From nobody Sun Feb 8 23:28:12 2026 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A9E1186607 for ; Fri, 20 Dec 2024 14:15:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734704151; cv=none; b=aADzEwNcUKrYjvO8T9UO3k+r3KRxUJL6oBZ+33Y4fNopOc2neZhCMgcf1xZFNk1IcEKaQMtU+nCiA0tSBCDMhl/dFE7q3a9I+1ENoE/zsa2v2j4dokr0Q8Blc864jsBh0XR6VQFdxEG6um4y4lojULGKd/xH1ExqBibGyDBvdno= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734704151; c=relaxed/simple; bh=YN2nO4Sm3GfZBOvsNfU+Kr6NjsIfAxzVTIxviTPcxGI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=GY/IpIYPYt8u2bPca2ePBFkxhaWxPoOSbkiShc62szz/OQTkIFKmFIw3s9xwVU9EIRvG+Ncma3FZu1jv0HG9VemNrZdIWVSZ8d3BLj/7Gl3AlPcmGTAmhXZmyUynN8XyX2LYBPK+ePbuyN8iyFbwNx6q2IJ2KYQX7S3Mel1Jxo0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=RNIFtaXN; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="RNIFtaXN" Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 85CB53F84D for ; Fri, 20 Dec 2024 14:15:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1734704146; bh=g3brj8cxU6pQN4D7EcTNmqpW0SJpeeawfP1WTvYgoe0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=RNIFtaXNxYTi9zcdRrUv9MGLt+Wxme5pmPuU/ZKUTGpE0W52Vh/Pe8RSmWMrZqzD1 /BnKoOqDGmZ8AdYfFK7nHF2wfev2N2RvoWufuB8ObODZMYCxX6n4N+xheSTiOdWFlI hHrzKOaHbc3AaJAuW+ZaezLyDo1aJ5HnJ0QdE7Wq+o7ftpuJ9gJftT44GY89kKSVMd yhg7+LuhxnxLz6FbCwpeu+XZEHJ0/TL/fWMfrnuuOzpUrGsJxQgygQJpqPRfVOPtL5 Lz6fw7UEuHZnFpo1yB6odOf5n9lma1ev9ZaaUBbhEPiWHVntFdy8ER6TaTbeUxciz+ hByotm+e5IIhQ== Received: by mail-pl1-f198.google.com with SMTP id d9443c01a7336-2161d185f04so14423585ad.3 for ; Fri, 20 Dec 2024 06:15:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734704145; x=1735308945; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=g3brj8cxU6pQN4D7EcTNmqpW0SJpeeawfP1WTvYgoe0=; b=LuaGdW4LGblD7YJc+DpN87Ix4DMc/ST7BsWWVqmNoSpqTUabcqGUNToySDlScZM19K 7JhqFvcuk3gnd/gFfS0TklObOpta/TFhUG4VmuyAz88k4o14CgJoHTokqYVJ31rPMmfF /sKrhHh3XQ7PdPqJ3RPKPoJtrMkYlygKPD+aplrkwEGvaBygw0yGMGs4Ilv4Mvcwkwqt b2brp9OQF+69nmw/ZZS4QWg3WBXzFWk614jBnVW6Y9hQ3hOpxMQO7ha+wPa6OHKcqop9 o9M2VlOtA4bGFOAo8F31OSl9+gGwF1RBaWa9OMAZvu2lNV5RGKqM6CRl/YdHbGAFABSM Pw6Q== X-Gm-Message-State: AOJu0YznHJeuTXFt4eWWKboxBr/Tf3ApAIFt5bsY1PxhnJeoM2qn3ztE SVze4tcDUmqg4EKVg23zXblHV6cjuI28Vs/9pOvGCIruHsOKWIiGr20p3zX4YPgwrphzLr8sOFu WR13tSgWu88RB5r47q4ZsC13vI/aYl6bSLMT7ozY3Fb6zeo61qeB0U/IampoR0TGiJoZ64tBGFW lVWpoi/wYkSg== X-Gm-Gg: ASbGncumQotuWSJXQG/SH0VBXEh6AUp7ewuZCHlHfQQFOxm4vYQ14ggdrZaEJn7+jea PZ6kGCAuzHx8e6vFf6j6MsaXpwjGb1Fz7VfLJIcXmLutOyM+QOOzdZc2P9G1zB/4ekGg/rYQVtO j42d54L4jH7+fTh2jxixVQOeaEXaP0krFl+5/yziSDmQxtWj3x79mtJx85695Rn/69oqkzdNXE6 uhrjLb02EYsa8q6hkD2yRYnGgrfdvGrdE4wr2q9O/I9aHqyYls7YzqxmA== X-Received: by 2002:a05:6a20:6a06:b0:1e0:d104:4dbd with SMTP id adf61e73a8af0-1e5e085828cmr6272713637.46.1734704144935; Fri, 20 Dec 2024 06:15:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IGJ5ElpVeXpn3saDF3Edq9Qio1LwOMIk6R4OfpfuIggmTifx90jYE0hRDcNWSGIfDnSNXyuVw== X-Received: by 2002:a05:6a20:6a06:b0:1e0:d104:4dbd with SMTP id adf61e73a8af0-1e5e085828cmr6272668637.46.1734704144568; Fri, 20 Dec 2024 06:15:44 -0800 (PST) Received: from z790sl.. ([240f:74:7be:1:3abc:18f3:dfe7:d8c3]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad816529sm3149532b3a.5.2024.12.20.06.15.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Dec 2024 06:15:44 -0800 (PST) From: Koichiro Den To: linux-kernel@vger.kernel.org Cc: tglx@linutronix.de, peterz@infradead.org Subject: [PATCH] cpu/hotplug: disallow writing any state in atomic AP section to sysfs target Date: Fri, 20 Dec 2024 23:15:38 +0900 Message-ID: <20241220141538.4018232-1-koichiro.den@canonical.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When CONFIG_CPU_HOTPLUG_STATE_CONTROL=3Dy, writing a state within the atomic AP section to 'hotplug/target' file for a fully online cpu can cause a kernel crash [1]. This occurs because take_cpu_down() disables the CPU, but the state machine does not reach CPUHP_AP_OFFLINE. As a result, when cpu stopper thread finishes its work and idle task takes over, cpuhp_report_idle_dead() crashes on 'BUG_ON(st->state !=3D CPUHP_AP_OFFLINE)'. In the opposite direction, start_secondary() assumes all startup callbacks have been invoked and transitions to CPUHP_AP_ONLINE_IDLE, regardless of the written target. This can result in some callbacks in the section being silently skipped. To address the issue, disable writing any state within the atomic AP states to sysfs target. Additionally, set cant_stop to true for both CPUHP_BP_KICK_AP (when CONFIG_HOTPLUG_SPLIT_STARTUP=3Dy) and CPUHP_AP_ONLINE since we do not automatically make the state machine proceed to the other end of the atomic states. [1]: # grep 'tick:dying' /sys/devices/system/cpu/hotplug/states 143: tick:dying # cat /sys/devices/system/cpu/cpu7/hotplug/target 238 # fully online # echo 143 > /sys/devices/system/cpu/cpu7/hotplug/target [ 145.091832] ------------[ cut here ]------------ [ 145.092928] kernel BUG at kernel/cpu.c:1365! [ 145.093960] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI --(snip)-- Signed-off-by: Koichiro Den Tested-By: Vishal Chourasia --- Previous attempt: https://lore.kernel.org/all/20241207144721.2828390-1-koichiro.den@canonical= .com/ --- kernel/cpu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/cpu.c b/kernel/cpu.c index 34f1a09349fc..c877443f5888 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -2127,6 +2127,7 @@ static struct cpuhp_step cpuhp_hp_states[] =3D { [CPUHP_BP_KICK_AP] =3D { .name =3D "cpu:kick_ap", .startup.single =3D cpuhp_kick_ap_alive, + .cant_stop =3D true, }, =20 /* @@ -2192,6 +2193,7 @@ static struct cpuhp_step cpuhp_hp_states[] =3D { * state for synchronsization */ [CPUHP_AP_ONLINE] =3D { .name =3D "ap:online", + .cant_stop =3D true, }, /* * Handled on control processor until the plugged processor manages @@ -2759,7 +2761,8 @@ static ssize_t target_store(struct device *dev, struc= t device_attribute *attr, return ret; =20 #ifdef CONFIG_CPU_HOTPLUG_STATE_CONTROL - if (target < CPUHP_OFFLINE || target > CPUHP_ONLINE) + if (target < CPUHP_OFFLINE || target > CPUHP_ONLINE || + cpuhp_is_atomic_state(target)) return -EINVAL; #else if (target !=3D CPUHP_OFFLINE && target !=3D CPUHP_ONLINE) --=20 2.43.0