consumer+0x150/0x178
   kvm_irqfd+0x6dc/0x744
   kvm_vm_ioctl+0xe44/0x16b0

Fixes: b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()")
Signed-off-by: Tomas Krcka <krckatom@amazon.de>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
---
 drivers/irqchip/irq-gic-v3-its.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index 92244cfa0464..8c3ec5734f1e 100644
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -2045,7 +2045,7 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info)
 	if (!is_v4(its_dev->its))
 		return -EINVAL;
 
-	guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock);
+	guard(raw_spinlock)(&its_dev->event_map.vlpi_lock);
 
 	/* Unmap request? */
 	if (!info)
-- 
2.40.1




Amazon Web Services Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] irqchip/gic-v3-its: fix raw_local_irq_restore() called with IRQs enabled
  2024-12-30 15:08 [PATCH v2] irqchip/gic-v3-its: fix raw_local_irq_restore() called with IRQs enabled Tomas Krcka
@ 2025-01-13 14:26 ` Krcka, Tomas
  2025-01-15  9:16 ` [tip: irq/urgent] irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() tip-bot2 for Tomas Krcka
  1 sibling, 0 replies; 3+ messages in thread
From: Krcka, Tomas @ 2025-01-13 14:26 UTC (permalink / raw)
  To: linux-arm-kernel@lists.infradead.org
  Cc: Marc Zyngier, stable@vger.kernel.org, Thomas Gleixner,
	Hagar Hemdan, linux-kernel@vger.kernel.org

Ping for this one.

> On 30. Dec 2024, at 16:08, Tomas Krcka <krckatom@amazon.de> wrote:
> 
> The following call-chain leads to misuse of spinlock_irq
> when spinlock_irqsave was hold.
> 
> irq_set_vcpu_affinity
>  -> irq_get_desc_lock (spinlock_irqsave)
>   -> its_irq_set_vcpu_affinity
>    -> guard(raw_spin_lock_irq) <--- this enables interrupts
>  -> irq_put_desc_unlock // <--- WARN IRQs enabled
> 
> Fix the issue by using guard(raw_spinlock), since the function is
> already called with irqsave and raw_spin_lock was used before the commit
> b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()")
> introducing the guard as well.
> 
> This was discovered through the lock debugging, and the corresponding
> log is as follows:
> 
> raw_local_irq_restore() called with IRQs enabled
> WARNING: CPU: 38 PID: 444 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x2c/0x38
> Call trace:
>  warn_bogus_irq_restore+0x2c/0x38
>   _raw_spin_unlock_irqrestore+0x68/0x88
>   __irq_put_desc_unlock+0x1c/0x48
>   irq_set_vcpu_affinity+0x74/0xc0
>   its_map_vlpi+0x44/0x88
>   kvm_vgic_v4_set_forwarding+0x148/0x230
>   kvm_arch_irq_bypass_add_producer+0x20/0x28
>   __connect+0x98/0xb8
>   irq_bypass_register_consumer+0x150/0x178
>   kvm_irqfd+0x6dc/0x744
>   kvm_vm_ioctl+0xe44/0x16b0
> 
> Fixes: b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()")
> Signed-off-by: Tomas Krcka <krckatom@amazon.de>
> Reviewed-by: Marc Zyngier <maz@kernel.org>
> Cc: stable@vger.kernel.org
> ---
> drivers/irqchip/irq-gic-v3-its.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
> index 92244cfa0464..8c3ec5734f1e 100644
> --- a/drivers/irqchip/irq-gic-v3-its.c
> +++ b/drivers/irqchip/irq-gic-v3-its.c
> @@ -2045,7 +2045,7 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info)
> if (!is_v4(its_dev->its))
> return -EINVAL;
> 
> - guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock);
> + guard(raw_spinlock)(&its_dev->event_map.vlpi_lock);
> 
> /* Unmap request? */
> if (!info)
> -- 
> 2.40.1
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [tip: irq/urgent] irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
  2024-12-30 15:08 [PATCH v2] irqchip/gic-v3-its: fix raw_local_irq_restore() called with IRQs enabled Tomas Krcka
  2025-01-13 14:26 ` Krcka, Tomas
@ 2025-01-15  9:16 ` tip-bot2 for Tomas Krcka
  1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Tomas Krcka @ 2025-01-15  9:16 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Tomas Krcka, Thomas Gleixner, Marc Zyngier, stable, x86,
	linux-kernel

The following commit has been merged into the irq/urgent branch of tip:

Commit-ID:     35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310
Gitweb:        https://git.kernel.org/tip/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310
Author:        Tomas Krcka <krckatom@amazon.de>
AuthorDate:    Mon, 30 Dec 2024 15:08:25 
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Wed, 15 Jan 2025 09:42:45 +01:00

irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()

The following call-chain leads to enabling interrupts in a nested interrupt
disabled section:

irq_set_vcpu_affinity()
  irq_get_desc_lock()
     raw_spin_lock_irqsave()   <--- Disable interrupts
  its_irq_set_vcpu_affinity()
     guard(raw_spinlock_irq)   <--- Enables interrupts when leaving the guard()
  irq_put_desc_unlock()        <--- Warns because interrupts are enabled

This was broken in commit b97e8a2f7130, which replaced the original
raw_spin_[un]lock() pair with guard(raw_spinlock_irq).

Fix the issue by using guard(raw_spinlock).

[ tglx: Massaged change log ]

Fixes: b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()")
Signed-off-by: Tomas Krcka <krckatom@amazon.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20241230150825.62894-1-krckatom@amazon.de

---
 drivers/irqchip/irq-gic-v3-its.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index 92244cf..8c3ec57 100644
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -2045,7 +2045,7 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info)
 	if (!is_v4(its_dev->its))
 		return -EINVAL;
 
-	guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock);
+	guard(raw_spinlock)(&its_dev->event_map.vlpi_lock);
 
 	/* Unmap request? */
 	if (!info)

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-01-15  9:16 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-30 15:08 [PATCH v2] irqchip/gic-v3-its: fix raw_local_irq_restore() called with IRQs enabled Tomas Krcka
2025-01-13 14:26 ` Krcka, Tomas
2025-01-15  9:16 ` [tip: irq/urgent] irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() tip-bot2 for Tomas Krcka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).