The patch titled
Subject: kernel/panic.c: move bust_spinlocks(0) after console_flush_on_panic() to avoid deadlocks
has been added to the -mm tree. Its filename is
panic-move-bust_spinlocks0-after-console_flush_on_panic-to-avoid-deadlocks.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/panic-move-bust_spinlocks0-after-console_flush_on_panic-to-avoid-deadlocks.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/panic-move-bust_spinlocks0-after-console_flush_on_panic-to-avoid-deadlocks.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Hoeun Ryu <hoeun.ryu@xxxxxxx>
Subject: kernel/panic.c: move bust_spinlocks(0) after console_flush_on_panic() to avoid deadlocks
Many console device drivers hold the uart_port->lock spinlock with irq
enabled (using spin_lock()) while the device drivers are writing
characters to their devices, but the device drivers just try to hold the
spin lock (using spin_trylock()) if "oops_in_progress" is equal or greater
than 1 to avoid deadlocks.
There is a case ocurring a deadlock related to the lock and
oops_in_progress. A CPU could be stopped by smp_send_stop() while it was
holding the port lock because irq was enabled. Once a CPU stops, it
doesn't respond interrupts anymore and the lock stays locked forever.
console_flush_on_panic() is called during panic() and it eventually holds
the uart lock but the lock is held by another stopped CPU and it is a
deadlock. By moving bust_spinlocks(0) after console_flush_on_panic(), let
the console device drivers think the Oops is still in progress to call
spin_trylock() instead of spin_lock() to avoid the deadlock.
Link: http://lkml.kernel.org/r/1528091179-3015-1-git-send-email-hoeun.ryu@xxxxxxxxxxx
Signed-off-by: Hoeun Ryu <hoeun.ryu@xxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxx>
Cc: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: "Steven Rostedt (VMware)" <rostedt@xxxxxxxxxxx>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>
Cc: Petr Mladek <pmladek@xxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/panic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -puN kernel/panic.c~panic-move-bust_spinlocks0-after-console_flush_on_panic-to-avoid-deadlocks kernel/panic.c
--- a/kernel/panic.c~panic-move-bust_spinlocks0-after-console_flush_on_panic-to-avoid-deadlocks
+++ a/kernel/panic.c
@@ -233,8 +233,6 @@ void panic(const char *fmt, ...)
if (_crash_kexec_post_notifiers)
__crash_kexec(NULL);
- bust_spinlocks(0);
-
/*
* We may have ended up stopping the CPU holding the lock (in
* smp_send_stop()) while still having some valuable data in the console
@@ -246,6 +244,8 @@ void panic(const char *fmt, ...)
debug_locks_off();
console_flush_on_panic();
+ bust_spinlocks(0);
+
if (!panic_blink)
panic_blink = no_blink;
_
Patches currently in -mm which might be from hoeun.ryu@xxxxxxx are
panic-move-bust_spinlocks0-after-console_flush_on_panic-to-avoid-deadlocks.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
