Message ID | 20201124061720.86766-7-aik@ozlabs.ru |
---|---|
State | New |
Headers | show |
Series | genirq/irqdomain: Add reference counting to IRQs | expand |
Alexey, On Tue, Nov 24 2020 at 17:17, Alexey Kardashevskiy wrote: > This moves hierarchical domain's irqs cleanup into the kobject release > hook to make irq_domain_free_irqs() as simple as kobject_put. Truly simple: Simply broken in multiple ways. CONFIG_SPARSE_IRQ=n is now completely buggered. It does not even compile anymore. Running core code changes through a larger set of cross compilers is neither rocket science nor optional. For CONFIG_SPARSE_IRQ=y, see below. > @@ -1675,14 +1679,11 @@ void irq_domain_free_irqs(unsigned int virq, unsigned int nr_irqs) > "NULL pointer, cannot free irq\n")) > return; > > - mutex_lock(&irq_domain_mutex); > - for (i = 0; i < nr_irqs; i++) > - irq_domain_remove_irq(virq + i); > - irq_domain_free_irqs_hierarchy(data->domain, virq, nr_irqs); > - mutex_unlock(&irq_domain_mutex); > + for (i = 0; i < nr_irqs; i++) { > + struct irq_desc *desc = irq_to_desc(virq + i); > > - irq_domain_free_irq_data(virq, nr_irqs); > - irq_free_descs(virq, nr_irqs); > + kobject_put(&desc->kobj); So up to this point both irq_dispose_mapping() _and_ irq_domain_free_irqs() invoked irq_free_descs(). Let's look at the call chains: irq_domain_free_irqs() irq_free_descs() mutex_lock(&sparse_irq_lock); for (i...) free_desc(from + i) irq_remove_debugfs_entry(); unregister_irq_proc(); irq_sysfs_del(); delete_irq_desc(); call_rcu(); bitmap_clear(allocated_irqs, ...); mutex_unlock(&sparse_irq_lock); with your modifications it does: irq_domain_free_irqs() for (i...) kobject_put(&desc->kobj) irq_kobj_release() if (desc->free_irq) desc->free_irq(desc); irq_remove_debugfs_entry(); unregister_irq_proc(); delete_irq_desc(); call_rcu(); Can you spot the wreckage? It's not even subtle, it's more than obvious. 1) None of the operations in irq_kobj_release() is protected by sparse_irq_lock anymore. There was a comment in free_desc() which explained what is protected. You removed parts of that comment and just left the sysfs portion of it above delete_irq_desc() which is completely bogus because you removed the irq_sysfs_del() call. 2) Nothing removes the freed interrupts from the allocation bitmap. Run this often enough and you exhausted the interrupt space. And no, you cannot just go and invoke irq_free_descs() instead of kobject_put(), simply because you'd create lock order inversion vs. the free_irq() callback. So no, it's not that simple and I'm not at all interested in another respin of this with some more duct tape applied. It can be done, but that needs way more thought, a proper design which preserves the existing semantics completely and wants to be a fine grained series where each patch does exactly ONE small thing which is reviewable and testable on _ALL_ users of this code, i.e. _ALL_ architectures and irq chip implementations. Thanks, tglx
diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c index 4779d912bb86..a0a81cc6c524 100644 --- a/kernel/irq/irqdomain.c +++ b/kernel/irq/irqdomain.c @@ -863,21 +863,9 @@ EXPORT_SYMBOL_GPL(irq_create_of_mapping); */ void irq_dispose_mapping(unsigned int virq) { - struct irq_data *irq_data = irq_get_irq_data(virq); - struct irq_domain *domain; + struct irq_desc *desc = irq_to_desc(virq); - if (!virq || !irq_data) - return; - - domain = irq_data->domain; - if (WARN_ON(domain == NULL)) - return; - - if (irq_domain_is_hierarchy(domain)) { - irq_domain_free_irqs(virq, 1); - } else { - irq_free_desc(virq); - } + kobject_put(&desc->kobj); } EXPORT_SYMBOL_GPL(irq_dispose_mapping); @@ -1396,6 +1384,19 @@ int irq_domain_alloc_irqs_hierarchy(struct irq_domain *domain, return domain->ops->alloc(domain, irq_base, nr_irqs, arg); } +static void irq_domain_hierarchy_free_desc(struct irq_desc *desc) +{ + unsigned int virq = desc->irq_data.irq; + struct irq_data *data = irq_get_irq_data(virq); + + mutex_lock(&irq_domain_mutex); + irq_domain_remove_irq(virq); + irq_domain_free_irqs_hierarchy(data->domain, virq, 1); + mutex_unlock(&irq_domain_mutex); + + irq_domain_free_irq_data(virq, 1); +} + int __irq_domain_alloc_irqs_data(struct irq_domain *domain, int virq, unsigned int nr_irqs, int node, void *arg, const struct irq_affinity_desc *affinity) @@ -1430,7 +1431,10 @@ int __irq_domain_alloc_irqs_data(struct irq_domain *domain, int virq, } for (i = 0; i < nr_irqs; i++) { + struct irq_desc *desc = irq_to_desc(virq + i); + irq_domain_insert_irq(virq + i); + desc->free_irq = irq_domain_hierarchy_free_desc; } mutex_unlock(&irq_domain_mutex); @@ -1675,14 +1679,11 @@ void irq_domain_free_irqs(unsigned int virq, unsigned int nr_irqs) "NULL pointer, cannot free irq\n")) return; - mutex_lock(&irq_domain_mutex); - for (i = 0; i < nr_irqs; i++) - irq_domain_remove_irq(virq + i); - irq_domain_free_irqs_hierarchy(data->domain, virq, nr_irqs); - mutex_unlock(&irq_domain_mutex); + for (i = 0; i < nr_irqs; i++) { + struct irq_desc *desc = irq_to_desc(virq + i); - irq_domain_free_irq_data(virq, nr_irqs); - irq_free_descs(virq, nr_irqs); + kobject_put(&desc->kobj); + } } /**
This moves hierarchical domain's irqs cleanup into the kobject release hook to make irq_domain_free_irqs() as simple as kobject_put. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> --- kernel/irq/irqdomain.c | 43 +++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-)