linux/arch/powerpc/platforms/powernv
Paul Mackerras e297c939b7 powerpc/MSI: Fix race condition in tearing down MSI interrupts
This fixes a race which can result in the same virtual IRQ number
being assigned to two different MSI interrupts.  The most visible
consequence of that is usually a warning and stack trace from the
sysfs code about an attempt to create a duplicate entry in sysfs.

The race happens when one CPU (say CPU 0) is disposing of an MSI
while another CPU (say CPU 1) is setting up an MSI.  CPU 0 calls
(for example) pnv_teardown_msi_irqs(), which calls
msi_bitmap_free_hwirqs() to indicate that the MSI (i.e. its
hardware IRQ number) is no longer in use.  Then, before CPU 0 gets
to calling irq_dispose_mapping() to free up the virtal IRQ number,
CPU 1 comes in and calls msi_bitmap_alloc_hwirqs() to allocate an
MSI, and gets the same hardware IRQ number that CPU 0 just freed.
CPU 1 then calls irq_create_mapping() to get a virtual IRQ number,
which sees that there is currently a mapping for that hardware IRQ
number and returns the corresponding virtual IRQ number (which is
the same virtual IRQ number that CPU 0 was using).  CPU 0 then
calls irq_dispose_mapping() and frees that virtual IRQ number.
Now, if another CPU comes along and calls irq_create_mapping(), it
is likely to get the virtual IRQ number that was just freed,
resulting in the same virtual IRQ number apparently being used for
two different hardware interrupts.

To fix this race, we just move the call to msi_bitmap_free_hwirqs()
to after the call to irq_dispose_mapping().  Since virq_to_hw()
doesn't work for the virtual IRQ number after irq_dispose_mapping()
has been called, we need to call it before irq_dispose_mapping() and
remember the result for the msi_bitmap_free_hwirqs() call.

The pattern of calling msi_bitmap_free_hwirqs() before
irq_dispose_mapping() appears in 5 places under arch/powerpc, and
appears to have originated in commit 05af7bd2d7 ("[POWERPC] MPIC
U3/U4 MSI backend") from 2007.

Fixes: 05af7bd2d7 ("[POWERPC] MPIC U3/U4 MSI backend")
Cc: stable@vger.kernel.org # v2.6.22+
Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-09-10 17:27:08 +10:00
..
eeh-powernv.c powerpc updates for 4.3 2015-09-03 16:41:38 -07:00
idle.c powerpc/powernv: pnv_init_idle_states() should only run on powernv 2015-06-15 16:45:12 +10:00
Kconfig powerpc/powernv: Add opal-prd channel 2015-06-05 08:32:21 +10:00
Makefile powerpc/powernv: Add opal-prd channel 2015-06-05 08:32:21 +10:00
opal-async.c powerpc/powernv: Reorder OPAL subsystem initialisation 2015-05-22 15:14:37 +10:00
opal-dump.c powernv/opal-dump: Convert to irq domain 2015-05-22 15:14:38 +10:00
opal-elog.c powerpc/powernv: Fix opal-elog interrupt handler 2015-07-06 20:24:36 +10:00
opal-flash.c powerpc/powernv: Add interfaces for flash device access 2015-04-11 20:49:21 +10:00
opal-hmi.c powerpc/powernv: Invoke opal_cec_reboot2() on unrecoverable HMI. 2015-08-06 15:10:19 +10:00
opal-irqchip.c genirq/irqdomain: Allow irq domain aliasing 2015-07-30 00:14:36 +02:00
opal-lpc.c powerpc/powernv: Properly fix LPC debugfs endianness 2014-10-31 17:09:04 +11:00
opal-memory-errors.c powerpc/powernv: Reorder OPAL subsystem initialisation 2015-05-22 15:14:37 +10:00
opal-msglog.c powerpc/powernv: Fix reading of OPAL msglog 2014-06-11 17:03:36 +10:00
opal-nvram.c powerpc/powernv: Add pstore support on powernv 2015-03-23 14:06:10 +11:00
opal-power.c powerpc/powernv: Add poweroff (EPOW, DPO) events support for PowerNV platform 2015-07-16 13:34:36 +10:00
opal-prd.c powerpc/powernv: Fix vma page prot flags in opal-prd driver 2015-07-06 12:06:42 +10:00
opal-rtc.c rtc/tpo: Driver to support rtc and wakeup on PowerNV platform 2014-11-17 18:04:01 +11:00
opal-sensor.c powerpc/powernv: Reorder OPAL subsystem initialisation 2015-05-22 15:14:37 +10:00
opal-sysparam.c powerpc/powernv: convert OPAL codes returned by sysparam calls 2015-06-04 22:27:56 +10:00
opal-tracepoints.c powerpc: Replace __get_cpu_var uses 2014-11-03 12:12:32 +11:00
opal-wrappers.S powerpc/powernv: Add OPAL interfaces for accessing and modifying system LED states 2015-08-20 18:19:07 +10:00
opal-xscom.c powerpc/powernv: Switch powernv drivers to use machine_xxx_initcall() 2014-07-28 14:11:26 +10:00
opal.c powerpc/powernv: Create LED platform device 2015-08-20 18:19:07 +10:00
pci-ioda.c powerpc/powernv/pci-ioda: fix kdump with non-power-of-2 crashkernel= 2015-09-07 20:14:18 +10:00
pci-p5ioc2.c vfio: powerpc/spapr: powerpc/powernv/ioda: Define and implement DMA windows API 2015-06-11 15:16:52 +10:00
pci.c powerpc/MSI: Fix race condition in tearing down MSI interrupts 2015-09-10 17:27:08 +10:00
pci.h powerpc/powernv: move dma_get_required_mask from pnv_phb to pci_controller_ops 2015-08-18 19:32:11 +10:00
powernv.h powerpc/powernv: move dma_get_required_mask from pnv_phb to pci_controller_ops 2015-08-18 19:32:11 +10:00
rng.c powerpc: Use hardware RNG for arch_get_random_seed_* not arch_get_random_* 2015-07-23 19:52:03 +10:00
setup.c powerpc/powernv: Reset HILE before kexec_sequence() 2015-08-20 18:19:09 +10:00
smp.c powerpc updates for 4.1 2015-04-16 13:53:32 -05:00
subcore-asm.S powerpc/powernv: Add support for POWER8 split core on powernv 2014-05-28 13:35:37 +10:00
subcore.c powerpc: Add an inline function to update POWER8 HID0 2015-08-14 15:58:28 +10:00
subcore.h powernv/powerpc: Add winkle support for offline cpus 2014-12-15 10:46:41 +11:00