[PATCH -stable] rcu: Allow for page faults in NMI handlers

[PATCH -stable] rcu: Allow for page faults in NMI handlers

[Paul E. McKenney]

A number of architecture invoke rcu_irq_enter() on exception entry in
order to allow RCU read-side critical sections in the exception handler
when the exception is from an idle or nohz_full CPU.  This works, at
least unless the exception happens in an NMI handler.  In that case,
rcu_nmi_enter() would already have exited the extended quiescent state,
which would mean that rcu_irq_enter() would (incorrectly) cause RCU
to think that it is again in an extended quiescent state.  This will
in turn result in lockdep splats in response to later RCU read-side
critical sections.

This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
take no action if there is an rcu_nmi_enter() in effect, thus avoiding
the unscheduled return to RCU quiescent state.  This in turn should
make the kernel safe for on-demand RCU voyeurism.

Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com

Cc: stable@vger.kernel.org # 4.5.x
Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index 69a5611a7e7c..650dc600b104 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -789,8 +789,13 @@ void rcu_irq_exit(void)
 	long long oldval;
 	struct rcu_dynticks *rdtp;
 
-	RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!");
 	rdtp = this_cpu_ptr(&rcu_dynticks);
+
+	/* Page faults can happen in NMI handlers, so check... */
+	if (READ_ONCE(rdtp->dynticks_nmi_nesting))
+		return;
+
+	RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!");
 	oldval = rdtp->dynticks_nesting;
 	rdtp->dynticks_nesting--;
 	WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&
@@ -927,8 +932,13 @@ void rcu_irq_enter(void)
 	struct rcu_dynticks *rdtp;
 	long long oldval;
 
-	RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!");
 	rdtp = this_cpu_ptr(&rcu_dynticks);
+
+	/* Page faults can happen in NMI handlers, so check... */
+	if (READ_ONCE(rdtp->dynticks_nmi_nesting))
+		return;
+
+	RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!");
 	oldval = rdtp->dynticks_nesting;
 	rdtp->dynticks_nesting++;
 	WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&

[PATCH -stable] rcu: Allow for page faults in NMI handlers

[Paul E. McKenney]

A number of architecture invoke rcu_irq_enter() on exception entry in
order to allow RCU read-side critical sections in the exception handler
when the exception is from an idle or nohz_full CPU.  This works, at
least unless the exception happens in an NMI handler.  In that case,
rcu_nmi_enter() would already have exited the extended quiescent state,
which would mean that rcu_irq_enter() would (incorrectly) cause RCU
to think that it is again in an extended quiescent state.  This will
in turn result in lockdep splats in response to later RCU read-side
critical sections.

This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
take no action if there is an rcu_nmi_enter() in effect, thus avoiding
the unscheduled return to RCU quiescent state.  This in turn should
make the kernel safe for on-demand RCU voyeurism.

Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com

Cc: stable@vger.kernel.org # 4.2.x
Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index f07343b54fe5..8a62cbfe1f2f 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -759,6 +759,12 @@ void rcu_irq_exit(void)
 
 	local_irq_save(flags);
 	rdtp = this_cpu_ptr(&rcu_dynticks);
+
+	/* Page faults can happen in NMI handlers, so check... */
+	if (READ_ONCE(rdtp->dynticks_nmi_nesting))
+		return;
+
+	RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!");
 	oldval = rdtp->dynticks_nesting;
 	rdtp->dynticks_nesting--;
 	WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&
@@ -887,6 +893,12 @@ void rcu_irq_enter(void)
 
 	local_irq_save(flags);
 	rdtp = this_cpu_ptr(&rcu_dynticks);
+
+	/* Page faults can happen in NMI handlers, so check... */
+	if (READ_ONCE(rdtp->dynticks_nmi_nesting))
+		return;
+
+	RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!");
 	oldval = rdtp->dynticks_nesting;
 	rdtp->dynticks_nesting++;
 	WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&

Re: [PATCH -stable] rcu: Allow for page faults in NMI handlers

[Greg KH]

On Thu, Oct 12, 2017 at 04:09:28PM -0700, Paul E. McKenney wrote:
> A number of architecture invoke rcu_irq_enter() on exception entry in
> order to allow RCU read-side critical sections in the exception handler
> when the exception is from an idle or nohz_full CPU.  This works, at
> least unless the exception happens in an NMI handler.  In that case,
> rcu_nmi_enter() would already have exited the extended quiescent state,
> which would mean that rcu_irq_enter() would (incorrectly) cause RCU
> to think that it is again in an extended quiescent state.  This will
> in turn result in lockdep splats in response to later RCU read-side
> critical sections.
> 
> This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
> take no action if there is an rcu_nmi_enter() in effect, thus avoiding
> the unscheduled return to RCU quiescent state.  This in turn should
> make the kernel safe for on-demand RCU voyeurism.
> 
> Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com
> 
> Cc: stable@vger.kernel.org # 4.2.x
> Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
> Reported-by: Steven Rostedt <rostedt@goodmis.org>
> Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

This does not apply to the 4.4-stable tree, was this the correct patch I
should be using for that tree?

thanks,

greg k-h

Re: [PATCH -stable] rcu: Allow for page faults in NMI handlers

[Greg KH]

On Thu, Oct 12, 2017 at 04:08:38PM -0700, Paul E. McKenney wrote:
> A number of architecture invoke rcu_irq_enter() on exception entry in
> order to allow RCU read-side critical sections in the exception handler
> when the exception is from an idle or nohz_full CPU.  This works, at
> least unless the exception happens in an NMI handler.  In that case,
> rcu_nmi_enter() would already have exited the extended quiescent state,
> which would mean that rcu_irq_enter() would (incorrectly) cause RCU
> to think that it is again in an extended quiescent state.  This will
> in turn result in lockdep splats in response to later RCU read-side
> critical sections.
> 
> This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
> take no action if there is an rcu_nmi_enter() in effect, thus avoiding
> the unscheduled return to RCU quiescent state.  This in turn should
> make the kernel safe for on-demand RCU voyeurism.
> 
> Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com
> 
> Cc: stable@vger.kernel.org # 4.5.x
> Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
> Reported-by: Steven Rostedt <rostedt@goodmis.org>
> Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

Thanks for the backport, this applied to 4.9-stable.

greg k-h

Re: [PATCH -stable] rcu: Allow for page faults in NMI handlers

[Paul E. McKenney]

On Fri, Oct 13, 2017 at 11:52:45AM +0200, Greg KH wrote:
> On Thu, Oct 12, 2017 at 04:09:28PM -0700, Paul E. McKenney wrote:
> > A number of architecture invoke rcu_irq_enter() on exception entry in
> > order to allow RCU read-side critical sections in the exception handler
> > when the exception is from an idle or nohz_full CPU.  This works, at
> > least unless the exception happens in an NMI handler.  In that case,
> > rcu_nmi_enter() would already have exited the extended quiescent state,
> > which would mean that rcu_irq_enter() would (incorrectly) cause RCU
> > to think that it is again in an extended quiescent state.  This will
> > in turn result in lockdep splats in response to later RCU read-side
> > critical sections.
> > 
> > This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
> > take no action if there is an rcu_nmi_enter() in effect, thus avoiding
> > the unscheduled return to RCU quiescent state.  This in turn should
> > make the kernel safe for on-demand RCU voyeurism.
> > 
> > Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com
> > 
> > Cc: stable@vger.kernel.org # 4.2.x
> > Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
> > Reported-by: Steven Rostedt <rostedt@goodmis.org>
> > Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> > Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> 
> This does not apply to the 4.4-stable tree, was this the correct patch I
> should be using for that tree?

Hmmm...  Idiot here backported to v4.4 in Linus's tree, which of
course might not work...  But it applies to v4.4.92 of -stable:

git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

Am I still applying it in the wrong place?

							Thanx, Paul

Re: [PATCH -stable] rcu: Allow for page faults in NMI handlers

[Greg KH]

On Fri, Oct 13, 2017 at 09:25:43AM -0700, Paul E. McKenney wrote:
> On Fri, Oct 13, 2017 at 11:52:45AM +0200, Greg KH wrote:
> > On Thu, Oct 12, 2017 at 04:09:28PM -0700, Paul E. McKenney wrote:
> > > A number of architecture invoke rcu_irq_enter() on exception entry in
> > > order to allow RCU read-side critical sections in the exception handler
> > > when the exception is from an idle or nohz_full CPU.  This works, at
> > > least unless the exception happens in an NMI handler.  In that case,
> > > rcu_nmi_enter() would already have exited the extended quiescent state,
> > > which would mean that rcu_irq_enter() would (incorrectly) cause RCU
> > > to think that it is again in an extended quiescent state.  This will
> > > in turn result in lockdep splats in response to later RCU read-side
> > > critical sections.
> > > 
> > > This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
> > > take no action if there is an rcu_nmi_enter() in effect, thus avoiding
> > > the unscheduled return to RCU quiescent state.  This in turn should
> > > make the kernel safe for on-demand RCU voyeurism.
> > > 
> > > Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com
> > > 
> > > Cc: stable@vger.kernel.org # 4.2.x
> > > Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
> > > Reported-by: Steven Rostedt <rostedt@goodmis.org>
> > > Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> > > Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> > 
> > This does not apply to the 4.4-stable tree, was this the correct patch I
> > should be using for that tree?
> 
> Hmmm...  Idiot here backported to v4.4 in Linus's tree, which of
> course might not work...  But it applies to v4.4.92 of -stable:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
> 
> Am I still applying it in the wrong place?

Ugh, no, you are doing the right thing.  I don't know what failed on my
end, that's what I get for trying to deal with RCU early in the morning
:)

I'll go apply this now, sorry for the noise, and thanks for checking and
the backport.

greg k-h

Re: [PATCH -stable] rcu: Allow for page faults in NMI handlers

[Paul E. McKenney]

On Fri, Oct 13, 2017 at 06:33:52PM +0200, Greg KH wrote:
> On Fri, Oct 13, 2017 at 09:25:43AM -0700, Paul E. McKenney wrote:
> > On Fri, Oct 13, 2017 at 11:52:45AM +0200, Greg KH wrote:
> > > On Thu, Oct 12, 2017 at 04:09:28PM -0700, Paul E. McKenney wrote:
> > > > A number of architecture invoke rcu_irq_enter() on exception entry in
> > > > order to allow RCU read-side critical sections in the exception handler
> > > > when the exception is from an idle or nohz_full CPU.  This works, at
> > > > least unless the exception happens in an NMI handler.  In that case,
> > > > rcu_nmi_enter() would already have exited the extended quiescent state,
> > > > which would mean that rcu_irq_enter() would (incorrectly) cause RCU
> > > > to think that it is again in an extended quiescent state.  This will
> > > > in turn result in lockdep splats in response to later RCU read-side
> > > > critical sections.
> > > > 
> > > > This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to
> > > > take no action if there is an rcu_nmi_enter() in effect, thus avoiding
> > > > the unscheduled return to RCU quiescent state.  This in turn should
> > > > make the kernel safe for on-demand RCU voyeurism.
> > > > 
> > > > Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com
> > > > 
> > > > Cc: stable@vger.kernel.org # 4.2.x
> > > > Fixes: 0be964be0 ("module: Sanitize RCU usage and locking")
> > > > Reported-by: Steven Rostedt <rostedt@goodmis.org>
> > > > Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> > > > Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> > > 
> > > This does not apply to the 4.4-stable tree, was this the correct patch I
> > > should be using for that tree?
> > 
> > Hmmm...  Idiot here backported to v4.4 in Linus's tree, which of
> > course might not work...  But it applies to v4.4.92 of -stable:
> > 
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
> > 
> > Am I still applying it in the wrong place?
> 
> Ugh, no, you are doing the right thing.  I don't know what failed on my
> end, that's what I get for trying to deal with RCU early in the morning
> :)

Believe me, I know that feeling very well!  ;-)

							Thanx, Paul

> I'll go apply this now, sorry for the noise, and thanks for checking and
> the backport.
> 
> greg k-h
>