2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-19 18:53:52 +08:00
linux-next/drivers/dma
Qi Hou a3ca831249 dmaengine: pl330: fix a race condition in case of threaded irqs
When booting up with "threadirqs" in command line, all irq handlers of the DMA
controller pl330 will be threaded forcedly. These threads will race for the same
list, pl330->req_done.

Before the callback, the spinlock was released. And after it, the spinlock was
taken. This opened an race window where another threaded irq handler could steal
the spinlock and be permitted to delete entries of the list, pl330->req_done.

If the later deleted an entry that was still referred to by the former, there would
be a kernel panic when the former was scheduled and tried to get the next sibling
of the deleted entry.

The scenario could be depicted as below:

  Thread: T1  pl330->req_done  Thread: T2
      |             |              |
      |          -A-B-C-D-         |
    Locked          |              |
      |             |           Waiting
    Del A           |              |
      |          -B-C-D-           |
    Unlocked        |              |
      |             |           Locked
    Waiting         |              |
      |             |            Del B
      |             |              |
      |           -C-D-         Unlocked
    Waiting         |              |
      |
    Locked
      |
   get C via B
      \
       - Kernel panic

The kernel panic looked like as below:

Unable to handle kernel paging request at virtual address dead000000000108
pgd = ffffff8008c9e000
[dead000000000108] *pgd=000000027fffe003, *pud=000000027fffe003, *pmd=0000000000000000
Internal error: Oops: 96000044 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 85 Comm: irq/59-66330000 Not tainted 4.8.24-WR9.0.0.12_standard #2
Hardware name: Broadcom NS2 SVK (DT)
task: ffffffc1f5cc3c00 task.stack: ffffffc1f5ce0000
PC is at pl330_irq_handler+0x27c/0x390
LR is at pl330_irq_handler+0x2a8/0x390
pc : [<ffffff80084cb694>] lr : [<ffffff80084cb6c0>] pstate: 800001c5
sp : ffffffc1f5ce3d00
x29: ffffffc1f5ce3d00 x28: 0000000000000140
x27: ffffffc1f5c530b0 x26: dead000000000100
x25: dead000000000200 x24: 0000000000418958
x23: 0000000000000001 x22: ffffffc1f5ccd668
x21: ffffffc1f5ccd590 x20: ffffffc1f5ccd418
x19: dead000000000060 x18: 0000000000000001
x17: 0000000000000007 x16: 0000000000000001
x15: ffffffffffffffff x14: ffffffffffffffff
x13: ffffffffffffffff x12: 0000000000000000
x11: 0000000000000001 x10: 0000000000000840
x9 : ffffffc1f5ce0000 x8 : ffffffc1f5cc3338
x7 : ffffff8008ce2020 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001
x3 : dead000000000200 x2 : dead000000000100
x1 : 0000000000000140 x0 : ffffffc1f5ccd590

Process irq/59-66330000 (pid: 85, stack limit = 0xffffffc1f5ce0020)
Stack: (0xffffffc1f5ce3d00 to 0xffffffc1f5ce4000)
3d00: ffffffc1f5ce3d80 ffffff80080f09d0 ffffffc1f5ca0c00 ffffffc1f6f7c600
3d20: ffffffc1f5ce0000 ffffffc1f6f7c600 ffffffc1f5ca0c00 ffffff80080f0998
3d40: ffffffc1f5ce0000 ffffff80080f0000 0000000000000000 0000000000000000
3d60: ffffff8008ce202c ffffff8008ce2020 ffffffc1f5ccd668 ffffffc1f5c530b0
3d80: ffffffc1f5ce3db0 ffffff80080f0d70 ffffffc1f5ca0c40 0000000000000001
3da0: ffffffc1f5ce0000 ffffff80080f0cfc ffffffc1f5ce3e20 ffffff80080bf4f8
3dc0: ffffffc1f5ca0c80 ffffff8008bf3798 ffffff8008955528 ffffffc1f5ca0c00
3de0: ffffff80080f0c30 0000000000000000 0000000000000000 0000000000000000
3e00: 0000000000000000 0000000000000000 0000000000000000 ffffff80080f0b68
3e20: 0000000000000000 ffffff8008083690 ffffff80080bf420 ffffffc1f5ca0c80
3e40: 0000000000000000 0000000000000000 0000000000000000 ffffff80080cb648
3e60: ffffff8008b1c780 0000000000000000 0000000000000000 ffffffc1f5ca0c00
3e80: ffffffc100000000 ffffff8000000000 ffffffc1f5ce3e90 ffffffc1f5ce3e90
3ea0: 0000000000000000 ffffff8000000000 ffffffc1f5ce3eb0 ffffffc1f5ce3eb0
3ec0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3ee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3fa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3fc0: 0000000000000000 0000000000000005 0000000000000000 0000000000000000
3fe0: 0000000000000000 0000000000000000 0000000275ce3ff0 0000000275ce3ff8
Call trace:
Exception stack(0xffffffc1f5ce3b30 to 0xffffffc1f5ce3c60)
3b20:                                   dead000000000060 0000008000000000
3b40: ffffffc1f5ce3d00 ffffff80084cb694 0000000000000008 0000000000000e88
3b60: ffffffc1f5ce3bb0 ffffff80080dac68 ffffffc1f5ce3b90 ffffff8008826fe4
3b80: 00000000000001c0 00000000000001c0 ffffffc1f5ce3bb0 ffffff800848dfcc
3ba0: 0000000000020000 ffffff8008b15ae4 ffffffc1f5ce3c00 ffffff800808f000
3bc0: 0000000000000010 ffffff80088377f0 ffffffc1f5ccd590 0000000000000140
3be0: dead000000000100 dead000000000200 0000000000000001 0000000000000000
3c00: 0000000000000000 ffffff8008ce2020 ffffffc1f5cc3338 ffffffc1f5ce0000
3c20: 0000000000000840 0000000000000001 0000000000000000 ffffffffffffffff
3c40: ffffffffffffffff ffffffffffffffff 0000000000000001 0000000000000007
[<ffffff80084cb694>] pl330_irq_handler+0x27c/0x390
[<ffffff80080f09d0>] irq_forced_thread_fn+0x38/0x88
[<ffffff80080f0d70>] irq_thread+0x140/0x200
[<ffffff80080bf4f8>] kthread+0xd8/0xf0
[<ffffff8008083690>] ret_from_fork+0x10/0x40
Code: f2a00838 f9405763 aa1c03e1 aa1503e0 (f9000443)
---[ end trace f50005726d31199c ]---
Kernel panic - not syncing: Fatal exception in interrupt
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 0-1
Kernel Offset: disabled
Memory Limit: none
---[ end Kernel panic - not syncing: Fatal exception in interrupt

To fix this, re-start with the list-head after dropping the lock then
re-takeing it.

Reviewed-by: Frank Mori Hess <fmh6jj@gmail.com>
Tested-by: Frank Mori Hess <fmh6jj@gmail.com>
Signed-off-by: Qi Hou <qi.hou@windriver.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2018-03-06 17:21:39 +05:30
..
bestcomm License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dw License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hsu serial: 8250_mid: handle interrupt correctly in DMA case 2017-01-19 14:20:23 +01:00
ioat Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu 2018-01-03 14:14:18 +01:00
ipu dmaengine: ipu: Make sure the interrupt routine checks all interrupts. 2017-01-02 10:48:44 +05:30
ppc4xx Merge branch 'topic/ppc4xx' into for-linus 2017-09-06 21:54:41 +05:30
qcom Merge branch 'topic/qcom_hidma' into for-linus 2018-01-31 13:50:40 +05:30
sh DMAengine updates for v4.16-rc1 2018-01-31 11:52:20 -08:00
xilinx dmaengine: xilinx_dma: Free BD consistent memory 2018-01-08 16:24:50 +05:30
acpi-dma.c dmaengine: acpi-dma: align debug message with flow 2016-02-22 09:06:09 +05:30
altera-msgdma.c dmaengine: altera: Use IRQ-safe spinlock calls in the error paths as well 2017-10-20 11:51:10 +05:30
amba-pl08x.c dmaengine: amba-pl08x: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
at_hdmac_regs.h dmaengine: at_hdmac: Remove unnecessary 0x prefixes before %pad 2017-11-08 10:47:04 +05:30
at_hdmac.c dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved 2017-11-29 19:48:17 +05:30
at_xdmac.c dmaengine: at_xdmac: Handle return value of clk_prepare_enable. 2017-08-21 22:20:44 +05:30
bcm2835-dma.c dmaengine: bcm2835-dma: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
bcm-sba-raid.c dmaengine: bcm-sba-raid: Use common GPL comment header 2017-10-23 11:35:47 +05:30
coh901318_lli.c dmaengine: coh901318: use NULL for pointer initialization 2016-09-26 22:28:24 +05:30
coh901318.c dmaengine: coh901318: Remove unnecessary 0x prefixes before %pad 2017-11-08 10:46:46 +05:30
coh901318.h
cppi41.c dmaengine: cppi41: Fix channel queues array size check 2017-12-22 17:47:04 +05:30
dma-axi-dmac.c dmaengine: axi-dmac: Fix software cyclic mode 2017-09-17 18:58:18 +05:30
dma-jz4740.c dmaengine: jz4740: disable/unprepare clk if probe fails 2017-12-11 09:00:06 +05:30
dma-jz4780.c dmaengine: dma-jz4780: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
dmaengine.c dmaengine: remove BUG_ON while registering devices 2017-08-28 09:39:46 +05:30
dmaengine.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dmatest.c dmaengine: dmatest: fix container_of member in dmatest_callback 2018-01-30 12:24:43 +05:30
edma.c dmaengine: edma: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
ep93xx_dma.c dmaengine: ep93xx: Don't drain the transfers in terminate_all() 2017-05-24 09:52:46 +05:30
fsl_raid.c dmaengine: fsl_raid: make of_device_ids const. 2017-06-29 09:25:28 +05:30
fsl_raid.h
fsl-edma.c dmaengine: fsl-edma: disable clks on all error paths 2017-12-15 09:53:04 +05:30
fsldma.c dmaengine: remove DMA_SG as it is dead code in kernel 2017-08-22 09:22:11 +05:30
fsldma.h dmaengine: fsldma: set BWC, DAHTS and SAHTS values correctly 2017-06-22 18:31:35 +05:30
idma64.c dmaengine: idma64: clear LLP_[SD]_EN bits in last descriptor 2016-02-15 22:06:45 +05:30
idma64.h asm-generic changes for 4.6 2016-03-24 23:13:48 -07:00
img-mdc-dma.c dmaengine: img-mdc-dma: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
imx-dma.c ARM: 8745/1: get rid of __memzero() 2018-01-21 15:37:56 +00:00
imx-sdma.c dmaengine: imx-sdma: Add MODULE_FIRMWARE 2017-12-22 17:35:44 +05:30
iop-adma.c dmaengine: iop-adma: convert callback to helper function 2016-08-08 08:11:39 +05:30
k3dma.c dmaengine: k3dma: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
Kconfig Merge branch 'topic/sprd' into for-linus 2017-11-14 10:36:09 +05:30
lpc18xx-dmamux.c dmaengine: add driver for lpc18xx dmamux 2015-08-18 22:12:14 +05:30
Makefile dmaengine updates for 4.15-rc1 2017-11-14 16:49:31 -08:00
mic_x100_dma.c dmaengine: mic_x100_dma: Use PTR_ERR_OR_ZERO() 2017-12-04 22:40:38 +05:30
mic_x100_dma.h dmaengine: Add an enum for the dmaengine alignment constraints 2015-08-05 10:53:52 +05:30
mmp_pdma.c dmaengine: mmp_pdma: convert callback to helper function 2016-08-08 08:11:39 +05:30
mmp_tdma.c Merge branch 'topic/err_reporting' into for-linus 2016-10-03 09:17:33 +05:30
moxart-dma.c dmaengine: moxart: remove NO_IRQ 2016-09-05 16:40:52 +05:30
mpc512x_dma.c Merge branch 'topic/err_reporting' into for-linus 2016-10-03 09:17:33 +05:30
mv_xor_v2.c dmaengine: mv_xor_v2: add support for suspend/resume 2017-05-14 18:24:46 +05:30
mv_xor.c dmaengine: remove DMA_SG as it is dead code in kernel 2017-08-22 09:22:11 +05:30
mv_xor.h dmaengine: mv_xor: Add support for scatter-gather DMA mode 2016-11-25 11:16:36 +05:30
mxs-dma.c dmaengine: mxs: Use %zu for printing a size_t variable 2017-06-15 09:44:45 +05:30
nbpfaxi.c dmaengine: nbpfaxi: Use of_device_get_match_data() helper 2017-10-12 22:20:51 +05:30
of-dma.c dmaengine: Convert to using %pOF instead of full_name 2017-07-19 09:30:44 +05:30
omap-dma.c dmaengine: omap-dma: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
pch_dma.c dmaengine: pch_dma: Replace PCI pool old API 2017-10-31 17:01:06 +05:30
pl330.c dmaengine: pl330: fix a race condition in case of threaded irqs 2018-03-06 17:21:39 +05:30
pxa_dma.c Revert "dmaengine: pxa_dma: add support for legacy transition" 2016-10-18 20:14:32 +05:30
s3c24xx-dma.c dmaengine: s3c24xx-dma: Use vchan_terminate_vdesc() instead of desc_free 2017-12-04 22:33:51 +05:30
sa11x0-dma.c dmaengine: sa11x0: add DMA filters 2017-09-27 16:11:51 +05:30
sirf-dma.c dmaengine: sirf-dma: remove unused ‘sdesc’ 2016-12-12 22:25:22 +05:30
sprd-dma.c dmaengine: sprd: statify 'sprd_dma_prep_dma_memcpy' 2018-01-15 11:33:11 +05:30
st_fdma.c dmaengine: st_fdma: Fix the error return code in st_fdma_probe() 2016-10-19 22:29:33 +05:30
st_fdma.h dmaengine: st_fdma: Add STMicroelectronics FDMA driver header file 2016-10-18 20:12:06 +05:30
ste_dma40_ll.c dmaengine: ste_dma40_ll: make d40_width_to_bits static 2016-06-08 08:59:55 +05:30
ste_dma40_ll.h
ste_dma40.c Merge branch 'topic/dmatest' into for-linus 2017-09-06 21:55:10 +05:30
stm32-dma.c dmaengine: stm32-dma: fix up error dev_err message 2017-03-06 10:41:24 +05:30
stm32-dmamux.c dmaengine: stm32-dmamux: Remove unnecessary platform_get_resource() error check 2018-01-19 11:07:50 +05:30
stm32-mdma.c dmaengine: stm32_mdma: activate pack/unpack feature 2017-11-08 10:49:53 +05:30
sun4i-dma.c dmaengine: sun4i: fix invalid argument 2017-04-24 09:50:05 +05:30
sun6i-dma.c dmaengine: sun6i: Retrieve channel count/max request from devicetree 2017-10-23 11:44:03 +05:30
tegra20-apb-dma.c dmaengine: tegra-apb: Support non-flow controlled slave configuration 2017-11-29 19:35:05 +05:30
tegra210-adma.c dmaengine: tegra210-adma: fix of_irq_get() error check 2017-08-09 11:39:16 +05:30
ti-dma-crossbar.c dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 2017-12-22 17:48:07 +05:30
timb_dma.c dmaengine: timb_dma: fix spelling mistake: "Couldnt" -> "Couldn't" 2017-12-11 08:57:38 +05:30
TODO
txx9dmac.c dmaengine: txx9dmac: convert callback to helper function 2016-08-08 08:11:41 +05:30
txx9dmac.h
virt-dma.c dmaengine: virt-dma: Add helper to free/reuse a descriptor 2017-12-04 22:33:51 +05:30
virt-dma.h dmaengine: virt-dma: Support for race free transfer termination 2017-12-04 22:33:51 +05:30
xgene-dma.c dmaengine: xgene-dma: remove unused xgene_dma_invalidate_buffer 2017-08-22 22:13:44 +05:30
zx_dma.c dmaengine: zx: fix build warning 2017-01-25 15:33:45 +05:30