All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] genirq/matrix: Prevent managed_allocated/total_allocated counters getting out-of-sync
@ 2021-03-19 11:18 Vitaly Kuznetsov
  2021-03-19 21:53 ` [tip: irq/core] genirq/matrix: Prevent allocation counter corruption tip-bot2 for Vitaly Kuznetsov
  0 siblings, 1 reply; 2+ messages in thread
From: Vitaly Kuznetsov @ 2021-03-19 11:18 UTC (permalink / raw)
  To: Thomas Gleixner, x86
  Cc: Ingo Molnar, Borislav Petkov, H. Peter Anvin, linux-kernel

When irq_matrix_free() is called for an unallocated interrupt,
managed_allocated/total_allocated counters get out of sync with the real
state of the matrix. Later, when the last interrupt is freed, these
counters will go negative (overflow). While this is certainly a problem of
the calling code, we can do better in irq_matrix_free() and simplify
debugging.

An example of a problem described above:
https://lore.kernel.org/lkml/20210318192819.636943062@linutronix.de/

Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 kernel/irq/matrix.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/irq/matrix.c b/kernel/irq/matrix.c
index 651a4ad6d711..8e586858bcf4 100644
--- a/kernel/irq/matrix.c
+++ b/kernel/irq/matrix.c
@@ -423,7 +423,9 @@ void irq_matrix_free(struct irq_matrix *m, unsigned int cpu,
 	if (WARN_ON_ONCE(bit < m->alloc_start || bit >= m->alloc_end))
 		return;
 
-	clear_bit(bit, cm->alloc_map);
+	if (WARN_ON_ONCE(!test_and_clear_bit(bit, cm->alloc_map)))
+		return;
+
 	cm->allocated--;
 	if(managed)
 		cm->managed_allocated--;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [tip: irq/core] genirq/matrix: Prevent allocation counter corruption
  2021-03-19 11:18 [PATCH] genirq/matrix: Prevent managed_allocated/total_allocated counters getting out-of-sync Vitaly Kuznetsov
@ 2021-03-19 21:53 ` tip-bot2 for Vitaly Kuznetsov
  0 siblings, 0 replies; 2+ messages in thread
From: tip-bot2 for Vitaly Kuznetsov @ 2021-03-19 21:53 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Thomas Gleixner, Vitaly Kuznetsov, x86, linux-kernel, maz

The following commit has been merged into the irq/core branch of tip:

Commit-ID:     c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab
Gitweb:        https://git.kernel.org/tip/c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab
Author:        Vitaly Kuznetsov <vkuznets@redhat.com>
AuthorDate:    Fri, 19 Mar 2021 12:18:23 +01:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Fri, 19 Mar 2021 22:52:11 +01:00

genirq/matrix: Prevent allocation counter corruption

When irq_matrix_free() is called for an unallocated vector the
managed_allocated and total_allocated counters get out of sync with the
real state of the matrix. Later, when the last interrupt is freed, these
counters will underflow resulting in UINTMAX because the counters are
unsigned.

While this is certainly a problem of the calling code, this can be catched
in the allocator by checking the allocation bit for the to be freed vector
which simplifies debugging.

An example of the problem described above:
https://lore.kernel.org/lkml/20210318192819.636943062@linutronix.de/

Add the missing sanity check and emit a warning when it triggers.

Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20210319111823.1105248-1-vkuznets@redhat.com

---
 kernel/irq/matrix.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/irq/matrix.c b/kernel/irq/matrix.c
index 6f8b1d1..578596e 100644
--- a/kernel/irq/matrix.c
+++ b/kernel/irq/matrix.c
@@ -422,7 +422,9 @@ void irq_matrix_free(struct irq_matrix *m, unsigned int cpu,
 	if (WARN_ON_ONCE(bit < m->alloc_start || bit >= m->alloc_end))
 		return;
 
-	clear_bit(bit, cm->alloc_map);
+	if (WARN_ON_ONCE(!test_and_clear_bit(bit, cm->alloc_map)))
+		return;
+
 	cm->allocated--;
 	if(managed)
 		cm->managed_allocated--;

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-03-19 21:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-19 11:18 [PATCH] genirq/matrix: Prevent managed_allocated/total_allocated counters getting out-of-sync Vitaly Kuznetsov
2021-03-19 21:53 ` [tip: irq/core] genirq/matrix: Prevent allocation counter corruption tip-bot2 for Vitaly Kuznetsov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.