lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  2 Mar 2020 13:44:55 +0000
From:   Chris Wilson <chris@...is-wilson.co.uk>
To:     linux-rtc@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org,
        Chris Wilson <chris@...is-wilson.co.uk>,
        Zhang Rui <rui.zhang@...el.com>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        Alessandro Zummo <a.zummo@...ertech.it>, stable@...r.kernel.org
Subject: [PATCH] rtc/cmos: Protect rtc_lock from interrupts

cmos_interrrupt() is called directly on resume paths, and by the
irqhandler. It currently assumes that it can only be invoked directly
from a hardirq, and so leads to the lockdep splat:

<4>[  259.166718] WARNING: inconsistent lock state
<4>[  259.166725] 5.6.0-rc3-CI-CI_DRM_8038+ #1 Tainted: G     U
<4>[  259.166727] --------------------------------
<4>[  259.166731] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
<4>[  259.166741] rtcwake/4221 [HC0[0]:SC0[0]:HE1:SE1] takes:
<4>[  259.166745] ffffffff82635198 (rtc_lock){?...}, at: cmos_interrupt+0x18/0x100
<4>[  259.166768] {IN-HARDIRQ-W} state was registered at:
<4>[  259.166780]   lock_acquire+0xa7/0x1c0
<4>[  259.166790]   _raw_spin_lock+0x2a/0x40
<4>[  259.166799]   cmos_interrupt+0x18/0x100
<4>[  259.166808]   rtc_handler+0x75/0xc0
<4>[  259.166822]   acpi_ev_fixed_event_detect+0xf9/0x132
<4>[  259.166829]   acpi_ev_sci_xrupt_handler+0xb/0x28
<4>[  259.166838]   acpi_irq+0x13/0x30
<4>[  259.166849]   __handle_irq_event_percpu+0x41/0x2c0
<4>[  259.166859]   handle_irq_event_percpu+0x2b/0x70
<4>[  259.166868]   handle_irq_event+0x2f/0x50
<4>[  259.166875]   handle_fasteoi_irq+0x8e/0x150
<4>[  259.166883]   do_IRQ+0x7e/0x160
<4>[  259.166891]   ret_from_intr+0x0/0x35
<4>[  259.166898]   mwait_idle+0x7e/0x200
<4>[  259.166905]   do_idle+0x1bb/0x260
<4>[  259.166912]   cpu_startup_entry+0x14/0x20
<4>[  259.166921]   start_secondary+0x15f/0x1b0
<4>[  259.166929]   secondary_startup_64+0xa4/0xb0
<4>[  259.167264] irq event stamp: 41593
<4>[  259.167275] hardirqs last  enabled at (41593): [<ffffffff81a394e7>] _raw_spin_unlock_irqrestore+0x47/0x60
<4>[  259.167285] hardirqs last disabled at (41592): [<ffffffff81a3926d>] _raw_spin_lock_irqsave+0xd/0x50
<4>[  259.167296] softirqs last  enabled at (41568): [<ffffffff81e00385>] __do_softirq+0x385/0x47f
<4>[  259.167306] softirqs last disabled at (41561): [<ffffffff810babaa>] irq_exit+0xba/0xc0
<4>[  259.167309]
                  other info that might help us debug this:
<4>[  259.167312]  Possible unsafe locking scenario:

<4>[  259.167314]        CPU0
<4>[  259.167316]        ----
<4>[  259.167319]   lock(rtc_lock);
<4>[  259.167324]   <Interrupt>
<4>[  259.167326]     lock(rtc_lock);
<4>[  259.167332]
                   *** DEADLOCK ***

<4>[  259.167337] 6 locks held by rtcwake/4221:
<4>[  259.167665]  #0: ffff888175e89408 (sb_writers#5){.+.+}, at: vfs_write+0x1a4/0x1d0
<4>[  259.167687]  #1: ffff88816e112080 (&of->mutex){+.+.}, at: kernfs_fop_write+0xdd/0x1b0
<4>[  259.167706]  #2: ffff888179be85e0 (kn->count#236){.+.+}, at: kernfs_fop_write+0xe6/0x1b0
<4>[  259.167728]  #3: ffffffff82641e00 (system_transition_mutex){+.+.}, at: pm_suspend+0xb3/0x3b0
<4>[  259.167748]  #4: ffffffff826b3ea0 (acpi_scan_lock){+.+.}, at: acpi_suspend_begin+0x47/0x80
<4>[  259.167763]  #5: ffff888178f6b960 (&dev->mutex){....}, at: device_resume+0x92/0x1c0
<4>[  259.167778]
                  stack backtrace:
<4>[  259.167788] CPU: 1 PID: 4221 Comm: rtcwake Tainted: G     U            5.6.0-rc3-CI-CI_DRM_8038+ #1
<4>[  259.168106] Hardware name: Google Soraka/Soraka, BIOS MrChromebox-4.10 08/25/2019
<4>[  259.168110] Call Trace:
<4>[  259.168123]  dump_stack+0x71/0x9b
<4>[  259.168133]  mark_lock+0x49a/0x500
<4>[  259.168457]  ? print_shortest_lock_dependencies+0x200/0x200
<4>[  259.168469]  __lock_acquire+0x6d4/0x15d0
<4>[  259.168479]  ? __lock_acquire+0x460/0x15d0
<4>[  259.168490]  lock_acquire+0xa7/0x1c0
<4>[  259.168500]  ? cmos_interrupt+0x18/0x100
<4>[  259.168824]  _raw_spin_lock+0x2a/0x40
<4>[  259.168834]  ? cmos_interrupt+0x18/0x100
<4>[  259.168843]  cmos_interrupt+0x18/0x100
<4>[  259.169159]  cmos_resume+0x1fd/0x290
<4>[  259.169174]  ? __acpi_pm_set_device_wakeup+0x24/0x100
<4>[  259.169498]  pnp_bus_resume+0x5e/0x90
<4>[  259.169509]  ? pnp_bus_suspend+0x10/0x10
<4>[  259.169518]  dpm_run_callback+0x64/0x280
<4>[  259.169530]  device_resume+0xd4/0x1c0
<4>[  259.169540]  ? dpm_watchdog_set+0x60/0x60
<4>[  259.169860]  dpm_resume+0x106/0x410
<4>[  259.169870]  ? dpm_resume_early+0x38c/0x3e0
<4>[  259.169881]  dpm_resume_end+0x8/0x10
<4>[  259.170195]  suspend_devices_and_enter+0x16f/0xbe0
<4>[  259.170211]  ? rcu_read_lock_sched_held+0x4d/0x80
<4>[  259.170528]  pm_suspend+0x344/0x3b0
<4>[  259.170542]  state_store+0x78/0xe0
<4>[  259.170559]  kernfs_fop_write+0x112/0x1b0
<4>[  259.170579]  vfs_write+0xb9/0x1d0
<4>[  259.170896]  ksys_write+0x9f/0xe0
<4>[  259.170907]  do_syscall_64+0x4f/0x220
<4>[  259.170918]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[  259.171229] RIP: 0033:0x7f9b4f3cb154
<4>[  259.171240] Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 b1 07 2e 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5
<4>[  259.171245] RSP: 002b:00007ffc057ce438 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
<4>[  259.171253] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f9b4f3cb154
<4>[  259.171257] RDX: 0000000000000004 RSI: 000055f4b3d185a0 RDI: 000000000000000a
<4>[  259.171572] RBP: 000055f4b3d185a0 R08: 000055f4b3d165e0 R09: 00007f9b4fab7740
<4>[  259.171576] R10: 000055f4b3d14010 R11: 0000000000000246 R12: 000055f4b3d16500
<4>[  259.171580] R13: 0000000000000004 R14: 00007f9b4f6a32a0 R15: 00007f9b4f6a2760

Fixes: c6d3a278cc12 ("rtc: cmos: acknowledge ACPI driven wake alarms upon resume")
Fixes: 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET")
Signed-off-by: Chris Wilson <chris@...is-wilson.co.uk>
Cc: Zhang Rui <rui.zhang@...el.com>
Cc: Alexandre Belloni <alexandre.belloni@...tlin.com>
Cc: Alessandro Zummo <a.zummo@...ertech.it>
Cc: <stable@...r.kernel.org> # v4.18+
---
 drivers/rtc/rtc-cmos.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index b795fe4cbd2e..7754225c6f9d 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -651,8 +651,9 @@ static irqreturn_t cmos_interrupt(int irq, void *p)
 {
 	u8		irqstat;
 	u8		rtc_control;
+	unsigned long	flags;
 
-	spin_lock(&rtc_lock);
+	spin_lock_irqsave(&rtc_lock, flags);
 
 	/* When the HPET interrupt handler calls us, the interrupt
 	 * status is passed as arg1 instead of the irq number.  But
@@ -686,7 +687,7 @@ static irqreturn_t cmos_interrupt(int irq, void *p)
 			hpet_mask_rtc_irq_bit(RTC_AIE);
 		CMOS_READ(RTC_INTR_FLAGS);
 	}
-	spin_unlock(&rtc_lock);
+	spin_unlock_irqrestore(&rtc_lock, flags);
 
 	if (is_intr(irqstat)) {
 		rtc_update_irq(p, 1, irqstat);
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ