lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1463779324-12225-1-git-send-email-kamatam@amazon.com>
Date:	Fri, 20 May 2016 14:22:04 -0700
From:	Munehisa Kamata <kamatam@...zon.com>
To:	boris.ostrovsky@...cle.com, david.vrabel@...rix.com
Cc:	Munehisa Kamata <kamatam@...zon.com>,
	xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, Matt Wilson <msw@...zon.com>
Subject: [Xen-devel][PATCH] xen/events: don't migrate disabled IRQs

Commit ff1e22e7a638 ("xen/events: Mask a moving irq") introduced
a crash below. This can be triggered after being resumed from suspend
 (e.g. live migration) if there are disabled IRQs with
IRQD_SETAFFINITY_PENDING set.

kernel BUG at kernel/irq/migration.c:31!
...
CPU: 0 PID: 9 Comm: migration/0 Tainted: G            E   4.4.8 #1
Hardware name: Xen HVM domU, BIOS 4.2.amazon 04/04/2016
task: ffff880206200000 ti: ffff880206208000 task.ti: ffff880206208000
RIP: 0010:[<ffffffff810c13e9>]  [<ffffffff810c13e9>] irq_move_masked_irq+0xd9/0xf0
RSP: 0018:ffff88020620bc88  EFLAGS: 00010046
...
Call Trace:
 [<ffffffff81355877>] eoi_pirq+0xa7/0xd0
 [<ffffffff81355a07>] __startup_pirq+0xd7/0x140
 [<ffffffff81356f77>] xen_irq_resume+0x2c7/0x330
 [<ffffffff81354a66>] xen_suspend+0x86/0x140
 [<ffffffff810f9a83>] multi_cpu_stop+0xb3/0xe0
 [<ffffffff810f99d0>] ? cpu_stop_queue_work+0x80/0x80
 [<ffffffff810f9caa>] cpu_stopper_thread+0x7a/0x110
 [<ffffffff81092292>] ? finish_task_switch+0x72/0x1d0
 [<ffffffff810b2c51>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
 [<ffffffff8108d44f>] smpboot_thread_fn+0x10f/0x170
 [<ffffffff8108d340>] ? sort_range+0x30/0x30
 [<ffffffff8108a039>] kthread+0xc9/0xe0
 [<ffffffff81089f70>] ? kthread_park+0x60/0x60
 [<ffffffff814d700f>] ret_from_fork+0x3f/0x70
 [<ffffffff81089f70>] ? kthread_park+0x60/0x60

The pending state may last until being suspended, because some IRQs may
show no activities after their affinity settings have been changed.

This change don't let ACK and EOI handlers of xen-pirq and xen-dyn chips
try to migrate disabled IRQs to avoid the BUG in that situation.

Fixes: ff1e22e7a638 ("xen/events: Mask a moving irq")
Reported-and-tested-by: Guilherme Wuensch Manika <gmanika@...zon.de>
To: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: David Vrabel <david.vrabel@...rix.com>
Cc: xen-devel@...ts.xenproject.org
Cc: linux-kernel@...r.kernel.org
Cc: stable@...r.kernel.org
Cc: Matt Wilson <msw@...zon.com>
Signed-off-by: Munehisa Kamata <kamatam@...zon.com>
---
 drivers/xen/events/events_base.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index cb7138c..be8410f 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -487,7 +487,8 @@ static void eoi_pirq(struct irq_data *data)
 	if (!VALID_EVTCHN(evtchn))
 		return;
 
-	if (unlikely(irqd_is_setaffinity_pending(data))) {
+	if (unlikely(irqd_is_setaffinity_pending(data) &&
+		!irqd_irq_disabled(data))) {
 		int masked = test_and_set_mask(evtchn);
 
 		clear_evtchn(evtchn);
@@ -1370,7 +1371,8 @@ static void ack_dynirq(struct irq_data *data)
 	if (!VALID_EVTCHN(evtchn))
 		return;
 
-	if (unlikely(irqd_is_setaffinity_pending(data))) {
+	if (unlikely(irqd_is_setaffinity_pending(data) &&
+		!irqd_irq_disabled(data))) {
 		int masked = test_and_set_mask(evtchn);
 
 		clear_evtchn(evtchn);
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ