Re: [RESEND] [PATCH v2] [BUGFIX] x86/x86_64: fix CPU offlining triggered "active" device IRQ interrruption

From: Eric W. Biederman
Date: Wed Jun 03 2009 - 08:27:32 EST

Next message: Dmitry Eremin-Solenikov: "Re: [PATCH 4/6] net: add NL802154 interface for configuration of802.15.4 devices"
Previous message: Borislav Petkov: "Re: [PATCH] Request driver inclusion - acer aspire one fan control"
In reply to: Eric W. Biederman: "Re: [RESEND] [PATCH v2] [BUGFIX] x86/x86_64: fix CPU offlining triggered "active" device IRQ interrruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gary Hade <garyhade@xxxxxxxxxx> writes:

> Impact: Eliminates an issue that can leave the system in an
> unusable state.
>
> This patch addresses an issue where device generated IRQs
> are no longer seen by the kernel following IRQ affinity
> migration while the device is generating IRQs at a high rate.
>
> I have been able to consistently reproduce the problem on
> some of our systems by running the following script (VICTIM_IRQ
> specifies the IRQ for the aic94xx device) while a single instance
> of the command
> # while true; do find / -exec file {} \;; done
> is keeping the filesystem activity and IRQ rate reasonably high.

To be 100% clear.

If masking and checking to see if the irq was already pending was
sufficient to migrate irqs in process context was enough to
safely migrate irqs in process context then that is how we would
always do it. I have been down that road and down some extensive
testing in the past.

I found hardware bugs in both AMD and Intel IOAPIC that make your
code demonstrably unsafe.

I was challenged by some of the software guys from Intel and eventually
the came back and told me they had talked with their hardware engineers
and I was correct.

So no. This code is totally and severely broken and we should not do
it.

You are introducing complexity and heuristics to avoid the fact that
fixup_irqs is fundamentally broken. Sure you might tweak things
so they work a little more often.

> The root cause is a known issue already addressed for some
> code paths [e.g. ack_apic_level() and the now obsolete
> migrate_irq_remapped_level_desc()] where the ioapic can
> misbehave when the I/O redirection table register is written
> while the Remote IRR bit is set.

No the reason we do this is not because of the IRR. Although
that certainly does not help.

We do this because it is not in general safe to do complicated
reprogramming to the ioapic while the hardware may send an
irq. You can lock up the hardware state machine etc.

If the work around was as simple as you propose a delayed work or busy
waiting until the irq handler was complete variant would have been
written and used long ago.

So my reaction to this horrible afterthought is
NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO
PLEASE NO.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Eremin-Solenikov: "Re: [PATCH 4/6] net: add NL802154 interface for configuration of802.15.4 devices"
Previous message: Borislav Petkov: "Re: [PATCH] Request driver inclusion - acer aspire one fan control"
In reply to: Eric W. Biederman: "Re: [RESEND] [PATCH v2] [BUGFIX] x86/x86_64: fix CPU offlining triggered "active" device IRQ interrruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]