lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250513224402.864767-3-briannorris@chromium.org>
Date: Tue, 13 May 2025 15:42:38 -0700
From: Brian Norris <briannorris@...omium.org>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Douglas Anderson <dianders@...omium.org>,
	Tsai Sung-Fu <danielsftsai@...gle.com>,
	linux-kernel@...r.kernel.org,
	Brian Norris <briannorris@...omium.org>
Subject: [PATCH 2/2] genirq: Retain disable depth across irq shutdown/startup

If an IRQ is shut down and restarted while it was already disabled, its
depth is clobbered and reset to 0. This can produce unexpected results,
as:
1) the consuming driver probably expected it to stay disabled and
2) the kernel starts complaining about "Unbalanced enable for IRQ N" the
   next time the consumer calls enable_irq()

This problem can occur especially for affinity-managed IRQs that are
already disabled before CPU hotplug. I captured these failures in kunit
tests irq_shutdown_depth_test and irq_cpuhotplug_test.

Perform a naive increment/decrement instead of clobbering the count to
0/1.

Tested via kunit:

  tools/testing/kunit/kunit.py run 'irq_test_cases*' --arch x86_64 --qemu_args '-smp 2'

Signed-off-by: Brian Norris <briannorris@...omium.org>
---
I'm not very confident this is a fully correct fix, as I'm not sure I've
grokked all the startup/shutdown logic in the IRQ core. This probably
serves better as an example method to pass the tests in patch 1.

 kernel/irq/chip.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
index 36cf1b09cc84..cc6d2220ceae 100644
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -272,7 +272,9 @@ int irq_startup(struct irq_desc *desc, bool resend, bool force)
 	const struct cpumask *aff = irq_data_get_affinity_mask(d);
 	int ret = 0;
 
-	desc->depth = 0;
+	desc->depth--;
+	if (desc->depth)
+		return 0;
 
 	if (irqd_is_started(d)) {
 		irq_enable(desc);
@@ -290,6 +292,7 @@ int irq_startup(struct irq_desc *desc, bool resend, bool force)
 			ret = __irq_startup(desc);
 			break;
 		case IRQ_STARTUP_ABORT:
+			desc->depth++;
 			irqd_set_managed_shutdown(d);
 			return 0;
 		}
@@ -322,7 +325,7 @@ void irq_shutdown(struct irq_desc *desc)
 {
 	if (irqd_is_started(&desc->irq_data)) {
 		clear_irq_resend(desc);
-		desc->depth = 1;
+		desc->depth++;
 		if (desc->irq_data.chip->irq_shutdown) {
 			desc->irq_data.chip->irq_shutdown(&desc->irq_data);
 			irq_state_set_disabled(desc);
-- 
2.49.0.1045.g170613ef41-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ