From: Thomas Gleixner <tglx@linutronix.de>
To: Marc Zyngier <marc.zyngier@arm.com>
Cc: "majun (F)" <majun258@huawei.com>,
Mark Rutland <mark.rutland@arm.com>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, dingtianhong@huawei.com,
guohanjun@huawei.com
Subject: Re: [PATCH] generic: Add the exception case checking routine for ppi interrupt
Date: Fri, 2 Sep 2016 15:08:01 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.20.1609021436160.5647@nanos> (raw)
In-Reply-To: <57C7EEE2.7080205@arm.com>
On Thu, 1 Sep 2016, Marc Zyngier wrote:
> On 01/09/16 09:15, majun (F) wrote:
> Well, this issue goes way beyond the hack you wanted to add to the
> generic code, and it should probably be addressed in the GIC code
> itself, as an implementation specific workaround. Without knowing the
> details of the erratum, it is difficult to think of that would be
> required. I can come up with something like this:
>
> irqnr = gic_read_iar();
> if (unlikely(!is_enabled(irqnr))) {
> gic_write_eoir(irqnr);
> if (static_key_true(&supports_deactivate))
> gic_write_dir(irqnr);
> set_pending(irqnr);
> continue;
> }
>
> Performance will suffer (an extra MMIO access on the fast path). If LPIs
> are also affected, then the ITS code also needs to be involved, and
> that's not going to be pretty either. This code will have to be enabled
> at runtime, and handled like other erratum we have in this code.
So that's certainly a required workaround at the gic level. Though I really
think that we should make handle_percpu_devid_irq robust against a spurious
interrupt.
> void handle_percpu_devid_irq(unsigned int irq, struct irq_desc *desc)
> {
> - struct irq_chip *chip = irq_desc_get_chip(desc);
> - struct irqaction *action = desc->action;
> - void *dev_id = raw_cpu_ptr(action->percpu_dev_id);
> + struct irq_chip *chip = NULL;
> + struct irqaction *action;
> + void *dev_id;
> irqreturn_t res;
>
> + action = desc->action;
> +
> + /* Unexpected interrupt in some execption case
> + * we just send eoi to end this interrupt
> + */
> + if (unlikely(!action)) {
> + mask_irq(desc);
This is wrong. mask_irq() does not work for percpu interrupts. Aside of that
this completely lacks any debug information which tells us that there is
something wrong in the system. I'm going to apply the patch below for
robustness sake.
Thanks,
tglx
8<----------------------
Subject: genirq: Robustify handle_percpu_devid_irq()
From: Thomas Gleixner <tglx@linutronix.de>
Date: Fri, 02 Sep 2016 14:45:19 +0200
The percpu_devid handler is not robust against spurious interrupts. If a
spurious interrupt happens and no action is installed then the handler crashes
with a NULL pointer dereference.
Add a sanity check for this and log the wreckage once in dmesg.
Reported-by: Majun <majun258@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
kernel/irq/chip.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -756,7 +756,6 @@ void handle_percpu_devid_irq(struct irq_
{
struct irq_chip *chip = irq_desc_get_chip(desc);
struct irqaction *action = desc->action;
- void *dev_id = raw_cpu_ptr(action->percpu_dev_id);
unsigned int irq = irq_desc_get_irq(desc);
irqreturn_t res;
@@ -765,9 +764,20 @@ void handle_percpu_devid_irq(struct irq_
if (chip->irq_ack)
chip->irq_ack(&desc->irq_data);
- trace_irq_handler_entry(irq, action);
- res = action->handler(irq, dev_id);
- trace_irq_handler_exit(irq, action, res);
+ if (likely(action)) {
+ trace_irq_handler_entry(irq, action);
+ res = action->handler(irq, raw_cpu_ptr(action->percpu_dev_id));
+ trace_irq_handler_exit(irq, action, res);
+ } else {
+ unsigned int cpu = smp_processor_id();
+ bool enabled = cpumask_test_cpu(cpu, desc->percpu_enabled);
+
+ if (enabled)
+ irq_percpu_disable(desc, cpu);
+
+ pr_err_once("Spurious%s percpu IRQ%u on CPU%u\n",
+ enabled ? " and unmasked" : "", irq, cpu);
+ }
if (chip->irq_eoi)
chip->irq_eoi(&desc->irq_data);
WARNING: multiple messages have this Message-ID (diff)
From: tglx@linutronix.de (Thomas Gleixner)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] generic: Add the exception case checking routine for ppi interrupt
Date: Fri, 2 Sep 2016 15:08:01 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.20.1609021436160.5647@nanos> (raw)
In-Reply-To: <57C7EEE2.7080205@arm.com>
On Thu, 1 Sep 2016, Marc Zyngier wrote:
> On 01/09/16 09:15, majun (F) wrote:
> Well, this issue goes way beyond the hack you wanted to add to the
> generic code, and it should probably be addressed in the GIC code
> itself, as an implementation specific workaround. Without knowing the
> details of the erratum, it is difficult to think of that would be
> required. I can come up with something like this:
>
> irqnr = gic_read_iar();
> if (unlikely(!is_enabled(irqnr))) {
> gic_write_eoir(irqnr);
> if (static_key_true(&supports_deactivate))
> gic_write_dir(irqnr);
> set_pending(irqnr);
> continue;
> }
>
> Performance will suffer (an extra MMIO access on the fast path). If LPIs
> are also affected, then the ITS code also needs to be involved, and
> that's not going to be pretty either. This code will have to be enabled
> at runtime, and handled like other erratum we have in this code.
So that's certainly a required workaround at the gic level. Though I really
think that we should make handle_percpu_devid_irq robust against a spurious
interrupt.
> void handle_percpu_devid_irq(unsigned int irq, struct irq_desc *desc)
> {
> - struct irq_chip *chip = irq_desc_get_chip(desc);
> - struct irqaction *action = desc->action;
> - void *dev_id = raw_cpu_ptr(action->percpu_dev_id);
> + struct irq_chip *chip = NULL;
> + struct irqaction *action;
> + void *dev_id;
> irqreturn_t res;
>
> + action = desc->action;
> +
> + /* Unexpected interrupt in some execption case
> + * we just send eoi to end this interrupt
> + */
> + if (unlikely(!action)) {
> + mask_irq(desc);
This is wrong. mask_irq() does not work for percpu interrupts. Aside of that
this completely lacks any debug information which tells us that there is
something wrong in the system. I'm going to apply the patch below for
robustness sake.
Thanks,
tglx
8<----------------------
Subject: genirq: Robustify handle_percpu_devid_irq()
From: Thomas Gleixner <tglx@linutronix.de>
Date: Fri, 02 Sep 2016 14:45:19 +0200
The percpu_devid handler is not robust against spurious interrupts. If a
spurious interrupt happens and no action is installed then the handler crashes
with a NULL pointer dereference.
Add a sanity check for this and log the wreckage once in dmesg.
Reported-by: Majun <majun258@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
kernel/irq/chip.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -756,7 +756,6 @@ void handle_percpu_devid_irq(struct irq_
{
struct irq_chip *chip = irq_desc_get_chip(desc);
struct irqaction *action = desc->action;
- void *dev_id = raw_cpu_ptr(action->percpu_dev_id);
unsigned int irq = irq_desc_get_irq(desc);
irqreturn_t res;
@@ -765,9 +764,20 @@ void handle_percpu_devid_irq(struct irq_
if (chip->irq_ack)
chip->irq_ack(&desc->irq_data);
- trace_irq_handler_entry(irq, action);
- res = action->handler(irq, dev_id);
- trace_irq_handler_exit(irq, action, res);
+ if (likely(action)) {
+ trace_irq_handler_entry(irq, action);
+ res = action->handler(irq, raw_cpu_ptr(action->percpu_dev_id));
+ trace_irq_handler_exit(irq, action, res);
+ } else {
+ unsigned int cpu = smp_processor_id();
+ bool enabled = cpumask_test_cpu(cpu, desc->percpu_enabled);
+
+ if (enabled)
+ irq_percpu_disable(desc, cpu);
+
+ pr_err_once("Spurious%s percpu IRQ%u on CPU%u\n",
+ enabled ? " and unmasked" : "", irq, cpu);
+ }
if (chip->irq_eoi)
chip->irq_eoi(&desc->irq_data);
next prev parent reply other threads:[~2016-09-02 13:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-30 4:17 [PATCH] generic: Add the exception case checking routine for ppi interrupt MaJun
2016-08-30 4:17 ` MaJun
2016-08-30 8:50 ` Marc Zyngier
2016-08-30 8:50 ` Marc Zyngier
2016-08-30 10:35 ` majun (F)
2016-08-30 10:35 ` majun (F)
2016-08-30 11:07 ` Marc Zyngier
2016-08-30 11:07 ` Marc Zyngier
2016-08-30 11:21 ` Mark Rutland
2016-08-30 11:21 ` Mark Rutland
2016-08-31 6:35 ` majun (F)
2016-08-31 6:35 ` majun (F)
2016-08-31 8:35 ` Marc Zyngier
2016-08-31 8:35 ` Marc Zyngier
2016-09-01 8:15 ` majun (F)
2016-09-01 8:15 ` majun (F)
2016-09-01 9:03 ` Marc Zyngier
2016-09-01 9:03 ` Marc Zyngier
2016-09-02 13:08 ` Thomas Gleixner [this message]
2016-09-02 13:08 ` Thomas Gleixner
2016-09-02 15:49 ` Marc Zyngier
2016-09-02 15:49 ` Marc Zyngier
2016-09-02 16:13 ` [tip:irq/core] genirq: Robustify handle_percpu_devid_irq() tip-bot for Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1609021436160.5647@nanos \
--to=tglx@linutronix.de \
--cc=dingtianhong@huawei.com \
--cc=guohanjun@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=majun258@huawei.com \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.