From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:51724 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751736AbcHHOXZ (ORCPT ); Mon, 8 Aug 2016 10:23:25 -0400 Subject: Patch "cpu/hotplug: Keep enough storage space if SMP=n to avoid array out of bounds scribble" has been added to the 4.6-stable tree To: tglx@linutronix.de, acme@kernel.org, acme@redhat.com, alexander.shishkin@linux.intel.com, anna-maria@linutronix.de, bigeasy@linutronix.de, bp@suse.de, eranian@google.com, gregkh@linuxfoundation.org, jolsa@redhat.com, kan.liang@intel.com, kilobyte@angband.pl, mingo@kernel.org, peterz@infradead.org, torvalds@linux-foundation.org, vincent.weaver@maine.edu, xiaolong.ye@intel.com Cc: , From: Date: Mon, 08 Aug 2016 16:23:29 +0200 Message-ID: <1470666209204110@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled cpu/hotplug: Keep enough storage space if SMP=n to avoid array out of bounds scribble to the 4.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: cpu-hotplug-keep-enough-storage-space-if-smp-n-to-avoid-array-out-of-bounds-scribble.patch and it can be found in the queue-4.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From a7c734140aa36413944eef0f8c660e0e2256357d Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 12 Jul 2016 21:59:23 +0200 Subject: cpu/hotplug: Keep enough storage space if SMP=n to avoid array out of bounds scribble From: Thomas Gleixner commit a7c734140aa36413944eef0f8c660e0e2256357d upstream. Xiaolong Ye reported lock debug warnings triggered by the following commit: 8de4a0066106 ("perf/x86: Convert the core to the hotplug state machine") The bug is the following: the cpuhp_bp_states[] array is cut short when CONFIG_SMP=n, but the dynamically registered callbacks are stored nevertheless and happily scribble outside of the array bounds... We need to store them in case that the state is unregistered so we can invoke the teardown function. That's independent of CONFIG_SMP. Make sure the array is large enough. Reported-by: kernel test robot Signed-off-by: Thomas Gleixner Cc: Adam Borowski Cc: Alexander Shishkin Cc: Anna-Maria Gleixner Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sebastian Andrzej Siewior Cc: Stephane Eranian Cc: Vince Weaver Cc: lkp@01.org Cc: tipbuild@zytor.com Fixes: cff7d378d3fd "cpu/hotplug: Convert to a state machine for the control processor" Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1607122144560.4083@nanos Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- kernel/cpu.c | 2 ++ 1 file changed, 2 insertions(+) --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -1218,6 +1218,8 @@ static struct cpuhp_step cpuhp_bp_states .teardown = takedown_cpu, .cant_stop = true, }, +#else + [CPUHP_BRINGUP_CPU] = { }, #endif }; Patches currently in stable-queue which might be from tglx@linutronix.de are queue-4.6/cpu-hotplug-keep-enough-storage-space-if-smp-n-to-avoid-array-out-of-bounds-scribble.patch queue-4.6/x86-quirks-apply-nvidia_bugs-quirk-only-on-root-bus.patch queue-4.6/irqchip-mips-gic-match-ipi-irq-domain-by-bus-token-only.patch queue-4.6/x86-quirks-add-early-quirk-to-reset-apple-airport-card.patch queue-4.6/sched-fair-fix-effective_load-to-consistently-use-smoothed-load.patch queue-4.6/sched-debug-fix-deadlock-when-enabling-sched-events.patch queue-4.6/x86-quirks-reintroduce-scanning-of-secondary-buses.patch queue-4.6/irqchip-mips-gic-map-to-vps-using-hw-vpnum.patch queue-4.6/kernel-sysrq-watchdog-sched-core-reset-watchdog-on-all-cpus-while-processing-sysrq-w.patch queue-4.6/posix_cpu_timer-exit-early-when-process-has-been-reaped.patch