[PATCH -mm] ehca: avoid crash on kthread_create() failure

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Akinobu Mita <akinobu.mita@gmail.com>
To: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-kernel@vger.kernel.org,
	Hoang-Nam Nguyen <hnguyen@de.ibm.com>,
	Christoph Raisch <raisch@de.ibm.com>,
	akpm@osdl.org
Subject: [PATCH -mm] ehca: avoid crash on kthread_create() failure
Date: Mon, 25 Dec 2006 17:12:57 +0900	[thread overview]
Message-ID: <20061225081257.GA3869@APFDCB5C> (raw)
In-Reply-To: <20061221212202.GA23157@osiris.ibm.com>

On Thu, Dec 21, 2006 at 10:22:02PM +0100, Heiko Carstens wrote:
> > Index: 2.6-mm/drivers/infiniband/hw/ehca/ehca_irq.c
> > ===================================================================
> > --- 2.6-mm.orig/drivers/infiniband/hw/ehca/ehca_irq.c
> > +++ 2.6-mm/drivers/infiniband/hw/ehca/ehca_irq.c
> > @@ -670,11 +670,13 @@ static int comp_pool_callback(struct not
> >  {
> >  	unsigned int cpu = (unsigned long)hcpu;
> >  	struct ehca_cpu_comp_task *cct;
> > +	struct task_struct *task;
> > 
> >  	switch (action) {
> >  	case CPU_UP_PREPARE:
> >  		ehca_gen_dbg("CPU: %x (CPU_PREPARE)", cpu);
> > -		if(!create_comp_task(pool, cpu)) {
> > +		task = create_comp_task(pool, cpu);
> > +		if (IS_ERR(task)) {
> >  			ehca_gen_err("Can't create comp_task for cpu: %x", cpu);
> >  			return NOTIFY_BAD;
> >  		}
> 
> If this fails then the code will crash on CPU_UP_CANCELED. Because of
> kthread_bind(cct->task,...). cct->task would be just the encoded error
> number.

Subject: [PATCH -mm] ehca: avoid crash on kthread_create() failure

This patch disallows invalid task_struct pointer returned by
kthread_create() to be written to percpu data to avoid crash.

Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hoang-Nam Nguyen <hnguyen@de.ibm.com>
Cc: Christoph Raisch <raisch@de.ibm.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>

---
 drivers/infiniband/hw/ehca/ehca_irq.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

Index: 2.6-mm/drivers/infiniband/hw/ehca/ehca_irq.c
===================================================================
--- 2.6-mm.orig/drivers/infiniband/hw/ehca/ehca_irq.c
+++ 2.6-mm/drivers/infiniband/hw/ehca/ehca_irq.c
@@ -606,13 +606,16 @@ static int comp_task(void *__cct)
 static struct task_struct *create_comp_task(struct ehca_comp_pool *pool,
 					    int cpu)
 {
+	struct task_struct *task;
 	struct ehca_cpu_comp_task *cct;
 
 	cct = per_cpu_ptr(pool->cpu_comp_tasks, cpu);
 	spin_lock_init(&cct->task_lock);
 	INIT_LIST_HEAD(&cct->cq_list);
 	init_waitqueue_head(&cct->wait_queue);
-	cct->task = kthread_create(comp_task, cct, "ehca_comp/%d", cpu);
+	task = kthread_create(comp_task, cct, "ehca_comp/%d", cpu);
+	if (!IS_ERR(task))
+		cct->task = task;
 
 	return cct->task;
 }
@@ -684,8 +687,10 @@ static int comp_pool_callback(struct not
 	case CPU_UP_CANCELED:
 		ehca_gen_dbg("CPU: %x (CPU_CANCELED)", cpu);
 		cct = per_cpu_ptr(pool->cpu_comp_tasks, cpu);
-		kthread_bind(cct->task, any_online_cpu(cpu_online_map));
-		destroy_comp_task(pool, cpu);
+		if (cct->task) {
+			kthread_bind(cct->task, any_online_cpu(cpu_online_map));
+			destroy_comp_task(pool, cpu);
+		}
 		break;
 	case CPU_ONLINE:
 		ehca_gen_dbg("CPU: %x (CPU_ONLINE)", cpu);

next prev parent reply	other threads:[~2006-12-25  8:13 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-19  8:42 [PATCH] ehca: fix kthread_create() error check Akinobu Mita
2006-12-19  9:32 ` Hoang-Nam Nguyen
2006-12-21 21:22 ` Heiko Carstens
2006-12-25  8:12   ` Akinobu Mita [this message]
2006-12-25  8:30     ` [PATCH -mm] ehca: avoid crash on kthread_create() failure Akinobu Mita
2006-12-25  8:55       ` Muli Ben-Yehuda
2006-12-25  9:35         ` Akinobu Mita
2006-12-25  9:41           ` Muli Ben-Yehuda
2006-12-25  9:58             ` Akinobu Mita
2006-12-25  8:13   ` [PATCH -mm] return error on create_comp_task() failure Akinobu Mita
2006-12-25  8:14   ` [PATCH -mm] ehca: fix memleak on module unloading Akinobu Mita

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061225081257.GA3869@APFDCB5C \
    --to=akinobu.mita@gmail.com \
    --cc=akpm@osdl.org \
    --cc=heiko.carstens@de.ibm.com \
    --cc=hnguyen@de.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=raisch@de.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.