| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Sep 2022 07:02:27 +0200
From: Karolina Drobnik <karolina.drobnik@...el.com>
To: Lucas De Marchi <lucas.demarchi@...el.com>
CC: <intel-gfx@...ts.freedesktop.org>,
Gwan-gyeong Mun <gwan-gyeong.mun@...el.com>,
Yunfei Wang <yf.wang@...iatek.com>,
Ning Li <ning.li@...iatek.com>,
Robin Murphy <robin.murphy@....com>,
Miles Chen <miles.chen@...iatek.com>,
Joerg Roedel <jroedel@...e.de>, <iommu@...ts.linux.dev>,
<linux-kernel@...r.kernel.org>
Subject: Re: [topic/core-for-CI] Revert "iommu/dma: Fix race condition during
iova_domain initialization"
On 14.09.2022 17:01, Lucas De Marchi wrote:
> On Wed, Sep 14, 2022 at 02:40:45PM +0200, Karolina Drobnik wrote:
>> This reverts commit ac9a5d522bb80be50ea84965699e1c8257d745ce.
>>
>> This change introduces a regression on Alder Lake that completely
>> blocks testing. To enable CI and avoid possible circular locking
>> warning, revert the patch.
>
> We are already on rc5. Are iommu authors involved aware of this issue?
> We could do this in our "for CI only" branch, but it's equally important
> that this is fixed for 6.0
I planned to reach out to them after merging this revert on "CI only"
branch (hence the topic tag) with more justification. And yes, I'm fully
aware we're quite late in the cycle, so that's also why I went with this
patch first.
Many thanks,
Karolina
> Cc'ing them.
>
> thanks
> Lucas De Marchi
>
>>
>> kernel log:
>>
>> ======================================================
>> WARNING: possible circular locking dependency detected
>> 6.0.0-rc5-CI_DRM_12132-g6c93e979e542+ #1 Not tainted
>> ------------------------------------------------------
>> cpuhp/0/15 is trying to acquire lock:
>> ffff8881013df278 (&(&priv->bus_notifier)->rwsem){++++}-{3:3}, at:
>> blocking_notifier_call_chain+0x20/0x50
>> but task is already holding lock:
>> ffffffff826490c0 (cpuhp_state-up){+.+.}-{0:0}, at:
>> cpuhp_thread_fun+0x48/0x1f0
>> which lock already depends on the new loc
>> the existing dependency chain (in reverse order) is:
>> -> #3 (cpuhp_state-up){+.+.}-{0:0}:
>> lock_acquire+0xd3/0x310
>> cpuhp_thread_fun+0xa6/0x1f0
>> smpboot_thread_fn+0x1b5/0x260
>> kthread+0xed/0x120
>> ret_from_fork+0x1f/0x30
>> -> #2 (cpu_hotplug_lock){++++}-{0:0}:
>> lock_acquire+0xd3/0x310
>> __cpuhp_state_add_instance+0x43/0x1c0
>> iova_domain_init_rcaches+0x199/0x1c0
>> iommu_setup_dma_ops+0x130/0x440
>> bus_iommu_probe+0x26a/0x2d0
>> bus_set_iommu+0x82/0xd0
>> intel_iommu_init+0xe33/0x1039
>> pci_iommu_init+0x9/0x31
>> do_one_initcall+0x53/0x2f0
>> kernel_init_freeable+0x18f/0x1e1
>> kernel_init+0x11/0x120
>> ret_from_fork+0x1f/0x30
>> -> #1 (&domain->iova_cookie->mutex){+.+.}-{3:3}:
>> lock_acquire+0xd3/0x310
>> __mutex_lock+0x97/0xf10
>> iommu_setup_dma_ops+0xd7/0x440
>> iommu_probe_device+0xa4/0x180
>> iommu_bus_notifier+0x2d/0x40
>> notifier_call_chain+0x31/0x90
>> blocking_notifier_call_chain+0x3a/0x50
>> device_add+0x3c1/0x900
>> pci_device_add+0x255/0x580
>> pci_scan_single_device+0xa6/0xd0
>> pci_scan_slot+0x7a/0x1b0
>> pci_scan_child_bus_extend+0x35/0x2a0
>> vmd_probe+0x5cd/0x970
>> pci_device_probe+0x95/0x110
>> really_probe+0xd6/0x350
>> __driver_probe_device+0x73/0x170
>> driver_probe_device+0x1a/0x90
>> __driver_attach+0xbc/0x190
>> bus_for_each_dev+0x72/0xc0
>> bus_add_driver+0x1bb/0x210
>> driver_register+0x66/0xc0
>> do_one_initcall+0x53/0x2f0
>> kernel_init_freeable+0x18f/0x1e1
>> kernel_init+0x11/0x120
>> ret_from_fork+0x1f/0x30
>> -> #0 (&(&priv->bus_notifier)->rwsem){++++}-{3:3}:
>> validate_chain+0xb3f/0x2000
>> __lock_acquire+0x5a4/0xb70
>> lock_acquire+0xd3/0x310
>> down_read+0x39/0x140
>> blocking_notifier_call_chain+0x20/0x50
>> device_add+0x3c1/0x900
>> platform_device_add+0x108/0x240
>> coretemp_cpu_online+0xe1/0x15e [coretemp]
>> cpuhp_invoke_callback+0x181/0x8a0
>> cpuhp_thread_fun+0x188/0x1f0
>> smpboot_thread_fn+0x1b5/0x260
>> kthread+0xed/0x120
>> ret_from_fork+0x1f/0x30
>> other info that might help us debug thi
>> Chain exists of &(&priv->bus_notifier)->rwsem -->
>> cpu_hotplug_lock --> cpuhp_state-
>> Possible unsafe locking scenari
>> CPU0 CPU1
>> ---- ----
>> lock(cpuhp_state-up);
>> lock(cpu_hotplug_lock);
>> lock(cpuhp_state-up);
>> lock(&(&priv->bus_notifier)->rwsem);
>> *** DEADLOCK *
>> 2 locks held by cpuhp/0/15:
>> #0: ffffffff82648f10 (cpu_hotplug_lock){++++}-{0:0}, at:
>> cpuhp_thread_fun+0x48/0x1f0
>> #1: ffffffff826490c0 (cpuhp_state-up){+.+.}-{0:0}, at:
>> cpuhp_thread_fun+0x48/0x1f0
>> stack backtrace:
>> CPU: 0 PID: 15 Comm: cpuhp/0 Not tainted
>> 6.0.0-rc5-CI_DRM_12132-g6c93e979e542+ #1
>> Hardware name: Intel Corporation Alder Lake Client
>> Platform/AlderLake-P DDR4 RVP, BIOS ADLPFWI1.R00.3135.A00.2203251419
>> 03/25/2022
>> Call Trace:
>> <TASK>
>> dump_stack_lvl+0x56/0x7f
>> check_noncircular+0x132/0x150
>> validate_chain+0xb3f/0x2000
>> __lock_acquire+0x5a4/0xb70
>> lock_acquire+0xd3/0x310
>> ? blocking_notifier_call_chain+0x20/0x50
>> down_read+0x39/0x140
>> ? blocking_notifier_call_chain+0x20/0x50
>> blocking_notifier_call_chain+0x20/0x50
>> device_add+0x3c1/0x900
>> ? dev_set_name+0x4e/0x70
>> platform_device_add+0x108/0x240
>> coretemp_cpu_online+0xe1/0x15e [coretemp]
>> ? create_core_data+0x550/0x550 [coretemp]
>> cpuhp_invoke_callback+0x181/0x8a0
>> cpuhp_thread_fun+0x188/0x1f0
>> ? smpboot_thread_fn+0x1e/0x260
>> smpboot_thread_fn+0x1b5/0x260
>> ? sort_range+0x20/0x20
>> kthread+0xed/0x120
>> ? kthread_complete_and_exit+0x20/0x20
>> ret_from_fork+0x1f/0x30
>> </TASK>
>>
>> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/6641
>>
>> Signed-off-by: Karolina Drobnik <karolina.drobnik@...el.com>
>> Cc: Lucas De Marchi <lucas.demarchi@...el.com>
>> ---
>> drivers/iommu/dma-iommu.c | 17 ++++-------------
>> 1 file changed, 4 insertions(+), 13 deletions(-)
>>
>> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
>> index 17dd683b2fce..9616b473e4c7 100644
>> --- a/drivers/iommu/dma-iommu.c
>> +++ b/drivers/iommu/dma-iommu.c
>> @@ -65,7 +65,6 @@ struct iommu_dma_cookie {
>>
>> /* Domain for flush queue callback; NULL if flush queue not in use */
>> struct iommu_domain *fq_domain;
>> - struct mutex mutex;
>> };
>>
>> static DEFINE_STATIC_KEY_FALSE(iommu_deferred_attach_enabled);
>> @@ -312,7 +311,6 @@ int iommu_get_dma_cookie(struct iommu_domain *domain)
>> if (!domain->iova_cookie)
>> return -ENOMEM;
>>
>> - mutex_init(&domain->iova_cookie->mutex);
>> return 0;
>> }
>>
>> @@ -563,33 +561,26 @@ static int iommu_dma_init_domain(struct
>> iommu_domain *domain, dma_addr_t base,
>> }
>>
>> /* start_pfn is always nonzero for an already-initialised domain */
>> - mutex_lock(&cookie->mutex);
>> if (iovad->start_pfn) {
>> if (1UL << order != iovad->granule ||
>> base_pfn != iovad->start_pfn) {
>> pr_warn("Incompatible range for DMA domain\n");
>> - ret = -EFAULT;
>> - goto done_unlock;
>> + return -EFAULT;
>> }
>>
>> - ret = 0;
>> - goto done_unlock;
>> + return 0;
>> }
>>
>> init_iova_domain(iovad, 1UL << order, base_pfn);
>> ret = iova_domain_init_rcaches(iovad);
>> if (ret)
>> - goto done_unlock;
>> + return ret;
>>
>> /* If the FQ fails we can simply fall back to strict mode */
>> if (domain->type == IOMMU_DOMAIN_DMA_FQ && iommu_dma_init_fq(domain))
>> domain->type = IOMMU_DOMAIN_DMA;
>>
>> - ret = iova_reserve_iommu_regions(dev, domain);
>> -
>> -done_unlock:
>> - mutex_unlock(&cookie->mutex);
>> - return ret;
>> + return iova_reserve_iommu_regions(dev, domain);
>> }
>>
>> /**
>> --
>> 2.25.1
>>
Powered by blists - more mailing lists