From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Valentin Schneider <vschneid@redhat.com>
Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
linux-rt-users@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Petr Mladek <pmladek@suse.com>,
Thomas Gleixner <tglx@linutronix.de>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Juri Lelli <jlelli@redhat.com>,
"Luis Claudio R. Goncalves" <lgoncalv@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vivek Goyal <vgoyal@redhat.com>
Subject: Re: [PATCH v2] panic, kexec: Make __crash_kexec() NMI safe
Date: Sat, 25 Jun 2022 12:04:46 -0500 [thread overview]
Message-ID: <87r13c7jyp.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20220620111520.1039685-1-vschneid@redhat.com> (Valentin Schneider's message of "Mon, 20 Jun 2022 12:15:20 +0100")
Valentin Schneider <vschneid@redhat.com> writes:
> Attempting to get a crash dump out of a debug PREEMPT_RT kernel via an NMI
> panic() doesn't work. The cause of that lies in the PREEMPT_RT definition
> of mutex_trylock():
>
> if (IS_ENABLED(CONFIG_DEBUG_RT_MUTEXES) && WARN_ON_ONCE(!in_task()))
> return 0;
>
> This prevents an NMI panic() from executing the main body of
> __crash_kexec() which does the actual kexec into the kdump kernel.
> The warning and return are explained by:
>
> 6ce47fd961fa ("rtmutex: Warn if trylock is called from hard/softirq context")
> [...]
> The reasons for this are:
>
> 1) There is a potential deadlock in the slowpath
>
> 2) Another cpu which blocks on the rtmutex will boost the task
> which allegedly locked the rtmutex, but that cannot work
> because the hard/softirq context borrows the task context.
>
> Furthermore, grabbing the lock isn't NMI safe, so do away with it and
> use an atomic variable to serialize reads vs writes of
> kexec_crash_image.
>
> Tested by triggering NMI panics via:
>
> $ echo 1 > /proc/sys/kernel/panic_on_unrecovered_nmi
> $ echo 1 > /proc/sys/kernel/unknown_nmi_panic
> $ echo 1 > /proc/sys/kernel/panic
>
> $ ipmitool power diag
>
> Fixes: 6ce47fd961fa ("rtmutex: Warn if trylock is called from hard/softirq context")
> Signed-off-by: Valentin Schneider <vschneid@redhat.com>
I am not particularly fond of this patch as it adds more complexity than
is necessary to solve the problem.
Calling a spade a spade PREEMPT_RT's mutex_trylock implementation is
broken as it can not support the use cases of an ordinary mutex_trylock.
I have not seen (possibly I skimmed too quickly) anywhere in the
discussion why PREEMPT_RT is not being fixed. Looking at the code
there is enough going on in try_to_take_rt_mutex that I can imagine
that some part of that code is not nmi safe. So I can believe
PREEMPT_RT may be unfix-ably broken.
At this point I recommend going back to being ``unconventional'' with
the kexec locking and effectively reverting commit 8c5a1cf0ad3a ("kexec:
use a mutex for locking rather than xchg()").
That would also mean that we don't have to worry about the lockdep code
doing something weird in the future and breaking kexec.
Your change starting to is atomic_cmpxchng is most halfway to a revert
of commit 8c5a1cf0ad3a ("kexec: use a mutex for locking rather than
xchg()"). So we might as well go the whole way and just document that
the kexec on panic code can not use conventional kernel locking
primitives and has to dig deep and build it's own. At which point it
makes no sense for the rest of the kexec code to use anything different.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Valentin Schneider <vschneid@redhat.com>
Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
linux-rt-users@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Petr Mladek <pmladek@suse.com>,
Thomas Gleixner <tglx@linutronix.de>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Juri Lelli <jlelli@redhat.com>,
"Luis Claudio R. Goncalves" <lgoncalv@redhat.com>,
Andrew Morton <akpm@linux-foundation.org> ,
Vivek Goyal <vgoyal@redhat.com>
Subject: Re: [PATCH v2] panic, kexec: Make __crash_kexec() NMI safe
Date: Sat, 25 Jun 2022 12:04:46 -0500 [thread overview]
Message-ID: <87r13c7jyp.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20220620111520.1039685-1-vschneid@redhat.com> (Valentin Schneider's message of "Mon, 20 Jun 2022 12:15:20 +0100")
Valentin Schneider <vschneid@redhat.com> writes:
> Attempting to get a crash dump out of a debug PREEMPT_RT kernel via an NMI
> panic() doesn't work. The cause of that lies in the PREEMPT_RT definition
> of mutex_trylock():
>
> if (IS_ENABLED(CONFIG_DEBUG_RT_MUTEXES) && WARN_ON_ONCE(!in_task()))
> return 0;
>
> This prevents an NMI panic() from executing the main body of
> __crash_kexec() which does the actual kexec into the kdump kernel.
> The warning and return are explained by:
>
> 6ce47fd961fa ("rtmutex: Warn if trylock is called from hard/softirq context")
> [...]
> The reasons for this are:
>
> 1) There is a potential deadlock in the slowpath
>
> 2) Another cpu which blocks on the rtmutex will boost the task
> which allegedly locked the rtmutex, but that cannot work
> because the hard/softirq context borrows the task context.
>
> Furthermore, grabbing the lock isn't NMI safe, so do away with it and
> use an atomic variable to serialize reads vs writes of
> kexec_crash_image.
>
> Tested by triggering NMI panics via:
>
> $ echo 1 > /proc/sys/kernel/panic_on_unrecovered_nmi
> $ echo 1 > /proc/sys/kernel/unknown_nmi_panic
> $ echo 1 > /proc/sys/kernel/panic
>
> $ ipmitool power diag
>
> Fixes: 6ce47fd961fa ("rtmutex: Warn if trylock is called from hard/softirq context")
> Signed-off-by: Valentin Schneider <vschneid@redhat.com>
I am not particularly fond of this patch as it adds more complexity than
is necessary to solve the problem.
Calling a spade a spade PREEMPT_RT's mutex_trylock implementation is
broken as it can not support the use cases of an ordinary mutex_trylock.
I have not seen (possibly I skimmed too quickly) anywhere in the
discussion why PREEMPT_RT is not being fixed. Looking at the code
there is enough going on in try_to_take_rt_mutex that I can imagine
that some part of that code is not nmi safe. So I can believe
PREEMPT_RT may be unfix-ably broken.
At this point I recommend going back to being ``unconventional'' with
the kexec locking and effectively reverting commit 8c5a1cf0ad3a ("kexec:
use a mutex for locking rather than xchg()").
That would also mean that we don't have to worry about the lockdep code
doing something weird in the future and breaking kexec.
Your change starting to is atomic_cmpxchng is most halfway to a revert
of commit 8c5a1cf0ad3a ("kexec: use a mutex for locking rather than
xchg()"). So we might as well go the whole way and just document that
the kexec on panic code can not use conventional kernel locking
primitives and has to dig deep and build it's own. At which point it
makes no sense for the rest of the kexec code to use anything different.
Eric
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2022-06-25 17:04 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 11:15 [PATCH v2] panic, kexec: Make __crash_kexec() NMI safe Valentin Schneider
2022-06-20 11:15 ` Valentin Schneider
2022-06-23 9:31 ` Sebastian Andrzej Siewior
2022-06-23 9:31 ` Sebastian Andrzej Siewior
2022-06-23 11:39 ` Valentin Schneider
2022-06-23 11:39 ` Valentin Schneider
2022-06-23 13:35 ` Sebastian Andrzej Siewior
2022-06-23 13:35 ` Sebastian Andrzej Siewior
2022-06-24 1:30 ` Baoquan He
2022-06-24 1:30 ` Baoquan He
2022-06-24 13:37 ` Valentin Schneider
2022-06-24 13:37 ` Valentin Schneider
2022-06-26 10:37 ` Baoquan He
2022-06-26 10:37 ` Baoquan He
2022-06-26 10:45 ` Baoquan He
2022-06-26 10:45 ` Baoquan He
2022-06-25 17:04 ` Eric W. Biederman [this message]
2022-06-25 17:04 ` Eric W. Biederman
2022-06-27 12:42 ` Valentin Schneider
2022-06-27 12:42 ` Valentin Schneider
2022-06-28 17:33 ` Valentin Schneider
2022-06-28 17:33 ` Valentin Schneider
2022-06-29 11:55 ` Petr Mladek
2022-06-29 11:55 ` Petr Mladek
2022-06-29 12:23 ` Valentin Schneider
2022-06-29 12:23 ` Valentin Schneider
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r13c7jyp.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bigeasy@linutronix.de \
--cc=jlelli@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=lgoncalv@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rt-users@vger.kernel.org \
--cc=pmladek@suse.com \
--cc=tglx@linutronix.de \
--cc=vgoyal@redhat.com \
--cc=vschneid@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.