From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Marc Zyngier <maz@kernel.org>,
x86@kernel.org, Bjorn Helgaas <bhelgaas@google.com>,
linux-pci@vger.kernel.org, Keith Busch <kbusch@kernel.org>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>
Subject: [patch 0/7] genirq/PCI: Sanitize interrupt injection
Date: Fri, 06 Mar 2020 14:03:41 +0100 [thread overview]
Message-ID: <20200306130341.199467200@linutronix.de> (raw)
Kuppuswamy triggered a NULL pointer dereference via the AER error injection
mechanism in the low level APIC code.
https://lore.kernel.org/r/f54208d62407901b5de15ce8c3d078c70fc7a1d0.1582313239.git.sathyanarayanan.kuppuswamy@linux.intel.com
It turned out that AER error injection is calling generic_handle_irq() from
task context which is unsafe for x86 interrupts which end up being handled
by the APIC. The fragile interrupt affinity handling which is imposed by
the x86 hardware does not allow to call into this code except from actual
interrupt context.
While the pointer could be checked this would just paper over the problem
and still be able to trigger warnings or silently corrupting state.
This series addresses the problem:
- Prevent the invocation of generic_handle_irq() from non interrupt
context on affected interrupts.
- Add a few missing sanity checks to the existing debugfs injection
mechanism
- Convert the debugfs injection into a function which can be invoked from
other places.
This provides a halfways safe interface to inject interrupts via the
irq_retrigger mechanism which does the injection via IPI.
This interface is solely for debug and testing purposes as it still can
make a device interrupts stale on x86 under very obscure and hard to
hit circumstances. For debug and error injection testing this is
acceptable. For any other use not.
- Change the AER code to use the new interface.
Thanks,
tglx
----
arch/x86/kernel/apic/vector.c | 6 +
drivers/pci/pcie/Kconfig | 1
drivers/pci/pcie/aer_inject.c | 6 -
include/linux/interrupt.h | 2
include/linux/irq.h | 13 +++
kernel/irq/Kconfig | 5 +
kernel/irq/chip.c | 2
kernel/irq/debugfs.c | 28 --------
kernel/irq/internals.h | 10 ++
kernel/irq/irqdesc.c | 6 +
kernel/irq/resend.c | 143 +++++++++++++++++++++++++++++++-----------
11 files changed, 153 insertions(+), 69 deletions(-)
next reply other threads:[~2020-03-06 13:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-06 13:03 Thomas Gleixner [this message]
2020-03-06 13:03 ` [patch 1/7] genirq/debugfs: Add missing sanity checks to interrupt injection Thomas Gleixner
2020-03-06 13:15 ` Marc Zyngier
2020-03-06 13:03 ` [patch 2/7] genirq: Add protection against unsafe usage of generic_handle_irq() Thomas Gleixner
2020-03-06 13:36 ` Marc Zyngier
2020-03-06 13:03 ` [patch 3/7] x86/apic/vector: Force interupt handler invocation to irq context Thomas Gleixner
2020-03-06 13:03 ` [patch 4/7] genirq: Add return value to check_irq_resend() Thomas Gleixner
2020-03-06 13:44 ` Marc Zyngier
2020-03-06 13:03 ` [patch 5/7] genirq: Sanitize state handling in check_irq_resend() Thomas Gleixner
2020-03-06 13:46 ` Marc Zyngier
2020-03-06 13:03 ` [patch 6/7] genirq: Provide interrupt injection mechanism Thomas Gleixner
2020-03-06 13:52 ` Marc Zyngier
2020-03-06 18:34 ` Kuppuswamy Sathyanarayanan
2020-03-06 13:03 ` [patch 7/7] PCI/AER: Fix the broken interrupt injection Thomas Gleixner
2020-03-06 18:32 ` Kuppuswamy Sathyanarayanan
2020-03-06 19:29 ` Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200306130341.199467200@linutronix.de \
--to=tglx@linutronix.de \
--cc=bhelgaas@google.com \
--cc=kbusch@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=maz@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).