On Wed, Aug 28, 2024 at 01:52:33PM GMT, Michael Ellerman wrote:

"Nysal Jan K.A." [off-list ref] writes:

quoted

If an interrupt occurs in queued_spin_lock_slowpath() after we increment
qnodesp->count and before node->lock is initialized, another CPU might
see stale lock values in get_tail_qnode(). If the stale lock value happens
to match the lock on that CPU, then we write to the "next" pointer of
the wrong qnode. This causes a deadlock as the former CPU, once it becomes
the head of the MCS queue, will spin indefinitely until it's "next" pointer
is set by its successor in the queue. This results in lockups similar to
the following.

...

quoted

Thanks to Saket Kumar Bhaskar for help with recreating the issue

Fixes: 84990b169557 ("powerpc/qspinlock: add mcs queueing for contended waiters")
Cc: stable@vger.kernel.org # v6.2+
Reported-by: Geetika Moolchandani <redacted>
Reported-by: Vaishnavi Bhat <redacted>
Reported-by: Jijo Varghese <redacted>

 
Do we have links for any of these reports?

They are all internal reports on LTC bugzilla. I don't see one that is public.

cheers

Regards
--Nysal