[tip: irq/core] x86/apic/vector: Force interupt handler invocation to irq context

From: tip-bot2 for Thomas Gleixner
Date: Sun Mar 08 2020 - 06:14:52 EST

Next message: tip-bot2 for Thomas Gleixner: "[tip: irq/core] PCI/AER: Fix the broken interrupt injection"
Previous message: tip-bot2 for luanshi: "[tip: irq/core] irqdomain: Fix function documentation of __irq_domain_alloc_fwnode()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following commit has been merged into the irq/core branch of tip:

Commit-ID: 008f1d60fe25810d4554916744b0975d76601b64
Gitweb: https://git.kernel.org/tip/008f1d60fe25810d4554916744b0975d76601b64
Author: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
AuthorDate: Fri, 06 Mar 2020 14:03:44 +01:00
Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitterDate: Sun, 08 Mar 2020 11:06:40 +01:00

x86/apic/vector: Force interupt handler invocation to irq context

Sathyanarayanan reported that the PCI-E AER error injection mechanism
can result in a NULL pointer dereference in apic_ack_edge():

BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
RIP: 0010:apic_ack_edge+0x1e/0x40
Call Trace:
handle_edge_irq+0x7d/0x1e0
generic_handle_irq+0x27/0x30
aer_inject_write+0x53a/0x720

It crashes in irq_complete_move() which dereferences get_irq_regs() which
is obviously NULL when this is called from non interrupt context.

Of course the pointer could be checked, but that just papers over the real
issue. Invoking the low level interrupt handling mechanism from random code
can wreckage the fragile interrupt affinity mechanism of x86 as interrupts
can only be moved in interrupt context or with special care when a CPU goes
offline and the move has to be enforced.

In the best case this triggers the warning in the MSI affinity setter, but
if the call happens on the correct CPU it just corrupts state and might
prevent further interrupt delivery for the affected device.

Mark the APIC interrupts as unsuitable for being invoked in random contexts.

This prevents the AER injection from proliferating the wreckage, but that's
less broken than the current state of affairs and more correct than just
papering over the problem by sprinkling random checks all over the place
and silently corrupting state.

Reported-by: sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Link: https://lkml.kernel.org/r/20200306130623.684591280@xxxxxxxxxxxxx

---
arch/x86/kernel/apic/vector.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index 2c5676b..6f6d98d 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -557,6 +557,12 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq,
irqd->hwirq = virq + i;
irqd_set_single_target(irqd);
/*
+ * Prevent that any of these interrupts is invoked in
+ * non interrupt context via e.g. generic_handle_irq()
+ * as that can corrupt the affinity move state.
+ */
+ irqd_set_handle_enforce_irqctx(irqd);
+ /*
* Legacy vectors are already assigned when the IOAPIC
* takes them over. They stay on the same vector. This is
* required for check_timer() to work correctly as it might

Next message: tip-bot2 for Thomas Gleixner: "[tip: irq/core] PCI/AER: Fix the broken interrupt injection"
Previous message: tip-bot2 for luanshi: "[tip: irq/core] irqdomain: Fix function documentation of __irq_domain_alloc_fwnode()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]