Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp5991389rwp; Mon, 17 Jul 2023 12:55:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlF8YC5mcIgbjvKGRlyNU6KbplGqt9NAxlDXYjhRth5SjMSYiQjhKcOvyKe82Dya19VS4k8k X-Received: by 2002:a05:6870:2189:b0:1a9:caa6:1337 with SMTP id l9-20020a056870218900b001a9caa61337mr14522924oae.23.1689623758331; Mon, 17 Jul 2023 12:55:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689623758; cv=none; d=google.com; s=arc-20160816; b=YyToSH//sB00e8PnwHxVwcMe0oRVO7WXy8AiuVx+1gVF2Mb05VHgzmOJu4bqIUvmMw E6qLt7Snbj2X845eZwfrN09wKGE3cAALtbDqaSd56pYdnfVdcYD99Hk8oUq8t98HuXNM Xk/8PdEr5dfUi+FkfHvFEm/Uxyyr8KePeRJ2cjs2SmmKiIIDfvOsvOGBODHl1NKOSLNU 6OS97zwB/dEF1hMfgDLrTRr19gFcypJp7xj7bsOJ33hY4OZJTvKCYxeoIkMyDM6f3/X/ PQOiK3iyOXgANkLHJ54eNjKDlRLd9077OqbZtuK0uXrZ2FV7w0VZc4VUV3VzSaf6X1bE +UpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:dkim-signature :dkim-signature:from; bh=hUG7rmDDTw+xlr6RHyGSOKwcBgloT4DosW3IMTd7BBM=; fh=HVRBJStvoKWbFco6Jta18xe5UAVCwWVs9OvJstciom4=; b=QUE+Nkl19B88clVm9oHqJJ6zo+Bc8dBCkwJVqyABKT1iYK7LdQ3jb3kRLi6K2rBG3C MKuxlTicFTHKTmoYN5CeKe+wPtNOUA9blIxJvvoRG/teU4957dNHPzTHqSNN7zgjdWVw gTdKr94byc/ollspkYkxIyRwm60HkNanPsJQNwUUf5hbPIs2rajmee1lS85FDCTrsB7R Vir0FJq2Ab6ttVF1h6L9Yq44+Cu12O+EEeHMcf40v0nQM26OIT640DTf5ZH1tcsPIb5J Iye4EQ/nxDh8pVOSH+sKMv6Hjwk17BULRbrgZWnvH8TxMXv4td6JXQiKcuCLXRgigI7N WhDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Vce1JtuA; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z66-20020a633345000000b005348977b5c5si328630pgz.97.2023.07.17.12.55.45; Mon, 17 Jul 2023 12:55:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Vce1JtuA; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231690AbjGQTqX (ORCPT + 99 others); Mon, 17 Jul 2023 15:46:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41530 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229927AbjGQTqN (ORCPT ); Mon, 17 Jul 2023 15:46:13 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 830A6132 for ; Mon, 17 Jul 2023 12:46:12 -0700 (PDT) From: John Ogness DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1689623170; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hUG7rmDDTw+xlr6RHyGSOKwcBgloT4DosW3IMTd7BBM=; b=Vce1JtuAQVTv1l9cEzg9q2Ye7ZGBCw2tUxBjqQO8CiFQ2iXh+JVQtedPmmFMr42UznzGCX JsxKsPvXPq4iZE9b9CHwxQChMI2TmGXlAfnndFIr4htHVULONnWsQV67Jw/Nmca+6NvFpE u1G/eWkXTTJZ+W5jex4Z76bIdLcdg2kGocvXdvwNDJIQhmdfJ4ZFH8XpfxPjwlVDBqVeHi TvXvU0JGVEXAV+eBS2uOtS9sB2pMF0hb7v3ITgcQe1x+m/KmXKD9p157jzQPPTJWvAsS5D fSCTmtTqD8YMuVXzcSZm0jyaC7A7nigcZThCrH5FZDzs6YbZi5D21Dgor8VTOQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1689623170; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hUG7rmDDTw+xlr6RHyGSOKwcBgloT4DosW3IMTd7BBM=; b=rSQkVG8qtKI051ietdCwRmm/xszJIswC45WrfVnbv6TkDIHdhVsmyTtEaOh0WluSoKDPCJ ohlMLPTrlUhmHKDA== To: Petr Mladek Cc: Sergey Senozhatsky , Steven Rostedt , Thomas Gleixner , linux-kernel@vger.kernel.org Subject: [PATCH printk v3 2/7] printk: Reduce console_unblank() usage in unsafe scenarios Date: Mon, 17 Jul 2023 21:52:02 +0206 Message-Id: <20230717194607.145135-3-john.ogness@linutronix.de> In-Reply-To: <20230717194607.145135-1-john.ogness@linutronix.de> References: <20230717194607.145135-1-john.ogness@linutronix.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,INVALID_DATE_TZ_ABSURD, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A semaphore is not NMI-safe, even when using down_trylock(). Both down_trylock() and up() are using internal spinlocks and up() might even call wake_up_process(). In the panic() code path it gets even worse because the internal spinlocks of the semaphore may have been taken by a CPU that has been stopped. To reduce the risk of deadlocks caused by the console semaphore in the panic path, make the following changes: - First check if any consoles have implemented the unblank() callback. If not, then there is no reason to take the console semaphore anyway. (This check is also useful for the non-panic path since the locking/unlocking of the console lock can be quite expensive due to console printing.) - If the panic path is in NMI context, bail out without attempting to take the console semaphore or calling any unblank() callbacks. Bailing out is acceptable because console_unblank() would already bail out if the console semaphore is contended. The alternative of ignoring the console semaphore and calling the unblank() callbacks anyway is a bad idea because these callbacks are also not NMI-safe. If consoles with unblank() callbacks exist and console_unblank() is called from a non-NMI panic context, it will still attempt a down_trylock(). This could still result in a deadlock if one of the stopped CPUs is holding the semaphore internal spinlock. But this is a risk that the kernel has been (and continues to be) willing to take. Signed-off-by: John Ogness --- kernel/printk/printk.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 9644f6e5bf15..7aa9dbee12e8 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -3043,9 +3043,27 @@ EXPORT_SYMBOL(console_conditional_schedule); void console_unblank(void) { + bool found_unblank = false; struct console *c; int cookie; + /* + * First check if there are any consoles implementing the unblank() + * callback. If not, there is no reason to continue and take the + * console lock, which in particular can be dangerous if + * @oops_in_progress is set. + */ + cookie = console_srcu_read_lock(); + for_each_console_srcu(c) { + if ((console_srcu_read_flags(c) & CON_ENABLED) && c->unblank) { + found_unblank = true; + break; + } + } + console_srcu_read_unlock(cookie); + if (!found_unblank) + return; + /* * Stop console printing because the unblank() callback may * assume the console is not within its write() callback. @@ -3054,6 +3072,16 @@ void console_unblank(void) * In that case, attempt a trylock as best-effort. */ if (oops_in_progress) { + /* Semaphores are not NMI-safe. */ + if (in_nmi()) + return; + + /* + * Attempting to trylock the console lock can deadlock + * if another CPU was stopped while modifying the + * semaphore. "Hope and pray" that this is not the + * current situation. + */ if (down_trylock_console_sem() != 0) return; } else -- 2.30.2