smp_call_function_single disables IRQs when executing the callback. To
prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.
This is already done by qman_update_cgr and qman_delete_cgr; fix the
other lockers.
Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Camelia Groza <[email protected]>
Tested-by: Vladimir Oltean <[email protected]>
---
(no changes since v3)
Changes in v3:
- Change blamed commit to something more appropriate
Changes in v2:
- Fix one additional call to spin_unlock
drivers/soc/fsl/qbman/qman.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c
index 739e4eee6b75..1bf1f1ea67f0 100644
--- a/drivers/soc/fsl/qbman/qman.c
+++ b/drivers/soc/fsl/qbman/qman.c
@@ -1456,11 +1456,11 @@ static void qm_congestion_task(struct work_struct *work)
union qm_mc_result *mcr;
struct qman_cgr *cgr;
- spin_lock(&p->cgr_lock);
+ spin_lock_irq(&p->cgr_lock);
qm_mc_start(&p->p);
qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);
if (!qm_mc_result_timeout(&p->p, &mcr)) {
- spin_unlock(&p->cgr_lock);
+ spin_unlock_irq(&p->cgr_lock);
dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
return;
@@ -1476,7 +1476,7 @@ static void qm_congestion_task(struct work_struct *work)
list_for_each_entry(cgr, &p->cgr_cbs, node)
if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))
cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));
- spin_unlock(&p->cgr_lock);
+ spin_unlock_irq(&p->cgr_lock);
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
}
@@ -2440,7 +2440,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
preempt_enable();
cgr->chan = p->config->channel;
- spin_lock(&p->cgr_lock);
+ spin_lock_irq(&p->cgr_lock);
if (opts) {
struct qm_mcc_initcgr local_opts = *opts;
@@ -2477,7 +2477,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
qman_cgrs_get(&p->cgrs[1], cgr->cgrid))
cgr->cb(p, cgr, 1);
out:
- spin_unlock(&p->cgr_lock);
+ spin_unlock_irq(&p->cgr_lock);
put_affine_portal();
return ret;
}
--
2.35.1.1320.gc452695387.dirty
cgr_lock may be locked with interrupts already disabled by
smp_call_function_single. As such, we must use a raw spinlock to avoid
problems on PREEMPT_RT kernels. Although this bug has existed for a
while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust
queue depth on rate change") which invokes smp_call_function_single via
qman_update_cgr_safe every time a link goes up or down.
Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
Reported-by: Vladimir Oltean <[email protected]>
Closes: https://lore.kernel.org/all/20230323153935.nofnjucqjqnz34ej@skbuf/
Reported-by: Steffen Trumtrar <[email protected]>
Closes: https://lore.kernel.org/linux-arm-kernel/[email protected]/
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Camelia Groza <[email protected]>
Tested-by: Vladimir Oltean <[email protected]>
---
Please backport these fixes when applied. This bug has been reported
multiple times (see links above).
Changes in v4:
- Add a note about how raw spinlocks aren't quite right
Changes in v3:
- Change blamed commit to something more appropriate
drivers/soc/fsl/qbman/qman.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c
index 1bf1f1ea67f0..7e9074519ad2 100644
--- a/drivers/soc/fsl/qbman/qman.c
+++ b/drivers/soc/fsl/qbman/qman.c
@@ -991,7 +991,7 @@ struct qman_portal {
/* linked-list of CSCN handlers. */
struct list_head cgr_cbs;
/* list lock */
- spinlock_t cgr_lock;
+ raw_spinlock_t cgr_lock;
struct work_struct congestion_work;
struct work_struct mr_work;
char irqname[MAX_IRQNAME];
@@ -1281,7 +1281,7 @@ static int qman_create_portal(struct qman_portal *portal,
/* if the given mask is NULL, assume all CGRs can be seen */
qman_cgrs_fill(&portal->cgrs[0]);
INIT_LIST_HEAD(&portal->cgr_cbs);
- spin_lock_init(&portal->cgr_lock);
+ raw_spin_lock_init(&portal->cgr_lock);
INIT_WORK(&portal->congestion_work, qm_congestion_task);
INIT_WORK(&portal->mr_work, qm_mr_process_task);
portal->bits = 0;
@@ -1456,11 +1456,14 @@ static void qm_congestion_task(struct work_struct *work)
union qm_mc_result *mcr;
struct qman_cgr *cgr;
- spin_lock_irq(&p->cgr_lock);
+ /*
+ * FIXME: QM_MCR_TIMEOUT is 10ms, which is too long for a raw spinlock!
+ */
+ raw_spin_lock_irq(&p->cgr_lock);
qm_mc_start(&p->p);
qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);
if (!qm_mc_result_timeout(&p->p, &mcr)) {
- spin_unlock_irq(&p->cgr_lock);
+ raw_spin_unlock_irq(&p->cgr_lock);
dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
return;
@@ -1476,7 +1479,7 @@ static void qm_congestion_task(struct work_struct *work)
list_for_each_entry(cgr, &p->cgr_cbs, node)
if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))
cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));
- spin_unlock_irq(&p->cgr_lock);
+ raw_spin_unlock_irq(&p->cgr_lock);
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
}
@@ -2440,7 +2443,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
preempt_enable();
cgr->chan = p->config->channel;
- spin_lock_irq(&p->cgr_lock);
+ raw_spin_lock_irq(&p->cgr_lock);
if (opts) {
struct qm_mcc_initcgr local_opts = *opts;
@@ -2477,7 +2480,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
qman_cgrs_get(&p->cgrs[1], cgr->cgrid))
cgr->cb(p, cgr, 1);
out:
- spin_unlock_irq(&p->cgr_lock);
+ raw_spin_unlock_irq(&p->cgr_lock);
put_affine_portal();
return ret;
}
@@ -2512,7 +2515,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
return -EINVAL;
memset(&local_opts, 0, sizeof(struct qm_mcc_initcgr));
- spin_lock_irqsave(&p->cgr_lock, irqflags);
+ raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
list_del(&cgr->node);
/*
* If there are no other CGR objects for this CGRID in the list,
@@ -2537,7 +2540,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
/* add back to the list */
list_add(&cgr->node, &p->cgr_cbs);
release_lock:
- spin_unlock_irqrestore(&p->cgr_lock, irqflags);
+ raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
put_affine_portal();
return ret;
}
@@ -2577,9 +2580,9 @@ static int qman_update_cgr(struct qman_cgr *cgr, struct qm_mcc_initcgr *opts)
if (!p)
return -EINVAL;
- spin_lock_irqsave(&p->cgr_lock, irqflags);
+ raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
ret = qm_modify_cgr(cgr, 0, opts);
- spin_unlock_irqrestore(&p->cgr_lock, irqflags);
+ raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
put_affine_portal();
return ret;
}
--
2.35.1.1320.gc452695387.dirty
On 1/8/24 11:19, Sean Anderson wrote:
> cgr_lock may be locked with interrupts already disabled by
> smp_call_function_single. As such, we must use a raw spinlock to avoid
> problems on PREEMPT_RT kernels. Although this bug has existed for a
> while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust
> queue depth on rate change") which invokes smp_call_function_single via
> qman_update_cgr_safe every time a link goes up or down.
>
> Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
> Reported-by: Vladimir Oltean <[email protected]>
> Closes: https://lore.kernel.org/all/20230323153935.nofnjucqjqnz34ej@skbuf/
> Reported-by: Steffen Trumtrar <[email protected]>
> Closes: https://lore.kernel.org/linux-arm-kernel/[email protected]/
> Signed-off-by: Sean Anderson <[email protected]>
> Reviewed-by: Camelia Groza <[email protected]>
> Tested-by: Vladimir Oltean <[email protected]>
> ---
> Please backport these fixes when applied. This bug has been reported
> multiple times (see links above).
>
> Changes in v4:
> - Add a note about how raw spinlocks aren't quite right
>
> Changes in v3:
> - Change blamed commit to something more appropriate
>
> drivers/soc/fsl/qbman/qman.c | 25 ++++++++++++++-----------
> 1 file changed, 14 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c
> index 1bf1f1ea67f0..7e9074519ad2 100644
> --- a/drivers/soc/fsl/qbman/qman.c
> +++ b/drivers/soc/fsl/qbman/qman.c
> @@ -991,7 +991,7 @@ struct qman_portal {
> /* linked-list of CSCN handlers. */
> struct list_head cgr_cbs;
> /* list lock */
> - spinlock_t cgr_lock;
> + raw_spinlock_t cgr_lock;
> struct work_struct congestion_work;
> struct work_struct mr_work;
> char irqname[MAX_IRQNAME];
> @@ -1281,7 +1281,7 @@ static int qman_create_portal(struct qman_portal *portal,
> /* if the given mask is NULL, assume all CGRs can be seen */
> qman_cgrs_fill(&portal->cgrs[0]);
> INIT_LIST_HEAD(&portal->cgr_cbs);
> - spin_lock_init(&portal->cgr_lock);
> + raw_spin_lock_init(&portal->cgr_lock);
> INIT_WORK(&portal->congestion_work, qm_congestion_task);
> INIT_WORK(&portal->mr_work, qm_mr_process_task);
> portal->bits = 0;
> @@ -1456,11 +1456,14 @@ static void qm_congestion_task(struct work_struct *work)
> union qm_mc_result *mcr;
> struct qman_cgr *cgr;
>
> - spin_lock_irq(&p->cgr_lock);
> + /*
> + * FIXME: QM_MCR_TIMEOUT is 10ms, which is too long for a raw spinlock!
> + */
> + raw_spin_lock_irq(&p->cgr_lock);
> qm_mc_start(&p->p);
> qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);
> if (!qm_mc_result_timeout(&p->p, &mcr)) {
> - spin_unlock_irq(&p->cgr_lock);
> + raw_spin_unlock_irq(&p->cgr_lock);
> dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");
> qman_p_irqsource_add(p, QM_PIRQ_CSCI);
> return;
> @@ -1476,7 +1479,7 @@ static void qm_congestion_task(struct work_struct *work)
> list_for_each_entry(cgr, &p->cgr_cbs, node)
> if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))
> cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));
> - spin_unlock_irq(&p->cgr_lock);
> + raw_spin_unlock_irq(&p->cgr_lock);
> qman_p_irqsource_add(p, QM_PIRQ_CSCI);
> }
>
> @@ -2440,7 +2443,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
> preempt_enable();
>
> cgr->chan = p->config->channel;
> - spin_lock_irq(&p->cgr_lock);
> + raw_spin_lock_irq(&p->cgr_lock);
>
> if (opts) {
> struct qm_mcc_initcgr local_opts = *opts;
> @@ -2477,7 +2480,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
> qman_cgrs_get(&p->cgrs[1], cgr->cgrid))
> cgr->cb(p, cgr, 1);
> out:
> - spin_unlock_irq(&p->cgr_lock);
> + raw_spin_unlock_irq(&p->cgr_lock);
> put_affine_portal();
> return ret;
> }
> @@ -2512,7 +2515,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
> return -EINVAL;
>
> memset(&local_opts, 0, sizeof(struct qm_mcc_initcgr));
> - spin_lock_irqsave(&p->cgr_lock, irqflags);
> + raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
> list_del(&cgr->node);
> /*
> * If there are no other CGR objects for this CGRID in the list,
> @@ -2537,7 +2540,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
> /* add back to the list */
> list_add(&cgr->node, &p->cgr_cbs);
> release_lock:
> - spin_unlock_irqrestore(&p->cgr_lock, irqflags);
> + raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
> put_affine_portal();
> return ret;
> }
> @@ -2577,9 +2580,9 @@ static int qman_update_cgr(struct qman_cgr *cgr, struct qm_mcc_initcgr *opts)
> if (!p)
> return -EINVAL;
>
> - spin_lock_irqsave(&p->cgr_lock, irqflags);
> + raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
> ret = qm_modify_cgr(cgr, 0, opts);
> - spin_unlock_irqrestore(&p->cgr_lock, irqflags);
> + raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
> put_affine_portal();
> return ret;
> }
ping
I'd like to get this in for 6.8.
Would it be more convenient for this to go via net?
--Sean