lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200903165306.GA312784@xps15>
Date:   Thu, 3 Sep 2020 10:53:06 -0600
From:   Mathieu Poirier <mathieu.poirier@...aro.org>
To:     Tingwei Zhang <tingwei@...eaurora.org>
Cc:     Suzuki K Poulose <suzuki.poulose@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Mike Leach <mike.leach@...aro.org>, tsoni@...eaurora.org,
        Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>,
        Mao Jinlong <jinlmao@...eaurora.org>,
        coresight@...ts.linaro.org, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] coresight: cti: write regsiters directly in
 cti_enable_hw()

On Tue, Sep 01, 2020 at 02:33:09PM +0800, Tingwei Zhang wrote:
> Deadlock as below is triggered by one CPU holds drvdata->spinlock
> and calls cti_enable_hw(). Smp_call_function_single() is called
> in cti_enable_hw() and tries to let another CPU write CTI registers.
> That CPU is trying to get drvdata->spinlock in cti_cpu_pm_notify()
> and doesn't response to IPI from smp_call_function_single().
> 
> [  988.335937] CPU: 6 PID: 10258 Comm: sh Tainted: G        W    L
> 5.8.0-rc6-mainline-16783-gc38daa79b26b-dirty #1
> [  988.346364] Hardware name: Thundercomm Dragonboard 845c (DT)
> [  988.352073] pstate: 20400005 (nzCv daif +PAN -UAO BTYPE=--)
> [  988.357689] pc : smp_call_function_single+0x158/0x1b8
> [  988.362782] lr : smp_call_function_single+0x124/0x1b8
> ...
> [  988.451638] Call trace:
> [  988.454119]  smp_call_function_single+0x158/0x1b8
> [  988.458866]  cti_enable+0xb4/0xf8 [coresight_cti]
> [  988.463618]  coresight_control_assoc_ectdev+0x6c/0x128 [coresight]
> [  988.469855]  coresight_enable+0x1f0/0x364 [coresight]
> [  988.474957]  enable_source_store+0x5c/0x9c [coresight]
> [  988.480140]  dev_attr_store+0x14/0x28
> [  988.483839]  sysfs_kf_write+0x38/0x4c
> [  988.487532]  kernfs_fop_write+0x1c0/0x2b0
> [  988.491585]  vfs_write+0xfc/0x300
> [  988.494931]  ksys_write+0x78/0xe0
> [  988.498283]  __arm64_sys_write+0x18/0x20
> [  988.502240]  el0_svc_common+0x98/0x160
> [  988.506024]  do_el0_svc+0x78/0x80
> [  988.509377]  el0_sync_handler+0xd4/0x270
> [  988.513337]  el0_sync+0x164/0x180
> 
> This change write CTI registers directly in cti_enable_hw().
> Config->hw_powered has been checked to be true with spinlock holded.
> CTI is powered and can be programmed until spinlock is released.
> 
> Fixes: 6a0953ce7de9 ("coresight: cti: Add CPU idle pm notifer to CTI devices")
> Signed-off-by: Tingwei Zhang <tingwei@...eaurora.org>
> ---
>  drivers/hwtracing/coresight/coresight-cti.c | 24 +++++----------------
>  1 file changed, 5 insertions(+), 19 deletions(-)
> 
> diff --git a/drivers/hwtracing/coresight/coresight-cti.c b/drivers/hwtracing/coresight/coresight-cti.c
> index c4e9cc7034ab..d04181c12a7f 100644
> --- a/drivers/hwtracing/coresight/coresight-cti.c
> +++ b/drivers/hwtracing/coresight/coresight-cti.c
> @@ -86,22 +86,16 @@ void cti_write_all_hw_regs(struct cti_drvdata *drvdata)
>  	CS_LOCK(drvdata->base);
>  }
>  
> -static void cti_enable_hw_smp_call(void *info)
> -{
> -	struct cti_drvdata *drvdata = info;
> -
> -	cti_write_all_hw_regs(drvdata);
> -}
> -
>  /* write regs to hardware and enable */
>  static int cti_enable_hw(struct cti_drvdata *drvdata)
>  {
>  	struct cti_config *config = &drvdata->config;
>  	struct device *dev = &drvdata->csdev->dev;
>  	int rc = 0;
> +	unsigned long flags;

I have moved this line before "int rc = 0;" and applied your patch.

Thanks,
Mathieu


>  
>  	pm_runtime_get_sync(dev->parent);
> -	spin_lock(&drvdata->spinlock);
> +	spin_lock_irqsave(&drvdata->spinlock, flags);
>  
>  	/* no need to do anything if enabled or unpowered*/
>  	if (config->hw_enabled || !config->hw_powered)
> @@ -112,19 +106,11 @@ static int cti_enable_hw(struct cti_drvdata *drvdata)
>  	if (rc)
>  		goto cti_err_not_enabled;
>  
> -	if (drvdata->ctidev.cpu >= 0) {
> -		rc = smp_call_function_single(drvdata->ctidev.cpu,
> -					      cti_enable_hw_smp_call,
> -					      drvdata, 1);
> -		if (rc)
> -			goto cti_err_not_enabled;
> -	} else {
> -		cti_write_all_hw_regs(drvdata);
> -	}
> +	cti_write_all_hw_regs(drvdata);
>  
>  	config->hw_enabled = true;
>  	atomic_inc(&drvdata->config.enable_req_count);
> -	spin_unlock(&drvdata->spinlock);
> +	spin_unlock_irqrestore(&drvdata->spinlock, flags);
>  	return rc;
>  
>  cti_state_unchanged:
> @@ -132,7 +118,7 @@ static int cti_enable_hw(struct cti_drvdata *drvdata)
>  
>  	/* cannot enable due to error */
>  cti_err_not_enabled:
> -	spin_unlock(&drvdata->spinlock);
> +	spin_unlock_irqrestore(&drvdata->spinlock, flags);
>  	pm_runtime_put(dev->parent);
>  	return rc;
>  }
> -- 
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ