From: Ingo Molnar <mingo@kernel.org>
To: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
Cc: tglx@linutronix.de, mingo@redhat.com, suresh.b.siddha@intel.com,
hpa@zytor.com, yinghai@kernel.org, agordeev@redhat.com,
x86@kernel.org, linux-kernel@vger.kernel.org,
yrl.pp-manager.tt@hitachi.com
Subject: Re: [PATCH] x86/ioapic: Fix NULL pointer dereference on CPU hotplug after disabling irqs
Date: Thu, 26 Jul 2012 12:21:06 +0200 [thread overview]
Message-ID: <20120726102106.GA22573@gmail.com> (raw)
In-Reply-To: <50111146.7070707@hitachi.com>
* Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com> wrote:
> In current Linux, percpu variable `vector_irq' is not always cleared when
> a CPU is offlined. If the CPU that has the disabled irqs in vector_irq is
> hotplugged again, __setup_vector_irq() hits invalid irq vector and may
> crash.
>
> This bug can be reproduced as following;
> # echo 0 > /sys/devices/system/cpu/cpu7/online
> # modprobe -r some_driver_using_interrupts # vector_irq@cpu7 uncleared
> # echo 1 > /sys/devices/system/cpu/cpu7/online # kernel may crash
>
> To fix this problem, this patch clears vector_irq in __fixup_irqs() when
> the CPU is offlined.
>
> This also reverts commit f6175f5bfb4c, which partially fixes this bug by
> clearing vector in __clear_irq_vector(). But in environments with IOMMU IRQ
> remapper, it could fail because cfg->domain doesn't contain offlined CPUs.
> With this patch, the fix in __clear_irq_vector() can be reverted because
> every vector_irq is already cleared in __fixup_irqs() on offlined CPUs.
>
> Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: Suresh Siddha <suresh.b.siddha@intel.com>
> Cc: Yinghai Lu <yinghai@kernel.org>
> Cc: Alexander Gordeev <agordeev@redhat.com>
> ---
> arch/x86/kernel/apic/io_apic.c | 4 ++--
> arch/x86/kernel/irq.c | 1 +
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
> index 5f0ff59..ac96561 100644
> --- a/arch/x86/kernel/apic/io_apic.c
> +++ b/arch/x86/kernel/apic/io_apic.c
> @@ -1195,7 +1195,7 @@ static void __clear_irq_vector(int irq, struct irq_cfg *cfg)
> BUG_ON(!cfg->vector);
> vector = cfg->vector;
> - for_each_cpu(cpu, cfg->domain)
> + for_each_cpu_and(cpu, cfg->domain, cpu_online_mask)
> per_cpu(vector_irq, cpu)[vector] = -1;
> cfg->vector = 0;
> @@ -1203,7 +1203,7 @@ static void __clear_irq_vector(int irq, struct irq_cfg *cfg)
> if (likely(!cfg->move_in_progress))
> return;
> - for_each_cpu(cpu, cfg->old_domain) {
that's not a valid diff - something in your mailer ate lines or
such. See Documentation/email-clients.txt.
Thanks,
Ingo
next prev parent reply other threads:[~2012-07-26 10:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-25 9:17 [PATCH] x86/ioapic: Fix NULL pointer dereference on CPU hotplug after disabling irqs Tomoki Sekiyama
2012-07-25 23:28 ` Siddha, Suresh B
2012-07-26 9:38 ` Tomoki Sekiyama
2012-07-26 9:43 ` Tomoki Sekiyama
2012-07-26 10:21 ` Ingo Molnar [this message]
2012-07-26 10:47 ` [RESEND PATCH] " Tomoki Sekiyama
2012-07-26 15:16 ` [tip:x86/urgent] " tip-bot for Tomoki Sekiyama
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120726102106.GA22573@gmail.com \
--to=mingo@kernel.org \
--cc=agordeev@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=tomoki.sekiyama.qu@hitachi.com \
--cc=x86@kernel.org \
--cc=yinghai@kernel.org \
--cc=yrl.pp-manager.tt@hitachi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.