Re: [PATCH v2] Crash: add lock to serialize crash hotplug handling

[Baoquan He <bhe@redhat.com>]

On 09/25/23 at 09:59am, Eric DeVolder wrote:
> 
> 
> On 9/24/23 22:07, Baoquan He wrote:
> > Eric reported that handling corresponding crash hotplug event can be
> > failed easily when many memory hotplug event are notified in a short
> > period. They failed because failing to take __kexec_lock.
> > 
> > =======
> > [   78.714569] Fallback order for Node 0: 0
> > [   78.714575] Built 1 zonelists, mobility grouping on.  Total pages: 1817886
> > [   78.717133] Policy zone: Normal
> > [   78.724423] crash hp: kexec_trylock() failed, elfcorehdr may be inaccurate
> > [   78.727207] crash hp: kexec_trylock() failed, elfcorehdr may be inaccurate
> > [   80.056643] PEFILE: Unsigned PE binary
> > =======
> > 
> > The memory hotplug events are notified very quickly and very many,
> > while the handling of crash hotplug is much slower relatively. So the
> > atomic variable __kexec_lock and kexec_trylock() can't guarantee the
> > serialization of crash hotplug handling.
> > 
> > Here, add a new mutex lock __crash_hotplug_lock to serialize crash
> > hotplug handling specifically. This doesn't impact the usage of
> > __kexec_lock.
> > 
> > Signed-off-by: Baoquan He <bhe@redhat.com>
> > ---
> > v1->v2:
> >   - Move mutex lock definition into CONFIG_CRASH_HOTPLUG ifdeffery
> >     scope in kernel/crash_core.c because the lock is only needed and
> >     used in that scope. Suggested by Eric.
> > 
> >   kernel/crash_core.c | 14 ++++++++++++++
> >   1 file changed, 14 insertions(+)
> > 
> > diff --git a/kernel/crash_core.c b/kernel/crash_core.c
> > index 03a7932cde0a..5951d6366b72 100644
> > --- a/kernel/crash_core.c
> > +++ b/kernel/crash_core.c
> > @@ -739,6 +739,17 @@ subsys_initcall(crash_notes_memory_init);
> >   #undef pr_fmt
> >   #define pr_fmt(fmt) "crash hp: " fmt
> > +/*
> > + * Different than kexec/kdump loading/unloading/jumping/shrinking which
> > + * usually rarely happen, there will be many crash hotplug events notified
> > + * during one short period, e.g one memory board is hot added and memory
> > + * regions are online. So mutex lock  __crash_hotplug_lock is used to
> > + * serialize the crash hotplug handling specifically.
> > + */
> > +DEFINE_MUTEX(__crash_hotplug_lock);
> > +#define crash_hotplug_lock() mutex_lock(&__crash_hotplug_lock)
> > +#define crash_hotplug_unlock() mutex_unlock(&__crash_hotplug_lock)
> > +
> >   /*
> >    * This routine utilized when the crash_hotplug sysfs node is read.
> >    * It reflects the kernel's ability/permission to update the crash
> > @@ -783,9 +794,11 @@ static void crash_handle_hotplug_event(unsigned int hp_action, unsigned int cpu)
> >   {
> >   	struct kimage *image;
> > +	crash_hotplug_lock();
> >   	/* Obtain lock while changing crash information */
> >   	if (!kexec_trylock()) {
> >   		pr_info("kexec_trylock() failed, elfcorehdr may be inaccurate\n");
> > +		crash_hotplug_unlock();
> >   		return;
> >   	}
> > @@ -852,6 +865,7 @@ static void crash_handle_hotplug_event(unsigned int hp_action, unsigned int cpu)
> >   out:
> >   	/* Release lock now that update complete */
> >   	kexec_unlock();
> > +	crash_hotplug_unlock();
> >   }
> >   static int crash_memhp_notifier(struct notifier_block *nb, unsigned long val, void *v)
> 
> The crash_check_update_elfcorehdr() also has kexec_trylock() and needs similar treatment.
> Userspace (ie udev rule processing) and kernel (crash hotplug infrastrucutre) need to be
> protected/serialized from one another.

You are right. I didn't consider the kexec_load interface. There's a
tiny racing window which we still need to avoid. V3 will be posted.
Thanks.