• Michael Neuling's avatar
    powerpc/kexec: Fix race in kexec shutdown · 1fc711f7
    Michael Neuling authored
    In kexec_prepare_cpus, the primary CPU IPIs the secondary CPUs to
    kexec_smp_down().  kexec_smp_down() calls kexec_smp_wait() which sets
    the hw_cpu_id() to -1.  The primary does this while leaving IRQs on
    which means the primary can take a timer interrupt which can lead to
    the IPIing one of the secondary CPUs (say, for a scheduler re-balance)
    but since the secondary CPU now has a hw_cpu_id = -1, we IPI CPU
    -1... Kaboom!
    
    We are hitting this case regularly on POWER7 machines.
    
    There is also a second race, where the primary will tear down the MMU
    mappings before knowing the secondaries have entered real mode.
    
    Also, the secondaries are clearing out any pending IPIs before
    guaranteeing that no more will be received.
    
    This changes kexec_prepare_cpus() so that we turn off IRQs in the
    primary CPU much earlier.  It adds a paca flag to say that the
    secondaries have entered the kexec_smp_down() IPI and turned off IRQs,
    rather than overloading hw_cpu_id with -1.  This new paca flag is
    again used to in indicate when the secondaries has entered real mode.
    
    It also ensures that all CPUs have their IRQs off before we clear out
    any pending IPI requests (in kexec_cpu_down()) to ensure there are no
    trailing IPIs left unacknowledged.
    Signed-off-by: default avatarMichael Neuling <mikey@neuling.org>
    Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
    1fc711f7
kexec.h 2.79 KB