Deadlock as below is triggered by one CPU holds drvdata->spinlock
and calls cti_enable_hw(). Smp_call_function_single() is called
in cti_enable_hw() and tries to let another CPU write CTI registers.
That CPU is trying to get drvdata->spinlock in cti_cpu_pm_notify()
and doesn't response to IPI from smp_call_function_single().
[ 988.335937] CPU: 6 PID: 10258 Comm: sh Tainted: G W L
5.8.0-rc6-mainline-16783-gc38daa79b26b-dirty #1
[ 988.346364] Hardware name: Thundercomm Dragonboard 845c (DT)
[ 988.352073] pstate: 20400005 (nzCv daif +PAN -UAO BTYPE=--)
[ 988.357689] pc : smp_call_function_single+0x158/0x1b8
[ 988.362782] lr : smp_call_function_single+0x124/0x1b8
...
[ 988.451638] Call trace:
[ 988.454119] smp_call_function_single+0x158/0x1b8
[ 988.458866] cti_enable+0xb4/0xf8 [coresight_cti]
[ 988.463618] coresight_control_assoc_ectdev+0x6c/0x128 [coresight]
[ 988.469855] coresight_enable+0x1f0/0x364 [coresight]
[ 988.474957] enable_source_store+0x5c/0x9c [coresight]
[ 988.480140] dev_attr_store+0x14/0x28
[ 988.483839] sysfs_kf_write+0x38/0x4c
[ 988.487532] kernfs_fop_write+0x1c0/0x2b0
[ 988.491585] vfs_write+0xfc/0x300
[ 988.494931] ksys_write+0x78/0xe0
[ 988.498283] __arm64_sys_write+0x18/0x20
[ 988.502240] el0_svc_common+0x98/0x160
[ 988.506024] do_el0_svc+0x78/0x80
[ 988.509377] el0_sync_handler+0xd4/0x270
[ 988.513337] el0_sync+0x164/0x180
This change write CTI registers directly in cti_enable_hw().
Config->hw_powered has been checked to be true with spinlock holded.
CTI is powered and can be programmed until spinlock is released.
Fixes: 6a0953ce7de9 ("coresight: cti: Add CPU idle pm notifer to CTI devices")
Signed-off-by: Tingwei Zhang <[email protected]>
---
drivers/hwtracing/coresight/coresight-cti.c | 24 +++++----------------
1 file changed, 5 insertions(+), 19 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-cti.c b/drivers/hwtracing/coresight/coresight-cti.c
index c4e9cc7034ab..d04181c12a7f 100644
--- a/drivers/hwtracing/coresight/coresight-cti.c
+++ b/drivers/hwtracing/coresight/coresight-cti.c
@@ -86,22 +86,16 @@ void cti_write_all_hw_regs(struct cti_drvdata *drvdata)
CS_LOCK(drvdata->base);
}
-static void cti_enable_hw_smp_call(void *info)
-{
- struct cti_drvdata *drvdata = info;
-
- cti_write_all_hw_regs(drvdata);
-}
-
/* write regs to hardware and enable */
static int cti_enable_hw(struct cti_drvdata *drvdata)
{
struct cti_config *config = &drvdata->config;
struct device *dev = &drvdata->csdev->dev;
int rc = 0;
+ unsigned long flags;
pm_runtime_get_sync(dev->parent);
- spin_lock(&drvdata->spinlock);
+ spin_lock_irqsave(&drvdata->spinlock, flags);
/* no need to do anything if enabled or unpowered*/
if (config->hw_enabled || !config->hw_powered)
@@ -112,19 +106,11 @@ static int cti_enable_hw(struct cti_drvdata *drvdata)
if (rc)
goto cti_err_not_enabled;
- if (drvdata->ctidev.cpu >= 0) {
- rc = smp_call_function_single(drvdata->ctidev.cpu,
- cti_enable_hw_smp_call,
- drvdata, 1);
- if (rc)
- goto cti_err_not_enabled;
- } else {
- cti_write_all_hw_regs(drvdata);
- }
+ cti_write_all_hw_regs(drvdata);
config->hw_enabled = true;
atomic_inc(&drvdata->config.enable_req_count);
- spin_unlock(&drvdata->spinlock);
+ spin_unlock_irqrestore(&drvdata->spinlock, flags);
return rc;
cti_state_unchanged:
@@ -132,7 +118,7 @@ static int cti_enable_hw(struct cti_drvdata *drvdata)
/* cannot enable due to error */
cti_err_not_enabled:
- spin_unlock(&drvdata->spinlock);
+ spin_unlock_irqrestore(&drvdata->spinlock, flags);
pm_runtime_put(dev->parent);
return rc;
}
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
On Tue, Sep 01, 2020 at 02:33:09PM +0800, Tingwei Zhang wrote:
> Deadlock as below is triggered by one CPU holds drvdata->spinlock
> and calls cti_enable_hw(). Smp_call_function_single() is called
> in cti_enable_hw() and tries to let another CPU write CTI registers.
> That CPU is trying to get drvdata->spinlock in cti_cpu_pm_notify()
> and doesn't response to IPI from smp_call_function_single().
>
> [ 988.335937] CPU: 6 PID: 10258 Comm: sh Tainted: G W L
> 5.8.0-rc6-mainline-16783-gc38daa79b26b-dirty #1
> [ 988.346364] Hardware name: Thundercomm Dragonboard 845c (DT)
> [ 988.352073] pstate: 20400005 (nzCv daif +PAN -UAO BTYPE=--)
> [ 988.357689] pc : smp_call_function_single+0x158/0x1b8
> [ 988.362782] lr : smp_call_function_single+0x124/0x1b8
> ...
> [ 988.451638] Call trace:
> [ 988.454119] smp_call_function_single+0x158/0x1b8
> [ 988.458866] cti_enable+0xb4/0xf8 [coresight_cti]
> [ 988.463618] coresight_control_assoc_ectdev+0x6c/0x128 [coresight]
> [ 988.469855] coresight_enable+0x1f0/0x364 [coresight]
> [ 988.474957] enable_source_store+0x5c/0x9c [coresight]
> [ 988.480140] dev_attr_store+0x14/0x28
> [ 988.483839] sysfs_kf_write+0x38/0x4c
> [ 988.487532] kernfs_fop_write+0x1c0/0x2b0
> [ 988.491585] vfs_write+0xfc/0x300
> [ 988.494931] ksys_write+0x78/0xe0
> [ 988.498283] __arm64_sys_write+0x18/0x20
> [ 988.502240] el0_svc_common+0x98/0x160
> [ 988.506024] do_el0_svc+0x78/0x80
> [ 988.509377] el0_sync_handler+0xd4/0x270
> [ 988.513337] el0_sync+0x164/0x180
>
> This change write CTI registers directly in cti_enable_hw().
> Config->hw_powered has been checked to be true with spinlock holded.
> CTI is powered and can be programmed until spinlock is released.
>
> Fixes: 6a0953ce7de9 ("coresight: cti: Add CPU idle pm notifer to CTI devices")
> Signed-off-by: Tingwei Zhang <[email protected]>
> ---
> drivers/hwtracing/coresight/coresight-cti.c | 24 +++++----------------
> 1 file changed, 5 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/hwtracing/coresight/coresight-cti.c b/drivers/hwtracing/coresight/coresight-cti.c
> index c4e9cc7034ab..d04181c12a7f 100644
> --- a/drivers/hwtracing/coresight/coresight-cti.c
> +++ b/drivers/hwtracing/coresight/coresight-cti.c
> @@ -86,22 +86,16 @@ void cti_write_all_hw_regs(struct cti_drvdata *drvdata)
> CS_LOCK(drvdata->base);
> }
>
> -static void cti_enable_hw_smp_call(void *info)
> -{
> - struct cti_drvdata *drvdata = info;
> -
> - cti_write_all_hw_regs(drvdata);
> -}
> -
> /* write regs to hardware and enable */
> static int cti_enable_hw(struct cti_drvdata *drvdata)
> {
> struct cti_config *config = &drvdata->config;
> struct device *dev = &drvdata->csdev->dev;
> int rc = 0;
> + unsigned long flags;
I have moved this line before "int rc = 0;" and applied your patch.
Thanks,
Mathieu
>
> pm_runtime_get_sync(dev->parent);
> - spin_lock(&drvdata->spinlock);
> + spin_lock_irqsave(&drvdata->spinlock, flags);
>
> /* no need to do anything if enabled or unpowered*/
> if (config->hw_enabled || !config->hw_powered)
> @@ -112,19 +106,11 @@ static int cti_enable_hw(struct cti_drvdata *drvdata)
> if (rc)
> goto cti_err_not_enabled;
>
> - if (drvdata->ctidev.cpu >= 0) {
> - rc = smp_call_function_single(drvdata->ctidev.cpu,
> - cti_enable_hw_smp_call,
> - drvdata, 1);
> - if (rc)
> - goto cti_err_not_enabled;
> - } else {
> - cti_write_all_hw_regs(drvdata);
> - }
> + cti_write_all_hw_regs(drvdata);
>
> config->hw_enabled = true;
> atomic_inc(&drvdata->config.enable_req_count);
> - spin_unlock(&drvdata->spinlock);
> + spin_unlock_irqrestore(&drvdata->spinlock, flags);
> return rc;
>
> cti_state_unchanged:
> @@ -132,7 +118,7 @@ static int cti_enable_hw(struct cti_drvdata *drvdata)
>
> /* cannot enable due to error */
> cti_err_not_enabled:
> - spin_unlock(&drvdata->spinlock);
> + spin_unlock_irqrestore(&drvdata->spinlock, flags);
> pm_runtime_put(dev->parent);
> return rc;
> }
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>