Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2475074pxj;
        Mon, 10 May 2021 04:01:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwDiEDB0TuxgoMNl1/oM3hSozyVCkJLCo5RuFD8INnLQkiFRC0u+UAhe4acLQaYwYfZ/WwY
X-Received: by 2002:a7b:c1da:: with SMTP id a26mr24913211wmj.40.1620644488031;
        Mon, 10 May 2021 04:01:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620644488; cv=none;
        d=google.com; s=arc-20160816;
        b=EXLgSPKeTRkpsz1rlNUveqJ2ga8UHxdS97UgoaymE+LaQLoscJIcAB/On4CCuwebmf
         Cw4uRQehwPW3EtU2TfuQ+wpSRj3gCt5QNIB65SxHSYEcblDERRn6Oo7cCszs0DZS54B3
         TXXNy5aQPXeciTHpfTbIX7J0dWSMsMODuF4fn+MT/jjL+UgnPTBZDQYT7vyMcZE2NYiL
         iktFhLScDIFvWnH1xdrMMDe5RDmFJder4wW1J1HRcHHIvSy6b+FfYY5BKGgcImKTbh8Z
         0Wn8xdi6z5qZP4qv1buCZg1ZDBBGSP22jmg2RrolosU4tqc7FkJedwGvg8DqsYLYK7tq
         NcyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=BUmYrOkAUw2dr9jzkwm4WuMdfqonZz2zzba2rBUmdqg=;
        b=bUg2ZVMQGBmRCoxLzYx5MALY5NNNsLhFblcx7xG7ktU4ot9S0OZp39dbL2VTz4iQ9b
         3wtgq6L5rKIDdr7R4X1cqkbd09vX8Oj1FtF2/nDJsxu9K0uNVPSMcC9IHGVahf+TNArj
         TWC7ac/eewyVwAq8dcXOwmzA8XXHVLBYjhedreyCG4mQDhT3OGxYypNlnV7x13cHbO54
         RQNA79MBmq9/zl2ntXB4io+7RIB5mZOZ1rQREgMgP8/NFf4LYjjceHSuQx2F85rmZ0xf
         tLkdyAeLSqzqc7NtV+Tz/fbqwhl27jItinJeEYeYUbXDVgWO/Rb/8wbl9L3L95T9JPOT
         J+RA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oOm+rvGd;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m11si13239264edp.564.2021.05.10.04.01.03;
        Mon, 10 May 2021 04:01:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oOm+rvGd;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231888AbhEJKxj (ORCPT <rfc822;lkmlinbox@gmail.com> + 99 others);
        Mon, 10 May 2021 06:53:39 -0400
Received: from mail.kernel.org ([198.145.29.99]:49878 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232355AbhEJKm1 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 May 2021 06:42:27 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 835506162A;
        Mon, 10 May 2021 10:32:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1620642759;
        bh=sqS4/lFrjIGbpONGxr9kDMrGcK8jhiMMJYnZOL9A3w0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=oOm+rvGd01fwe07laQUYrtZiQH1nbsh0WNQ7b+jTEedtH2GWyDye0IJSrZ0O3WF3b
         OYwQTDaUmWBqCxmysHIAVrtiXZw96wUjkoE43Lg2kFaBZp3L/duTndLgY5zqEfUVBD
         52TlaV/1OP18DUs6IvlAu+ix7AoREO5U/OsLGqS4=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Mark Rutland <mark.rutland@arm.com>,
        He Ying <heying24@huawei.com>, Marc Zyngier <maz@kernel.org>
Subject: [PATCH 5.10 038/299] irqchip/gic-v3: Do not enable irqs when handling spurious interrups
Date:   Mon, 10 May 2021 12:17:15 +0200
Message-Id: <20210510102006.110417124@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210510102004.821838356@linuxfoundation.org>
References: <20210510102004.821838356@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: He Ying <heying24@huawei.com>

commit a97709f563a078e259bf0861cd259aa60332890a upstream.

We triggered the following error while running our 4.19 kernel
with the pseudo-NMI patches backported to it:

[   14.816231] ------------[ cut here ]------------
[   14.816231] kernel BUG at irq.c:99!
[   14.816232] Internal error: Oops - BUG: 0 [#1] SMP
[   14.816232] Process swapper/0 (pid: 0, stack limit = 0x(____ptrval____))
[   14.816233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G           O      4.19.95.aarch64 #14
[   14.816233] Hardware name: evb (DT)
[   14.816234] pstate: 80400085 (Nzcv daIf +PAN -UAO)
[   14.816234] pc : asm_nmi_enter+0x94/0x98
[   14.816235] lr : asm_nmi_enter+0x18/0x98
[   14.816235] sp : ffff000008003c50
[   14.816235] pmr_save: 00000070
[   14.816237] x29: ffff000008003c50 x28: ffff0000095f56c0
[   14.816238] x27: 0000000000000000 x26: ffff000008004000
[   14.816239] x25: 00000000015e0000 x24: ffff8008fb916000
[   14.816240] x23: 0000000020400005 x22: ffff0000080817cc
[   14.816241] x21: ffff000008003da0 x20: 0000000000000060
[   14.816242] x19: 00000000000003ff x18: ffffffffffffffff
[   14.816243] x17: 0000000000000008 x16: 003d090000000000
[   14.816244] x15: ffff0000095ea6c8 x14: ffff8008fff5ab40
[   14.816244] x13: ffff8008fff58b9d x12: 0000000000000000
[   14.816245] x11: ffff000008c8a200 x10: 000000008e31fca5
[   14.816246] x9 : ffff000008c8a208 x8 : 000000000000000f
[   14.816247] x7 : 0000000000000004 x6 : ffff8008fff58b9e
[   14.816248] x5 : 0000000000000000 x4 : 0000000080000000
[   14.816249] x3 : 0000000000000000 x2 : 0000000080000000
[   14.816250] x1 : 0000000000120000 x0 : ffff0000095f56c0
[   14.816251] Call trace:
[   14.816251]  asm_nmi_enter+0x94/0x98
[   14.816251]  el1_irq+0x8c/0x180                    (IRQ C)
[   14.816252]  gic_handle_irq+0xbc/0x2e4
[   14.816252]  el1_irq+0xcc/0x180                    (IRQ B)
[   14.816253]  arch_timer_handler_virt+0x38/0x58
[   14.816253]  handle_percpu_devid_irq+0x90/0x240
[   14.816253]  generic_handle_irq+0x34/0x50
[   14.816254]  __handle_domain_irq+0x68/0xc0
[   14.816254]  gic_handle_irq+0xf8/0x2e4
[   14.816255]  el1_irq+0xcc/0x180                    (IRQ A)
[   14.816255]  arch_cpu_idle+0x34/0x1c8
[   14.816255]  default_idle_call+0x24/0x44
[   14.816256]  do_idle+0x1d0/0x2c8
[   14.816256]  cpu_startup_entry+0x28/0x30
[   14.816256]  rest_init+0xb8/0xc8
[   14.816257]  start_kernel+0x4c8/0x4f4
[   14.816257] Code: 940587f1 d5384100 b9401001 36a7fd01 (d4210000)
[   14.816258] Modules linked in: start_dp(O) smeth(O)
[   15.103092] ---[ end trace 701753956cb14aa8 ]---
[   15.103093] Kernel panic - not syncing: Fatal exception in interrupt
[   15.103099] SMP: stopping secondary CPUs
[   15.103100] Kernel Offset: disabled
[   15.103100] CPU features: 0x36,a2400218
[   15.103100] Memory Limit: none

which is cause by a 'BUG_ON(in_nmi())' in nmi_enter().

>From the call trace, we can find three interrupts (noted A, B, C above):
interrupt (A) is preempted by (B), which is further interrupted by (C).

Subsequent investigations show that (B) results in nmi_enter() being
called, but that it actually is a spurious interrupt. Furthermore,
interrupts are reenabled in the context of (B), and (C) fires with
NMI priority. We end-up with a nested NMI situation, something
we definitely do not want to (and cannot) handle.

The bug here is that spurious interrupts should never result in any
state change, and we should just return to the interrupted context.
Moving the handling of spurious interrupts as early as possible in
the GICv3 handler fixes this issue.

Fixes: 3f1f3234bc2d ("irqchip/gic-v3: Switch to PMR masking before calling IRQ handler")
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: He Ying <heying24@huawei.com>
[maz: rewrote commit message, corrected Fixes: tag]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210423083516.170111-1-heying24@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/irqchip/irq-gic-v3.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -648,6 +648,10 @@ static asmlinkage void __exception_irq_e
 
 	irqnr = gic_read_iar();
 
+	/* Check for special IDs first */
+	if ((irqnr >= 1020 && irqnr <= 1023))
+		return;
+
 	if (gic_supports_nmi() &&
 	    unlikely(gic_read_rpr() == GICD_INT_NMI_PRI)) {
 		gic_handle_nmi(irqnr, regs);
@@ -659,10 +663,6 @@ static asmlinkage void __exception_irq_e
 		gic_arch_enable_irqs();
 	}
 
-	/* Check for special IDs first */
-	if ((irqnr >= 1020 && irqnr <= 1023))
-		return;
-
 	if (static_branch_likely(&supports_deactivate_key))
 		gic_write_eoir(irqnr);
 	else