Re: [PATCH v2] x86/i8253: fix possible deadlock when turning off the PIT
From: David Woodhouse
Date: Thu Mar 27 2025 - 12:46:50 EST
On Thu, 2025-03-27 at 16:22 +0100, Fernando Fernandez Mancera wrote:
> As the PIT could be disabled during the init, it can possibly cause a
> deadlock. hpet_time_init()->pit_timer_init() is called without IRQ off.
> It assumes that clockevent_i8253_disable() is IRQ-safe, which it isn't.
>
> Disable interrupt around clockevent_i8253_disable() call in
> pit_timer_init().
>
> [ 45.408952] =====================================================
> [ 45.408970] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
> [ 45.408974] 6.14.0-rc7+ #6 Not tainted
> [ 45.408978] -----------------------------------------------------
> [ 45.408980] systemd-sleep/3324 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
> [ 45.408986] ffffffffb2c23398 (i8253_lock){+.+.}-{2:2}, at: pcspkr_event+0x3f/0xe0 [pcspkr]
> [ 45.409004]
> and this task is already holding:
> [ 45.409006] ffff9c334d7c2230 (&dev->event_lock){-.-.}-{3:3}, at: input_dev_resume+0x21/0x50
> [ 45.409023] which would create a new lock dependency:
> [ 45.409025] (&dev->event_lock){-.-.}-{3:3} -> (i8253_lock){+.+.}-{2:2}
> [ 45.409043]
> but this new dependency connects a HARDIRQ-irq-safe lock:
> [ 45.409045] (&dev->event_lock){-.-.}-{3:3}
> [ 45.409052]
> ... which became HARDIRQ-irq-safe at:
> [ 45.409055] lock_acquire+0xd0/0x2f0
> [ 45.409062] _raw_spin_lock_irqsave+0x48/0x70
> [ 45.409067] input_event+0x3c/0x80
> [ 45.409071] atkbd_receive_byte+0x9b/0x6e0
> [ 45.409077] ps2_interrupt+0xb2/0x1d0
> [ 45.409082] serio_interrupt+0x4a/0x90
> [ 45.409087] i8042_handle_data+0xf8/0x280
> [ 45.409091] i8042_interrupt+0x11/0x40
> [ 45.409095] __handle_irq_event_percpu+0x87/0x260
> [ 45.409100] handle_irq_event+0x38/0x90
> [ 45.409105] handle_edge_irq+0x8b/0x230
> [ 45.409109] __common_interrupt+0x5c/0x120
> [ 45.409114] common_interrupt+0x80/0xa0
> [ 45.409120] asm_common_interrupt+0x26/0x40
> [ 45.409125] pv_native_safe_halt+0xf/0x20
> [ 45.409130] default_idle+0x9/0x20
> [ 45.409135] default_idle_call+0x7a/0x1d0
> [ 45.409140] do_idle+0x215/0x260
> [ 45.409144] cpu_startup_entry+0x29/0x30
> [ 45.409149] start_secondary+0x132/0x170
> [ 45.409153] common_startup_64+0x13e/0x141
> [ 45.409158]
> to a HARDIRQ-irq-unsafe lock:
> [ 45.409161] (i8253_lock){+.+.}-{2:2}
> [ 45.409167]
> ... which became HARDIRQ-irq-unsafe at:
> [ 45.409170] ...
> [ 45.409172] lock_acquire+0xd0/0x2f0
> [ 45.409177] _raw_spin_lock+0x30/0x40
> [ 45.409181] clockevent_i8253_disable+0x1c/0x60
> [ 45.409186] pit_timer_init+0x25/0x50
> [ 45.409191] hpet_time_init+0x46/0x50
> [ 45.409196] x86_late_time_init+0x1b/0x40
> [ 45.409201] start_kernel+0x962/0xa00
> [ 45.409206] x86_64_start_reservations+0x24/0x30
> [ 45.409211] x86_64_start_kernel+0xed/0xf0
> [ 45.409215] common_startup_64+0x13e/0x141
> [ 45.409220]
> other info that might help us debug this:
>
> [ 45.409222] Possible interrupt unsafe locking scenario:
>
> [ 45.409224] CPU0 CPU1
> [ 45.409226] ---- ----
> [ 45.409228] lock(i8253_lock);
> [ 45.409234] local_irq_disable();
> [ 45.409237] lock(&dev->event_lock);
> [ 45.409243] lock(i8253_lock);
> [ 45.409249] <Interrupt>
> [ 45.409251] lock(&dev->event_lock);
> [ 45.409257]
> *** DEADLOCK ***
>
> Fixes: 70e6b7d9ae3c ("x86/i8253: Disable PIT timer 0 when not in use")
> Signed-off-by: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
> ---
> v2: disable local IRQ in pit_timer_init()
Thanks.
Reviewed-by: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Worth a WARN_ON(!irqs_disabled()) in clockevent_i8253_disable() too?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature