lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 Mar 2009 10:45:34 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc:	David Brownell <david-b@...bell.net>,
	Andrew Morton <akpm@...ux-foundation.org>, me@...ipebalbi.com,
	linux-kernel@...r.kernel.org, linux-input@...r.kernel.org,
	felipe.balbi@...ia.com, dmitry.torokhov@...il.com,
	sameo@...nedhand.com, tglx@...utronix.de
Subject: Re: lockdep and threaded IRQs (was: ...)


* Peter Zijlstra <a.p.zijlstra@...llo.nl> wrote:

> On Mon, 2009-03-02 at 18:37 -0800, David Brownell wrote:
> > No.  But I did get a non-response that didn't include any
> > explanation, and relied totally on unfounded assertions
> > combined with the presumption that someday IRQF_DISABLED
> > will be forced on in all drivers.
> 
> Enabling IRQs in hardirq context is BAD because:
> 
>  - IRQ handler nesting leads to stack overflow
>  - It gives the false impression its OK for IRQ handlers to be slow,
>    it is _NOT_, as you still generate horrible preemption latency.
> 
> Therefore IRQF_DISABLED _will_ be forced on everybody some day 
> soon, and I'll provide an IRQF_ENABLED for use by broken 
> hardware only (and make a TAINT flag for that too).

Basically the problem why !IRQF_DISABLED is bad that if there 
are enough interrupt handlers we can get nesting like this:

  <irq 20>
  <handler runs with irqs enabled>
      <irq 21>
      <handler runs with irqs enabled>
          <irq 22>
          <handler runs with irqs enabled>
              <irq 23>
              <handler runs with irqs enabled>
                  <irq 24>
                  <handler runs with irqs enabled>

Suppose each handler gets interruped while it already used up 
1000 bytes of the stack (conservative estimation - often it's 
more) - the above sequence is already 5000 bytes into the stack.

There is no protection against stack overflow there and such 
bugs can be _very_ hard to trigger and find. If there's a 
sufficient number of devices and a high enough load it can 
trigger spuriously.

Yes, in a few limited embedded environments where you dont have 
more than 3-4 IRQ sources you might decide that it's safe to do 
(or you might decide that you dont care). Also, there's a few 
legacy pieces of hardware with either very long hw access 
latencies or too short buffers. Plus there might be any number 
of other hw factors - or architecture details (such as the use 
of separate per IRQ stacks) that limit IRQ handler parallelism 
in practice.

So we'll have the quirk flag for the weird cases - but these are 
the exceptions that strengthen the general rule. The concept of 
enabling interrupts in a hardirq handler is a no-no on a general 
purpose kernel and no modern driver should make use of it.

I hope this explains why lockdep never supported this case.

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ