lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20100504022142.1eb653da.gknispel@proformatique.com>
Date:	Tue, 4 May 2010 02:21:42 +0200
From:	Guillaume Knispel <gknispel@...formatique.com>
To:	linux-kernel@...r.kernel.org, Linuxppc-dev@...ts.ozlabs.org
Cc:	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	Guillaume Knispel <gknispel@...formatique.com>,
	Haavard Skinnemoen <hskinnemoen@...el.com>,
	Ingo Molnar <mingo@...e.hu>,
	Lars-Peter Clausen <lars@...afoo.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Randy Dunlap <randy.dunlap@...cle.com>,
	Russell King <linux@....linux.org.uk>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: [PATCHv2 1/2] genirq: reliably replay pending edge-triggered irq

The following can happen:

CPU 1                           CPU 2
disable_irq():                  handle_edge_irq():
LOCK desc->lock (irqsave)
desc->status |= IRQ_DISABLED;
desc->chip->disable(irq);/*1*/
UNLOCK desc->lock (irqrestore)
                                LOCK desc->lock
                                desc->status |= (IRQ_PENDING
                                                 | IRQ_MASKED);
                                mask_ack_irq(desc, irq);
                                UNLOCK desc->lock

NOTE /*1*/: ->disable can point to default_disable().
Since commit:
 76d2160147f43f982dfe881404cfde9fd0a9da21
 genirq: do not mask interrupts by default
the delayed interrupt disable mechanism has been activated for every
user of default_disable() -- which used to mask the interrupt at
controller level before and is now a noop.  The sequence describing a
race above will now indeed happen if an interrupt event occurs at any
time between the effective disable_irq() and the next effective
enable_irq().

Also note that even if ->disable does a masking, a similar race
can indeed happen even on a monoprocessor system if an interrupt event
occurs before just before the masking.

In order to avoid interrupt loss, an IRQ_PENDING interrupt must be
replayed when enable_irq() is called (or immediately after).

This replay (implemented in kernel/irq/resend.c) used to be reliable
only if:

  * the interrupt controller driver implements a reliable retrigger()
    callback

       or

  * CONFIG_HARDIRQS_SW_RESEND is defined (in this case the flow handler
    can be executed in a tasklet running resend_irqs() )

So CONFIG_HARDIRQS_SW_RESEND was meant to be set on plateforms where it
exists a risk that edge interrupts are used on an interrupt controller
that does not support hard retrigger (or at least not reliably).

But CONFIG_HARDIRQS_SW_RESEND was only defined on arm and avr32
architectures, and other architectures exist which can have controllers
without a reliable retrigger(). Some examples:
 * arch/powerpc/sysdev/cpm2.c arch/powerpc/sysdev/ipic.c
 * arch/blackfin/mach-common/ints-priority.c
 * arch/mips/alchemy/common/irq.c
 * ...

With the present change, resend_irqs() is unconditionally built, so
that edge-triggered interrupts can not be lost.
The CONFIG_HARDIRQS_SW_RESEND option is not used anymore.

See http://lkml.org/lkml/2010/4/19/129 for the first discussion about
this problem.

Signed-off-by: Guillaume Knispel <gknispel@...formatique.com>
CC: linux-kernel@...r.kernel.org
CC: Linuxppc-dev@...ts.ozlabs.org
CC: Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
CC: Benjamin Herrenschmidt <benh@...nel.crashing.org>
CC: Haavard Skinnemoen <hskinnemoen@...el.com>
CC: Ingo Molnar <mingo@...e.hu>
CC: Lars-Peter Clausen <lars@...afoo.de>
CC: Linus Torvalds <torvalds@...ux-foundation.org>
CC: Peter Zijlstra <peterz@...radead.org>
CC: Randy Dunlap <randy.dunlap@...cle.com>
CC: Russell King <linux@....linux.org.uk>
CC: Thomas Gleixner <tglx@...utronix.de>
---
 kernel/irq/resend.c |    6 ------
 1 files changed, 0 insertions(+), 6 deletions(-)

diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c
index 090c376..3b20ce1 100644
--- a/kernel/irq/resend.c
+++ b/kernel/irq/resend.c
@@ -20,8 +20,6 @@
 
 #include "internals.h"
 
-#ifdef CONFIG_HARDIRQS_SW_RESEND
-
 /* Bitmap to handle software resend of interrupts: */
 static DECLARE_BITMAP(irqs_resend, NR_IRQS);
 
@@ -46,8 +44,6 @@ static void resend_irqs(unsigned long arg)
 /* Tasklet to handle resend: */
 static DECLARE_TASKLET(resend_tasklet, resend_irqs, 0);
 
-#endif
-
 /*
  * IRQ resend
  *
@@ -71,11 +67,9 @@ void check_irq_resend(struct irq_desc *desc, unsigned int irq)
 		desc->status = (status & ~IRQ_PENDING) | IRQ_REPLAY;
 
 		if (!desc->chip->retrigger || !desc->chip->retrigger(irq)) {
-#ifdef CONFIG_HARDIRQS_SW_RESEND
 			/* Set it pending and activate the softirq: */
 			set_bit(irq, irqs_resend);
 			tasklet_schedule(&resend_tasklet);
-#endif
 		}
 	}
 }
-- 
1.6.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ