lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c6c1694b-c5aa-4b1e-baef-c48546d28539@linux.dev>
Date: Mon, 15 Sep 2025 10:32:24 -0400
From: Sean Anderson <sean.anderson@...ux.dev>
To: Yeoreum Yun <yeoreum.yun@....com>
Cc: Leo Yan <leo.yan@....com>, Suzuki K Poulose <suzuki.poulose@....com>,
 coresight@...ts.linaro.org, linux-arm-kernel@...ts.infradead.org,
 Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
 Mike Leach <mike.leach@...aro.org>, Linu Cherian <lcherian@...vell.com>,
 James Clark <james.clark@...aro.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] coresight: Fix possible deadlock in coresight_panic_cb

On 9/13/25 00:30, Yeoreum Yun wrote:
> Hi,
> 
>> > Hi,
>> >
>> >> Hi Sean,
>> >>
>> >> On Thu, Sep 11, 2025 at 11:33:15AM -0400, Sean Anderson wrote:
>> >> > coresight_panic_cb is called with interrupts disabled during panics.
>> >> > However, bus_for_each_dev calls bus_to_subsys which takes
>> >> > bus_kset->list_lock without disabling IRQs. This will cause a deadlock
>> >> > if a panic occurs while one of the other coresight functions that uses
>> >> > bus_for_each_dev is running.
>> >>
>> >> The decription is a bit misleading. Even when IRQ is disabled, if an
>> >> exception happens, a CPU still can be trapped for handling kernel panic.
>> >>
>> >> > Maintain a separate list of coresight devices to access during a panic.
>> >>
>> >> Rather than maintaining a separate list and introducing a new spinlock,
>> >> I would argue if we can simply register panic notifier in TMC ETR and
>> >> ETF drviers (see tmc_panic_sync_etr() and tmc_panic_sync_etf()).
>> >>
>> >> If there is no dependency between CoreSight modules in panic sync flow,
>> >> it is not necessary to maintain list (and lock) for these modules.
>>
>> Yeah, I was thinking about this as I was preparing v2 of this patch.
>>
>> > +1 for this.
>> > and using the spinlock in the panic_cb doesn't work on PREEMPT_RT side.
>>
>> What do you mean by this? I am using lockdep and it did not warn about this,
>> so I assume that on PREEMPT_RT IRQs remain enabled in this path.
> 
> Hmm, I don't believe this.
> When you see the panic(), it explicitly disable irq.
> and preempt_disabled() before
> calling atomic_notifier_call_chain(&panic_notifier_list, 0, buf);
> 
> also, atomic_nofier_call_chain() is rcu critical section.
> 
> As you know, since the spinlock becomes sleepable lock in PREEMPT_RT
> this is problem.
> 
> The reason why lockdep doesn't report this problem since it was disabled
> before panic notifier chain by calling debug_locks_off();

Ah, that makes sense.

--Sean

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ