lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f25c58fe-55e3-490f-bfe4-34dee945d585@seco.com>
Date: Tue, 23 Jan 2024 16:24:59 -0500
From: Sean Anderson <sean.anderson@...o.com>
To: Li Yang <leoyang.li@....com>, linuxppc-dev@...ts.ozlabs.org,
 linux-arm-kernel@...ts.infradead.org
Cc: Roy Pledge <roy.pledge@....com>, Camelia Groza <camelia.groza@....com>,
 "David S . Miller" <davem@...emloft.net>,
 Claudiu Manoil <claudiu.manoil@....com>, linux-kernel@...r.kernel.org,
 Scott Wood <oss@...error.net>, Steffen Trumtrar <s.trumtrar@...gutronix.de>,
 stable@...r.kernel.org, Vladimir Oltean <vladimir.oltean@....com>
Subject: Re: [PATCH v4 2/2] soc: fsl: qbman: Use raw spinlock for cgr_lock

On 1/8/24 11:19, Sean Anderson wrote:
> cgr_lock may be locked with interrupts already disabled by
> smp_call_function_single. As such, we must use a raw spinlock to avoid
> problems on PREEMPT_RT kernels. Although this bug has existed for a
> while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust
> queue depth on rate change") which invokes smp_call_function_single via
> qman_update_cgr_safe every time a link goes up or down.
> 
> Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
> Reported-by: Vladimir Oltean <vladimir.oltean@....com>
> Closes: https://lore.kernel.org/all/20230323153935.nofnjucqjqnz34ej@skbuf/
> Reported-by: Steffen Trumtrar <s.trumtrar@...gutronix.de>
> Closes: https://lore.kernel.org/linux-arm-kernel/87wmsyvclu.fsf@pengutronix.de/
> Signed-off-by: Sean Anderson <sean.anderson@...o.com>
> Reviewed-by: Camelia Groza <camelia.groza@....com>
> Tested-by: Vladimir Oltean <vladimir.oltean@....com>
> ---
> Please backport these fixes when applied. This bug has been reported
> multiple times (see links above).
> 
> Changes in v4:
> - Add a note about how raw spinlocks aren't quite right
> 
> Changes in v3:
> - Change blamed commit to something more appropriate
> 
>  drivers/soc/fsl/qbman/qman.c | 25 ++++++++++++++-----------
>  1 file changed, 14 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c
> index 1bf1f1ea67f0..7e9074519ad2 100644
> --- a/drivers/soc/fsl/qbman/qman.c
> +++ b/drivers/soc/fsl/qbman/qman.c
> @@ -991,7 +991,7 @@ struct qman_portal {
>  	/* linked-list of CSCN handlers. */
>  	struct list_head cgr_cbs;
>  	/* list lock */
> -	spinlock_t cgr_lock;
> +	raw_spinlock_t cgr_lock;
>  	struct work_struct congestion_work;
>  	struct work_struct mr_work;
>  	char irqname[MAX_IRQNAME];
> @@ -1281,7 +1281,7 @@ static int qman_create_portal(struct qman_portal *portal,
>  		/* if the given mask is NULL, assume all CGRs can be seen */
>  		qman_cgrs_fill(&portal->cgrs[0]);
>  	INIT_LIST_HEAD(&portal->cgr_cbs);
> -	spin_lock_init(&portal->cgr_lock);
> +	raw_spin_lock_init(&portal->cgr_lock);
>  	INIT_WORK(&portal->congestion_work, qm_congestion_task);
>  	INIT_WORK(&portal->mr_work, qm_mr_process_task);
>  	portal->bits = 0;
> @@ -1456,11 +1456,14 @@ static void qm_congestion_task(struct work_struct *work)
>  	union qm_mc_result *mcr;
>  	struct qman_cgr *cgr;
>  
> -	spin_lock_irq(&p->cgr_lock);
> +	/*
> +	 * FIXME: QM_MCR_TIMEOUT is 10ms, which is too long for a raw spinlock!
> +	 */
> +	raw_spin_lock_irq(&p->cgr_lock);
>  	qm_mc_start(&p->p);
>  	qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);
>  	if (!qm_mc_result_timeout(&p->p, &mcr)) {
> -		spin_unlock_irq(&p->cgr_lock);
> +		raw_spin_unlock_irq(&p->cgr_lock);
>  		dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");
>  		qman_p_irqsource_add(p, QM_PIRQ_CSCI);
>  		return;
> @@ -1476,7 +1479,7 @@ static void qm_congestion_task(struct work_struct *work)
>  	list_for_each_entry(cgr, &p->cgr_cbs, node)
>  		if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))
>  			cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));
> -	spin_unlock_irq(&p->cgr_lock);
> +	raw_spin_unlock_irq(&p->cgr_lock);
>  	qman_p_irqsource_add(p, QM_PIRQ_CSCI);
>  }
>  
> @@ -2440,7 +2443,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
>  	preempt_enable();
>  
>  	cgr->chan = p->config->channel;
> -	spin_lock_irq(&p->cgr_lock);
> +	raw_spin_lock_irq(&p->cgr_lock);
>  
>  	if (opts) {
>  		struct qm_mcc_initcgr local_opts = *opts;
> @@ -2477,7 +2480,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
>  	    qman_cgrs_get(&p->cgrs[1], cgr->cgrid))
>  		cgr->cb(p, cgr, 1);
>  out:
> -	spin_unlock_irq(&p->cgr_lock);
> +	raw_spin_unlock_irq(&p->cgr_lock);
>  	put_affine_portal();
>  	return ret;
>  }
> @@ -2512,7 +2515,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
>  		return -EINVAL;
>  
>  	memset(&local_opts, 0, sizeof(struct qm_mcc_initcgr));
> -	spin_lock_irqsave(&p->cgr_lock, irqflags);
> +	raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
>  	list_del(&cgr->node);
>  	/*
>  	 * If there are no other CGR objects for this CGRID in the list,
> @@ -2537,7 +2540,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
>  		/* add back to the list */
>  		list_add(&cgr->node, &p->cgr_cbs);
>  release_lock:
> -	spin_unlock_irqrestore(&p->cgr_lock, irqflags);
> +	raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
>  	put_affine_portal();
>  	return ret;
>  }
> @@ -2577,9 +2580,9 @@ static int qman_update_cgr(struct qman_cgr *cgr, struct qm_mcc_initcgr *opts)
>  	if (!p)
>  		return -EINVAL;
>  
> -	spin_lock_irqsave(&p->cgr_lock, irqflags);
> +	raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
>  	ret = qm_modify_cgr(cgr, 0, opts);
> -	spin_unlock_irqrestore(&p->cgr_lock, irqflags);
> +	raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
>  	put_affine_portal();
>  	return ret;
>  }

ping

I'd like to get this in for 6.8.

Would it be more convenient for this to go via net?

--Sean

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ