genirq: Fix race on spurious interrupt detection
authorLukas Wunner <lukas@wunner.de>
Thu, 18 Oct 2018 13:15:05 +0000 (15:15 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 13 Nov 2018 19:17:01 +0000 (11:17 -0800)
commit 746a923b863a1065ef77324e1e43f19b1a3eab5c upstream.

Commit 1e77d0a1ed74 ("genirq: Sanitize spurious interrupt detection of
threaded irqs") made detection of spurious interrupts work for threaded
handlers by:

a) incrementing a counter every time the thread returns IRQ_HANDLED, and
b) checking whether that counter has increased every time the thread is
   woken.

However for oneshot interrupts, the commit unmasks the interrupt before
incrementing the counter.  If another interrupt occurs right after
unmasking but before the counter is incremented, that interrupt is
incorrectly considered spurious:

time
 |  irq_thread()
 |    irq_thread_fn()
 |      action->thread_fn()
 |      irq_finalize_oneshot()
 |        unmask_threaded_irq()            /* interrupt is unmasked */
 |
 |                  /* interrupt fires, incorrectly deemed spurious */
 |
 |    atomic_inc(&desc->threads_handled); /* counter is incremented */
 v

This is observed with a hi3110 CAN controller receiving data at high volume
(from a separate machine sending with "cangen -g 0 -i -x"): The controller
signals a huge number of interrupts (hundreds of millions per day) and
every second there are about a dozen which are deemed spurious.

In theory with high CPU load and the presence of higher priority tasks, the
number of incorrectly detected spurious interrupts might increase beyond
the 99,900 threshold and cause disablement of the interrupt.

In practice it just increments the spurious interrupt count. But that can
cause people to waste time investigating it over and over.

Fix it by moving the accounting before the invocation of
irq_finalize_oneshot().

[ tglx: Folded change log update ]

Fixes: 1e77d0a1ed74 ("genirq: Sanitize spurious interrupt detection of threaded irqs")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mathias Duckeck <m.duckeck@kunbus.de>
Cc: Akshay Bhat <akshay.bhat@timesys.com>
Cc: Casey Fitzpatrick <casey.fitzpatrick@timesys.com>
Cc: stable@vger.kernel.org # v3.16+
Link: https://lkml.kernel.org/r/1dfd8bbd16163940648045495e3e9698e63b50ad.1539867047.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/irq/manage.c

index e121645bb8a1017481cd8b72e46bb9c3e9a8772b..cf94460504bbafd77a09f406edb2ed86719661a8 100644 (file)
@@ -878,6 +878,9 @@ irq_forced_thread_fn(struct irq_desc *desc, struct irqaction *action)
 
        local_bh_disable();
        ret = action->thread_fn(action->irq, action->dev_id);
+       if (ret == IRQ_HANDLED)
+               atomic_inc(&desc->threads_handled);
+
        irq_finalize_oneshot(desc, action);
        local_bh_enable();
        return ret;
@@ -894,6 +897,9 @@ static irqreturn_t irq_thread_fn(struct irq_desc *desc,
        irqreturn_t ret;
 
        ret = action->thread_fn(action->irq, action->dev_id);
+       if (ret == IRQ_HANDLED)
+               atomic_inc(&desc->threads_handled);
+
        irq_finalize_oneshot(desc, action);
        return ret;
 }
@@ -971,8 +977,6 @@ static int irq_thread(void *data)
                irq_thread_check_affinity(desc, action);
 
                action_ret = handler_fn(desc, action);
-               if (action_ret == IRQ_HANDLED)
-                       atomic_inc(&desc->threads_handled);
                if (action_ret == IRQ_WAKE_THREAD)
                        irq_wake_secondary(desc, action);