From: Linus Torvalds <torvalds@linux-foundation.org>
To: Borislav Petkov <bp@suse.de>, Len Brown <lenb@kernel.org>,
Tony Luck <tony.luck@intel.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>,
Tyler Baicar <tbaicar@codeaurora.org>,
Huang Ying <ying.huang@intel.com>,
Chen Gong <gong.chen@linux.intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Will Deacon <will.deacon@arm.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Linux ACPI <linux-acpi@vger.kernel.org>
Subject: Re: [ghes_copy_tofrom_phys] BUG: sleeping function called from invalid context at mm/page_alloc.c:4150
Date: Mon, 30 Oct 2017 10:20:40 -0700 [thread overview]
Message-ID: <CA+55aFy2c88wKndjRAds-3MZ+MsArGBySOog+Rxmd2AciGFGkA@mail.gmail.com> (raw)
In-Reply-To: <20171030110511.scfrdtlnf5lbdhu5@pd.tnic>
On Mon, Oct 30, 2017 at 4:05 AM, Borislav Petkov <bp@suse.de> wrote:
>
> Looks like Tyler broke it:
>
> 77b246b32b2c ("acpi: apei: check for pending errors when probing GHES entries")
>
> and it went into 4.13 and -stable.
I think this whole driver is garbage.
It does ioremap_page_range() in both NMI and irq context.
The fact that it triggers at probe time is just pure luck, and is
probably because at that point we don't happen to have the page tables
for the ioremap set up yet, so it actually does an allocation, which
is what then causes the warning.
But we should have warned much eariler, and this code has apparently
never worked right.
The driver is COMPLETELY broken. It needs to do the ioremap not at
interrupt time, but when setting up the device, and outside a
spinlock.
I think somebody must have known how broken this whole thing was,
because it literally uses a RAW spinloick, and I suspect the reason
for that is because lockdep complained about the breakage without it.
Reverting just the latest addition is not going to help. The breakage
is much more fundamental than that.
Note that doing this thing in NMI context is *really* wrong, because
the whole ioremap() code is definitely not NMI-safe. I don't think
it's irq-safe either.
I will add a "might_sleep()" to ioremap_page_range() itself, so that
we get this warning more reliably and much eailer. Right now it has
been hidden by the fact that most of the time the time the page tables
may be already allocated, but even then it's broken.
The only safe way to do that kind of access is likely using the FIXMAP model.
Linus
next prev parent reply other threads:[~2017-10-30 17:20 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-23 11:03 Linux 4.14-rc6 Linus Torvalds
2017-10-29 22:51 ` Fengguang Wu
2017-10-29 23:02 ` [perf_event_ctx_lock_nested] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:97 Fengguang Wu
2017-10-30 8:42 ` Peter Zijlstra
2017-10-30 8:52 ` Fengguang Wu
2017-10-29 23:10 ` [o2nm_depend_item] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:52 Fengguang Wu
2017-10-29 23:23 ` Fengguang Wu
2017-10-30 1:48 ` Eric Ren
2017-10-30 2:04 ` piaojun
2017-10-29 23:18 ` [ghes_copy_tofrom_phys] BUG: sleeping function called from invalid context at mm/page_alloc.c:4150 Fengguang Wu
2017-10-30 11:05 ` Borislav Petkov
2017-10-30 14:01 ` Tyler Baicar
2017-10-30 14:06 ` Borislav Petkov
2017-10-30 14:17 ` Tyler Baicar
2017-10-30 14:56 ` Borislav Petkov
2017-10-30 17:20 ` Linus Torvalds [this message]
2017-10-30 17:42 ` Borislav Petkov
2017-10-30 17:46 ` Linus Torvalds
2017-10-30 17:49 ` Will Deacon
2017-10-30 18:00 ` Linus Torvalds
2017-10-30 20:14 ` Tyler Baicar
2017-10-31 10:38 ` Will Deacon
2017-10-31 12:29 ` Mark Rutland
[not found] ` <20171106224635.qopgsszwxzuitkpf@wfg-t540p.sh.intel.com>
2017-11-06 22:57 ` [v4.14-rc8 ghes_copy_tofrom_phys] BUG: sleeping function called from invalid context at lib/ioremap.c:165 Linus Torvalds
2017-11-06 23:20 ` Fengguang Wu
2017-11-06 23:02 ` Borislav Petkov
2017-11-06 23:04 ` Rafael J. Wysocki
2017-11-07 13:39 ` Fengguang Wu
[not found] ` <20171106225354.6ucl4f4ipsjlntzl@wfg-t540p.sh.intel.com>
2017-11-06 23:12 ` [ata_scsi_offline_dev] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:238 Linus Torvalds
2017-11-07 0:12 ` Tejun Heo
2017-11-07 3:34 ` Martin K. Petersen
2017-11-07 6:55 ` Hannes Reinecke
2017-10-29 23:37 ` [pgtable_trans_huge_withdraw] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 Fengguang Wu
2017-10-30 9:19 ` Kirill A. Shutemov
2017-10-30 9:28 ` Fengguang Wu
2017-10-30 11:27 ` Kirill A. Shutemov
2017-10-30 11:58 ` Kirill A. Shutemov
2017-10-30 12:40 ` Zi Yan
2017-10-30 13:24 ` Kirill A. Shutemov
2017-10-29 23:48 ` [run_timer_softirq] BUG: unable to handle kernel paging request at 0000000000010007 Fengguang Wu
2017-10-30 19:29 ` Linus Torvalds
2017-10-30 20:37 ` Fengguang Wu
[not found] ` <20171109051905.pdlsyrbzrwlsjbrs@wfg-t540p.sh.intel.com>
2017-11-10 20:08 ` Linus Torvalds
2017-11-10 21:29 ` Thomas Gleixner
2017-11-11 15:35 ` Fengguang Wu
2017-10-30 6:27 ` Linux 4.14-rc6: WARNING: CPU: 9 PID: 5377 at arch/x86/events/intel/core.c:2228 intel_pmu_handle_irq+0x4a8/0x4c0 Fengguang Wu
2017-10-30 10:02 ` Peter Zijlstra
2017-10-30 22:49 ` Fengguang Wu
2017-10-31 14:57 ` Peter Zijlstra
2017-10-30 6:44 ` [migration_cpu_stop] WARNING: CPU: 0 PID: 11 at arch/x86/kernel/smp.c:128 native_smp_send_reschedule+0x69/0x9e Fengguang Wu
2017-10-30 7:00 ` [haswell_crtc_enable] WARNING: CPU: 3 PID: 109 at drivers/gpu/drm/drm_vblank.c:1066 drm_wait_one_vblank+0x18f/0x1a0 [drm] Fengguang Wu
2017-10-30 19:10 ` Linus Torvalds
2017-10-30 20:03 ` [Intel-gfx] " Rodrigo Vivi
2017-10-30 23:17 ` Fengguang Wu
2017-10-30 20:18 ` Fengguang Wu
2017-10-30 7:20 ` [btrfs] WARNING: CPU: 0 PID: 6379 at fs/direct-io.c:293 dio_complete+0x1d4/0x220 Fengguang Wu
2017-10-30 7:44 ` Eryu Guan
2017-10-31 0:10 ` Fengguang Wu
2017-10-31 6:54 ` Eryu Guan
2017-10-31 7:10 ` Fengguang Wu
2017-11-06 1:13 ` Eric Biggers
2017-11-13 19:13 ` Eric Biggers
2017-11-13 19:16 ` Jens Axboe
2017-11-13 19:21 ` Linus Torvalds
2017-11-13 21:56 ` Darrick J. Wong
2017-11-13 22:01 ` Linus Torvalds
2017-11-14 17:17 ` Theodore Ts'o
2017-10-31 15:13 ` Filipe Manana
2017-10-30 7:35 ` [locking/paravirt] static_key_disable_cpuslocked(): static key 'virt_spin_lock_key+0x0/0x20' used before call to jump_label_init() Fengguang Wu
2017-10-30 7:47 ` Juergen Gross
2017-10-30 8:38 ` Fengguang Wu
2017-10-30 9:56 ` Fengguang Wu
2017-10-30 8:43 ` Dou Liyang
2017-10-30 7:40 ` [pmem_attach_disk] WARNING: CPU: 46 PID: 518 at kernel/memremap.c:363 devm_memremap_pages+0x350/0x4b0 Fengguang Wu
2017-10-30 15:59 ` Dan Williams
2017-10-31 0:00 ` Fengguang Wu
2017-10-31 0:24 ` Dan Williams
2017-10-31 7:08 ` Fengguang Wu
2017-11-12 0:15 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFy2c88wKndjRAds-3MZ+MsArGBySOog+Rxmd2AciGFGkA@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=bp@suse.de \
--cc=fengguang.wu@intel.com \
--cc=gong.chen@linux.intel.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rjw@rjwysocki.net \
--cc=tbaicar@codeaurora.org \
--cc=tony.luck@intel.com \
--cc=will.deacon@arm.com \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).