From patchwork Thu Oct 12 06:41:22 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner <tip-bot2@linutronix.de>
X-Patchwork-Id: 151779
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id
 ib8csp1026674vqb;
        Wed, 11 Oct 2023 23:41:45 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEXrjt0vjieYioPIpdVRYecEc5+xisANHv8cyhlPxI5JhDjcV+Mx7w3wlFDqZcCxxyg6gxc
X-Received: by 2002:a05:6358:f17:b0:14d:8792:1cec with SMTP id
 b23-20020a0563580f1700b0014d87921cecmr15422774rwj.1.1697092905526;
        Wed, 11 Oct 2023 23:41:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697092905; cv=none;
        d=google.com; s=arc-20160816;
        b=Ko6W6dVO08JAYzfvdd9JR6oVyOhUBzOSi9pg18bdtQm0OI7P3dHhKuDwvpdre7xdp1
         zYmdCiRPlIxyoZl+26BJCD8wU+PS1rZVYUpUV+RsgTb+SZEC3c/fn4SdsOXFCNHH4MSf
         XiD4TU2NrNvfW2ilIo/fAHz3wiW9+Z/Kdsi7VoYeb5xbPZCqzTsNpfuDqYhEBIQnVZH3
         Mwck45EOZy4g8XH0/4pxQWjWVCSVnAH8VYOjagEURUUU3LUx7UrJWwqIvdkBqIYDRA2D
         TtdjW85jSxWa67tPJVrgc+GoI2pLbolks2a/2gK0Mvy2h2CsGfAj+U+2BFuo4vzI6CZt
         HKTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:robot-unsubscribe
         :robot-id:message-id:mime-version:references:in-reply-to:cc:subject
         :to:reply-to:sender:from:dkim-signature:dkim-signature:date;
        bh=QiQ+QJLnKZUB1+VUZ4jufENKlSDw5YT/ILtFyVL9bPo=;
        fh=b5gl0QVqC5wtVRQ/3MmRG3lQUj5E8SLgow2agVt6LQg=;
        b=TwUigXTnCzPz7RMP5t0W/wifX95M2cnaQzCSH40XMKV0jGaDhNLGlqSRuzC/BINN+B
         /6C9Kr/5bTfOcIaPDtPQ+tZ6iL4j8dETL2qJ6XXiqzlgIW5C/UUchNlFPxIxpJ1I9Gzi
         +Q4ACOUEAhc+/HJRQg3Tm9DCwxtsua/a2R9u1DUpRnAByW7qztHeq0A4RO1T1QgSmZER
         xxNk3CUZ2iNZSn3+CaWECMGraGPehO4xSN8tqfsebnfSVaX1tpQtnLuusgk5Jx7xO6lP
         LA3Ajz5SOtXjQOYmZ0+OhflIjR5FdJk+pZi+g7sxUvam3PgcEyJEErCFFd6fn5HTo2ft
         1n4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=m7Wx1knV;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:4 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4])
        by mx.google.com with ESMTPS id
 x186-20020a6386c3000000b005859cea158fsi1559539pgd.207.2023.10.11.23.41.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 11 Oct 2023 23:41:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:4 as permitted sender)
 client-ip=2620:137:e000::3:4;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=m7Wx1knV;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:4 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id E2B6882250AD;
	Wed, 11 Oct 2023 23:41:42 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1377382AbjJLGl2 (ORCPT <rfc822;rua109.linux@gmail.com>
        + 19 others); Thu, 12 Oct 2023 02:41:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37970 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343567AbjJLGl0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Oct 2023 02:41:26 -0400
Received: from galois.linutronix.de (Galois.linutronix.de
 [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE6FEC4;
        Wed, 11 Oct 2023 23:41:24 -0700 (PDT)
Date: Thu, 12 Oct 2023 06:41:22 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1697092883;
        h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:cc:mime-version:mime-version:
         content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=QiQ+QJLnKZUB1+VUZ4jufENKlSDw5YT/ILtFyVL9bPo=;
        b=m7Wx1knVv4OyMdB2KolinwgohWkPE3vUJfBZeiNR5D0sJuNeN51Z5TncWZdMIEV8GJUN7T
        YNRJIpz0g8P0wLfJG+vvSKW3VTqV5KU8Eva+ZGtk9Y7rl8hyyh7USkyWefBCUXwR21DeDT
        DOnzrrqCNeMQb1o8tCsQbMAYYUMMHK1Cg4k/Houk61VmL3Rufts9nxSVrDUNGTQvy/Jr18
        jr8AXap35UkEbCInVXzYpwJJktp0nu9p9kzzoFbCPfCWcWPEsxkiVtsvGfdSmq7vL0AXpn
        bpR2g5AWDWnf4p9u3IW7KppSkdSIAwv+/TBb2sWwQGjKAR390vKTRcwDBHRpvQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1697092883;
        h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:cc:mime-version:mime-version:
         content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=QiQ+QJLnKZUB1+VUZ4jufENKlSDw5YT/ILtFyVL9bPo=;
        b=w0WBBOHHKC+g3w3xQ2E9eUtZ9ZUmfDKD4uug0YFVramsZXBsSOdXE8qaYqqSkZuwb2RRC4
        kynG72+UaH27idDw==
From: "tip-bot2 for Paul E. McKenney" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/irq] x86/nmi: Fix out-of-order NMI nesting checks & false
 positive warning
Cc: Chris Mason <clm@fb.com>, "Paul E. McKenney" <paulmck@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org
In-Reply-To: <0cbff831-6e3d-431c-9830-ee65ee7787ff@paulmck-laptop>
References: <0cbff831-6e3d-431c-9830-ee65ee7787ff@paulmck-laptop>
MIME-Version: 1.0
Message-ID: <169709288266.3135.14961359666670260279.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: Contact <mailto:tglx@linutronix.de> to get blacklisted from
 these emails
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]);
 Wed, 11 Oct 2023 23:41:42 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779530890494783205
X-GMAIL-MSGID: 1779530890494783205

The following commit has been merged into the x86/irq branch of tip:

Commit-ID:     f44075ecafb726830e63d33fbca29413149eeeb8
Gitweb:        https://git.kernel.org/tip/f44075ecafb726830e63d33fbca29413149eeeb8
Author:        Paul E. McKenney <paulmck@kernel.org>
AuthorDate:    Wed, 11 Oct 2023 11:40:16 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 12 Oct 2023 08:35:15 +02:00

x86/nmi: Fix out-of-order NMI nesting checks & false positive warning

The ->idt_seq and ->recv_jiffies variables added by:

  1a3ea611fc10 ("x86/nmi: Accumulate NMI-progress evidence in exc_nmi()")

... place the exit-time check of the bottom bit of ->idt_seq after the
this_cpu_dec_return() that re-enables NMI nesting.  This can result in
the following sequence of events on a given CPU in kernels built with
CONFIG_NMI_CHECK_CPU=y:

  o   An NMI arrives, and ->idt_seq is incremented to an odd number.
      In addition, nmi_state is set to NMI_EXECUTING==1.

  o   The NMI is processed.

  o   The this_cpu_dec_return(nmi_state) zeroes nmi_state and returns
      NMI_EXECUTING==1, thus opting out of the "goto nmi_restart".

  o   Another NMI arrives and ->idt_seq is incremented to an even
      number, triggering the warning.  But all is just fine, at least
      assuming we don't get so many closely spaced NMIs that the stack
      overflows or some such.

Experience on the fleet indicates that the MTBF of this false positive
is about 70 years.  Or, for those who are not quite that patient, the
MTBF appears to be about one per week per 4,000 systems.

Fix this false-positive warning by moving the "nmi_restart" label before
the initial ->idt_seq increment/check and moving the this_cpu_dec_return()
to follow the final ->idt_seq increment/check.  This way, all nested NMIs
that get past the NMI_NOT_RUNNING check get a clean ->idt_seq slate.
And if they don't get past that check, they will set nmi_state to
NMI_LATCHED, which will cause the this_cpu_dec_return(nmi_state)
to restart.

Fixes: 1a3ea611fc10 ("x86/nmi: Accumulate NMI-progress evidence in exc_nmi()")
Reported-by: Chris Mason <clm@fb.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lore.kernel.org/r/0cbff831-6e3d-431c-9830-ee65ee7787ff@paulmck-laptop
---
 arch/x86/kernel/nmi.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
index a0c5518..4766b6b 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -507,12 +507,13 @@ DEFINE_IDTENTRY_RAW(exc_nmi)
 	}
 	this_cpu_write(nmi_state, NMI_EXECUTING);
 	this_cpu_write(nmi_cr2, read_cr2());
+
+nmi_restart:
 	if (IS_ENABLED(CONFIG_NMI_CHECK_CPU)) {
 		WRITE_ONCE(nsp->idt_seq, nsp->idt_seq + 1);
 		WARN_ON_ONCE(!(nsp->idt_seq & 0x1));
 		WRITE_ONCE(nsp->recv_jiffies, jiffies);
 	}
-nmi_restart:
 
 	/*
 	 * Needs to happen before DR7 is accessed, because the hypervisor can
@@ -548,16 +549,16 @@ nmi_restart:
 
 	if (unlikely(this_cpu_read(nmi_cr2) != read_cr2()))
 		write_cr2(this_cpu_read(nmi_cr2));
-	if (this_cpu_dec_return(nmi_state))
-		goto nmi_restart;
-
-	if (user_mode(regs))
-		mds_user_clear_cpu_buffers();
 	if (IS_ENABLED(CONFIG_NMI_CHECK_CPU)) {
 		WRITE_ONCE(nsp->idt_seq, nsp->idt_seq + 1);
 		WARN_ON_ONCE(nsp->idt_seq & 0x1);
 		WRITE_ONCE(nsp->recv_jiffies, jiffies);
 	}
+	if (this_cpu_dec_return(nmi_state))
+		goto nmi_restart;
+
+	if (user_mode(regs))
+		mds_user_clear_cpu_buffers();
 }
 
 #if IS_ENABLED(CONFIG_KVM_INTEL)