From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Prarit Bhargava <prarit@redhat.com>,
athorlton@sgi.com, CAI Qian <caiqian@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Preeti U Murthy <preeti@linux.vnet.ibm.com>
Subject: [PATCH 3.10 79/85] tick: Make oneshot broadcast robust vs. CPU offlining
Date: Thu, 20 Mar 2014 17:10:22 -0700 [thread overview]
Message-ID: <20140321000610.050155107@linuxfoundation.org> (raw)
In-Reply-To: <20140321000558.606667505@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit c9b5a266b103af873abb9ac03bc3d067702c8f4b upstream.
In periodic mode we remove offline cpus from the broadcast propagation
mask. In oneshot mode we fail to do so. This was not a problem so far,
but the recent changes to the broadcast propagation introduced a
constellation which can result in a NULL pointer dereference.
What happens is:
CPU0 CPU1
idle()
arch_idle()
tick_broadcast_oneshot_control(OFF);
set cpu1 in tick_broadcast_force_mask
if (cpu_offline())
arch_cpu_dead()
cpu_dead_cleanup(cpu1)
cpu1 tickdevice pointer = NULL
broadcast interrupt
dereference cpu1 tickdevice pointer -> OOPS
We dereference the pointer because cpu1 is still set in
tick_broadcast_force_mask and tick_do_broadcast() expects a valid
cpumask and therefor lacks any further checks.
Remove the cpu from the tick_broadcast_force_mask before we set the
tick device pointer to NULL. Also add a sanity check to the oneshot
broadcast function, so we can detect such issues w/o crashing the
machine.
Reported-by: Prarit Bhargava <prarit@redhat.com>
Cc: athorlton@sgi.com
Cc: CAI Qian <caiqian@redhat.com>
Link: http://lkml.kernel.org/r/alpine.DEB.2.02.1306261303260.4013@ionos.tec.linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Preeti U Murthy <preeti@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/tick-broadcast.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/kernel/time/tick-broadcast.c
+++ b/kernel/time/tick-broadcast.c
@@ -594,6 +594,13 @@ again:
cpumask_clear(tick_broadcast_force_mask);
/*
+ * Sanity check. Catch the case where we try to broadcast to
+ * offline cpus.
+ */
+ if (WARN_ON_ONCE(!cpumask_subset(tmpmask, cpu_online_mask)))
+ cpumask_and(tmpmask, tmpmask, cpu_online_mask);
+
+ /*
* Wakeup the cpus which have an expired event.
*/
tick_do_broadcast(tmpmask);
@@ -834,10 +841,12 @@ void tick_shutdown_broadcast_oneshot(uns
raw_spin_lock_irqsave(&tick_broadcast_lock, flags);
/*
- * Clear the broadcast mask flag for the dead cpu, but do not
- * stop the broadcast device!
+ * Clear the broadcast masks for the dead cpu, but do not stop
+ * the broadcast device!
*/
cpumask_clear_cpu(cpu, tick_broadcast_oneshot_mask);
+ cpumask_clear_cpu(cpu, tick_broadcast_pending_mask);
+ cpumask_clear_cpu(cpu, tick_broadcast_force_mask);
raw_spin_unlock_irqrestore(&tick_broadcast_lock, flags);
}
next prev parent reply other threads:[~2014-03-21 0:24 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-21 0:09 [PATCH 3.10 00/85] 3.10.34-stable review Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 01/85] ocfs2: fix quota file corruption Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 02/85] ocfs2 syncs the wrong range Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 03/85] sched: Fix double normalization of vruntime Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 04/85] rapidio/tsi721: fix tasklet termination in dma channel release Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 05/85] net-tcp: fastopen: fix high order allocations Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 06/85] neigh: recompute reachabletime before returning from neigh_periodic_work() Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 07/85] virtio-net: alloc big buffers also when guest can receive UFO Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 08/85] ipv6: reuse ip6_frag_id from ip6_ufo_append_data Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 09/85] sfc: check for NULL efx->ptp_data in efx_ptp_event Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 10/85] ipv6: ipv6_find_hdr restore prev functionality Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 11/85] tg3: Dont check undefined error bits in RXBD Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 12/85] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 13/85] mac80211: send control port protocol frames to the VO queue Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 14/85] mac80211: fix AP powersave TX vs. wakeup race Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 15/85] mac80211: dont validate unchanged AP bandwidth while tracking Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 16/85] mac80211: fix association to 20/40 MHz VHT networks Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 17/85] mac80211: clear sequence/fragment number in QoS-null frames Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 18/85] ath9k: Fix ETSI compliance for AR9462 2.0 Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 19/85] iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 20/85] iwlwifi: fix TX status for aggregated packets Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 21/85] iwlwifi: disable TX AMPDU by default for iwldvm Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 22/85] mwifiex: clean pcie ring only when device is present Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 23/85] mwifiex: add NULL check for PCIe Rx skb Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 24/85] mwifiex: fix cmd and Tx data timeout issue for PCIe cards Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 25/85] mwifiex: do not advertise usb autosuspend support Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 26/85] mwifiex: copy APs HT capability info correctly Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 27/85] mwifiex: save and copy APs VHT " Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 28/85] ARM: 7811/1: locks: use early clobber in arch_spin_trylock Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 30/85] ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2 Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 31/85] ALSA: usb-audio: Add quirk for Logitech Webcam C500 Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 32/85] ALSA: hda - Added inverted digital-mic handling for Acer TravelMate 8371 Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 33/85] ALSA: hda - Add missing loopback merge path for AD1884/1984 codecs Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 34/85] powerpc: Align p_dyn, p_rela and p_st symbols Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 35/85] ARM: 7991/1: sa1100: fix compile problem on Collie Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 36/85] regulator: core: Replace direct ops->enable usage Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 37/85] x86: Ignore NMIs that come in during early boot Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 38/85] x86: fix compile error due to X86_TRAP_NMI use in asm files Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 39/85] x86/amd/numa: Fix northbridge quirk to assign correct NUMA node Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 40/85] usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 41/85] usb: Make DELAY_INIT quirk wait 100ms between Get Configuration requests Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 42/85] genirq: Remove racy waitqueue_active check Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 43/85] cpuset: fix a race condition in __cpuset_node_allowed_softwall() Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 44/85] ACPI / resources: ignore invalid ACPI device resources Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 45/85] tracing: Do not add event files for modules that fail tracepoints Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 46/85] firewire: net: fix use after free Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 47/85] firewire: dont use PREPARE_DELAYED_WORK Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 48/85] libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8 (2BA30001) Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 49/85] spi: spi-ath79: fix initial GPIO CS line setup Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 50/85] NFS: Fix a delegation callback race Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 51/85] NFSv4: nfs4_stateid_is_current should return true for an invalid stateid Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 52/85] ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 53/85] iscsi-target: Fix iscsit_get_tpg_from_np tpg_state bug Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 54/85] fs/proc/base.c: fix GPF in /proc/$PID/map_files Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 55/85] drm/radeon/atom: select the proper number of lanes in transmitter setup Greg Kroah-Hartman
2014-03-21 0:09 ` [PATCH 3.10 56/85] ASoC: pcm: free path list before exiting from error conditions Greg Kroah-Hartman
2014-03-22 18:55 ` Mark Brown
2014-03-24 4:34 ` Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 57/85] ipc: Fix 2 bugs in msgrcv() MSG_COPY implementation Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 59/85] PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 60/85] vmxnet3: fix netpoll race condition Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 61/85] vmxnet3: fix building without CONFIG_PCI_MSI Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 62/85] mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 63/85] dm cache: fix truncation bug when copying a block to/from >2TB fast device Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 64/85] dm cache: fix access beyond end of origin device Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 65/85] net: unix socket code abuses csum_partial Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 66/85] can: flexcan: flexcan_open(): fix error path if flexcan_chip_start() fails Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 67/85] SCSI: isci: fix reset timeout handling Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 68/85] SCSI: isci: correct erroneous for_each_isci_host macro Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 69/85] SCSI: qla2xxx: Poll during initialization for ISP25xx and ISP83xx Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 70/85] SCSI: storvsc: NULL pointer dereference fix Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 71/85] x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 72/85] Btrfs: fix data corruption when reading/updating compressed extents Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 73/85] ALSA: oxygen: modify adjust_dg_dac_routing function Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 74/85] jiffies: Avoid undefined behavior from signed overflow Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 75/85] s390/dasd: hold request queue sysfs lock when calling elevator_init() Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 76/85] Fix mountpoint reference leakage in linkat Greg Kroah-Hartman
2014-03-21 0:11 ` Oleg Drokin
2014-03-21 0:38 ` Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 78/85] bio-integrity: Fix bio_integrity_verify segment start bug Greg Kroah-Hartman
2014-03-21 0:10 ` Greg Kroah-Hartman [this message]
2014-03-21 0:10 ` [PATCH 3.10 80/85] iwlwifi: mvm: dont WARN when statistics are handled late Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 81/85] ARM: 7864/1: Handle 64-bit memory in case of 32-bit phys_addr_t Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 82/85] ARM: ignore memory below PHYS_OFFSET Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 83/85] iscsi/iser-target: Use list_del_init for ->i_conn_node Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 84/85] iscsi/iser-target: Fix isert_conn->state hung shutdown issues Greg Kroah-Hartman
2014-03-21 0:10 ` [PATCH 3.10 85/85] iser-target: Fix post_send_buf_count for RDMA READ/WRITE Greg Kroah-Hartman
2014-03-21 5:28 ` [PATCH 3.10 00/85] 3.10.34-stable review Guenter Roeck
2014-03-22 21:56 ` Shuah Khan
2014-03-24 4:35 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140321000610.050155107@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=athorlton@sgi.com \
--cc=caiqian@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=prarit@redhat.com \
--cc=preeti@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.