linux/drivers/misc
Mark Rutland eac80dd4bc lkdtm/bugs: add test for panic() with stuck secondary CPUs
Upon a panic() the kernel will use either smp_send_stop() or
crash_smp_send_stop() to attempt to stop secondary CPUs via an IPI,
which may or may not be an NMI. Generally it's preferable that this is an
NMI so that CPUs can be stopped in as many situations as possible, but
it's not always possible to provide an NMI, and there are cases where
CPUs may be unable to handle the NMI regardless.

This patch adds a test for panic() where all other CPUs are stuck with
interrupts disabled, which can be used to check whether the kernel
gracefully handles CPUs failing to respond to a stop, and whether NMIs
actually work to stop CPUs.

For example, on arm64 *without* an NMI, this results in:

| # echo PANIC_STOP_IRQOFF > /sys/kernel/debug/provoke-crash/DIRECT
| lkdtm: Performing direct entry PANIC_STOP_IRQOFF
| Kernel panic - not syncing: panic stop irqoff test
| CPU: 2 PID: 24 Comm: migration/2 Not tainted 6.5.0-rc3-00077-ge6c782389895-dirty #4
| Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
| Stopper: multi_cpu_stop+0x0/0x1a0 <- stop_machine_cpuslocked+0x158/0x1a4
| Call trace:
|  dump_backtrace+0x94/0xec
|  show_stack+0x18/0x24
|  dump_stack_lvl+0x74/0xc0
|  dump_stack+0x18/0x24
|  panic+0x358/0x3e8
|  lkdtm_PANIC+0x0/0x18
|  multi_cpu_stop+0x9c/0x1a0
|  cpu_stopper_thread+0x84/0x118
|  smpboot_thread_fn+0x224/0x248
|  kthread+0x114/0x118
|  ret_from_fork+0x10/0x20
| SMP: stopping secondary CPUs
| SMP: failed to stop secondary CPUs 0-3
| Kernel Offset: 0x401cf3490000 from 0xffff80008000000c0
| PHYS_OFFSET: 0x40000000
| CPU features: 0x00000000,68c167a1,cce6773f
| Memory Limit: none
| ---[ end Kernel panic - not syncing: panic stop irqoff test ]---

Note the "failed to stop secondary CPUs 0-3" message.

On arm64 *with* an NMI, this results in:

| # echo PANIC_STOP_IRQOFF > /sys/kernel/debug/provoke-crash/DIRECT
| lkdtm: Performing direct entry PANIC_STOP_IRQOFF
| Kernel panic - not syncing: panic stop irqoff test
| CPU: 1 PID: 19 Comm: migration/1 Not tainted 6.5.0-rc3-00077-ge6c782389895-dirty #4
| Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
| Stopper: multi_cpu_stop+0x0/0x1a0 <- stop_machine_cpuslocked+0x158/0x1a4
| Call trace:
|  dump_backtrace+0x94/0xec
|  show_stack+0x18/0x24
|  dump_stack_lvl+0x74/0xc0
|  dump_stack+0x18/0x24
|  panic+0x358/0x3e8
|  lkdtm_PANIC+0x0/0x18
|  multi_cpu_stop+0x9c/0x1a0
|  cpu_stopper_thread+0x84/0x118
|  smpboot_thread_fn+0x224/0x248
|  kthread+0x114/0x118
|  ret_from_fork+0x10/0x20
| SMP: stopping secondary CPUs
| Kernel Offset: 0x55a9c0bc0000 from 0xffff800080000000
| PHYS_OFFSET: 0x40000000
| CPU features: 0x00000000,68c167a1,fce6773f
| Memory Limit: none
| ---[ end Kernel panic - not syncing: panic stop irqoff test ]---

Note the absence of a "failed to stop secondary CPUs" message, since we
don't log anything when secondary CPUs are successfully stopped.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Stephen Boyd <swboyd@chromium.org>
Cc: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Link: https://lore.kernel.org/r/20230921161634.4063233-1-mark.rutland@arm.com
Signed-off-by: Kees Cook <keescook@chromium.org>
2023-09-28 16:39:08 -07:00
..
altera-stapl misc: add HAS_IOPORT dependencies 2023-05-29 15:05:00 +01:00
bcm-vk Char/Misc driver changes for 6.6-rc1 2023-09-01 09:53:54 -07:00
c2port driver core: class: remove module * from class_create() 2023-03-17 15:16:33 +01:00
cardreader misc: rtsx: judge ASPM Mode to set PETXCFG Reg 2023-08-04 15:52:43 +02:00
cb710
cxl Char/Misc driver changes for 6.6-rc1 2023-09-01 09:53:54 -07:00
echo
eeprom misc: eeprom/idt_89hpesx: Use devm_kmemdup to replace devm_kmalloc + memcpy 2023-08-11 21:38:52 +02:00
genwqe misc: genwqe: make class_genwqe a static const structure 2023-08-11 21:41:33 +02:00
ibmasm ibm: convert to ctime accessor functions 2023-07-13 10:28:02 +02:00
lis3lv02d misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00
lkdtm lkdtm/bugs: add test for panic() with stuck secondary CPUs 2023-09-28 16:39:08 -07:00
mchp_pci1xxxx misc: microchip: pci1xxxx: Fix some NULL vs IS_ERR() bugs 2023-08-12 12:58:56 +02:00
mei mei: make mei_class a static const structure 2023-08-22 13:42:00 +02:00
ocxl mmu_notifiers: rename invalidate_range notifier 2023-08-18 10:12:41 -07:00
pvpanic
sgi-gru mm: ptep_get() conversion 2023-06-19 16:19:25 -07:00
sgi-xp sgi-xp: simplify sysctl registration 2023-03-09 17:32:13 +01:00
ti-st misc: ti-st: make st_recv() conforming to tty_ldisc_ops::receive_buf() 2023-08-11 21:12:45 +02:00
uacce uacce: vma_close clears q->qfrs when freeing qfrs 2023-05-31 19:00:26 +01:00
vmw_vmci Char/Misc drivers for 6.4-rc1 2023-04-27 12:07:50 -07:00
ad525x_dpot-i2c.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
apds9802als.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
atmel-ssc.c misc: atmel-ssc: Use devm_platform_get_and_ioremap_resource() 2023-08-04 15:38:45 +02:00
bh1770glc.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
cs5535-mfgpt.c
ds1682.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
dummy-irq.c
dw-xdata-pcie.c
enclosure.c drivers: remove struct module * setting from struct class 2023-03-17 15:16:27 +01:00
fastrpc.c misc: fastrpc: Pass proper scm arguments for static process init 2023-08-22 16:00:20 +02:00
gehc-achc.c
hi6421v600-irq.c misc: hi6421-spmi-pmic: Remove redundant dev_err() 2023-08-04 15:39:10 +02:00
hisi_hikey_usb.c
hmc6352.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
hpilo.c misc: hpilo: make ilo_class a static const structure 2023-08-11 21:41:36 +02:00
hpilo.h
ibmvmc.c ibm: convert to ctime accessor functions 2023-07-13 10:28:02 +02:00
ibmvmc.h
ics932s401.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
isl29003.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
isl29020.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
Kconfig misc: open-dice: make OPEN_DICE depend on HAS_IOMEM 2023-08-04 15:39:42 +02:00
kgdbts.c
lattice-ecp3-config.c
Makefile misc: tps6594-pfsm: Add driver for TI TPS6594 PFSM 2023-06-15 13:41:53 +02:00
open-dice.c mm: replace vma->vm_flags direct modifications with modifier calls 2023-02-09 16:51:39 -08:00
pch_phub.c
pci_endpoint_test.c misc: pci_endpoint_test: Simplify pci_endpoint_test_msi_irq() 2023-06-23 15:04:15 -05:00
phantom.c driver core: class: remove module * from class_create() 2023-03-17 15:16:33 +01:00
qcom-coincell.c misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00
smpro-errmon.c misc: smpro-errmon: Remove the unneeded include <linux/i2c.h> 2023-05-31 19:00:10 +01:00
smpro-misc.c
sram-exec.c
sram.c misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00
sram.h misc: sram: Improve and simplify clk handling 2023-03-09 17:31:53 +01:00
tifm_7xx1.c
tifm_core.c
tps6594-esm.c Merge 6.5-rc6 into char-misc-next 2023-08-13 22:14:51 +02:00
tps6594-pfsm.c misc: tps6594: Remove redundant dev_err_probe() for platform_get_irq_byname() 2023-08-12 12:58:40 +02:00
tsl2550.c misc: Switch i2c drivers back to use .probe() 2023-05-29 15:04:52 +01:00
vcpu_stall_detector.c misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00
vmw_balloon.c misc: vmw_balloon: fix memory leak with using debugfs_lookup() 2023-02-08 13:24:22 +01:00
xilinx_sdfec.c misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00
xilinx_tmr_inject.c misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00
xilinx_tmr_manager.c misc: Explicitly include correct DT includes 2023-08-04 15:39:04 +02:00