lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 23 Jul 2015 13:25:33 +0200
From:	Michal Hocko <mhocko@...nel.org>
To:	Hidehiro Kawai <hidehiro.kawai.ez@...achi.com>
Cc:	Jonathan Corbet <corbet@....net>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...nel.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Vivek Goyal <vgoyal@...hat.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	x86@...nel.org, kexec@...ts.infradead.org,
	linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org
Subject: Re: [PATCH 0/3] x86: Fix panic vs. NMI issues

On Thu 23-07-15 19:11:03, Hidehiro Kawai wrote:
> Hi,
> 
> Thanks for the feedback.
> 
> (2015/07/23 17:25), Michal Hocko wrote:
> > Hi,
> > 
> > On Wed 22-07-15 11:14:21, Hidehiro Kawai wrote:
> >> When an HA cluster software or administrator detects non-response
> >> of a host, they issue an NMI to the host to completely stop current
> >> works and take a crash dump.  If the kernel has already panicked
> >> or is capturing a crash dump at that time, further NMI can cause
> >> a crash dump failure.
> >>
> >> To solve this issue, this patch set does two things:
> >>
> >> - Don't panic on NMI if the kernel has already panicked
> >> - Introduce "noextnmi" boot option which masks external NMI at the
> >>   boot time (supported only for x86)
> > 
> > I am currently debugging the same issue for our customer. Curiously
> > enough the issue happens on a Hitachi HW.
> 
> I found these issues by my white-box testing and source code
> reading.  So, they haven't happened on our customers yet, but
> possibly happen.
> 
> > I haven't posted my patch for an upstream review yet because I still
> > do not have a feedback but I believe your solution is unnecessarily
> > too complex. Unless I am missing something the following should be enough,
> > no?
> 
> Your patch solves some cases, but I think it wouldn't cover
> all cases where I want to solve.  How about the following cases?
> 
> 1) panic -> acquire panic_lock -> unknown NMI on this CPU ->
>    panic -> failed to acquire panic_lock -> infinite loop
> ==> no one processes kdump procedure. 

Ohh, I wasn't aware of panic_lock, 93e13a360ba3 ("kdump: fix
crash_kexec()/smp_send_stop() race in panic()") has been introduced in
3.3 and I was debugging this on 3.0 based kernel.

> 2) crash_kexec w/o entering panic -> acquire kexec_mutex ->
>    unknown NMI on this CPU -> panic -> crash_kexec ->
>    failed to acquire kexec_mutex -> return to panic -> smp_send_stop
> 
> Even if with your patch, case 2) causes infinite loop of
> try_crash_kexec and no one processes kdump procedure.

You are right - I have missed this case.
-- 
Michal Hocko
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ