From: Mike Travis <travis@sgi.com>
To: Yinghai Lu <yinghai@kernel.org>
Cc: Ingo Molnar <mingo@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Jack Steiner <steiner@sgi.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/5] cpumask: update irq_desc to use cpumask_var_t: fix
Date: Thu, 08 Jan 2009 10:40:44 -0800 [thread overview]
Message-ID: <496648AC.4000409@sgi.com> (raw)
In-Reply-To: <49656FCF.9090602@kernel.org>
Yinghai Lu wrote:
...
> static void init_copy_one_irq_desc(int irq, struct irq_desc *old_desc,
> struct irq_desc *desc, int cpu)
> {
> memcpy(desc, old_desc, sizeof(struct irq_desc));
>
>
> will overwrite new_desc->affinity and pending_mask
>
> YH
I've appended this to the patchset:
Subject: cpumask: fix bug in use cpumask_var_t in irq_desc
Impact: fix bug where new irq_desc uses old cpumask pointers which are freed.
As Yinghai pointed out, init_copy_one_irq_desc() copies the old desc to
the new desc overwriting the cpumask pointers. Since the old_desc and
the cpumask pointers are freed, then memory corruption will occur if
these old pointers are used.
Move the allocation of these pointers to after the copy.
Signed-off-by: Mike Travis <travis@sgi.com>
Cc: Yinghai Lu <yinghai@kernel.org>
---
include/linux/irq.h | 9 +++++++--
kernel/irq/handle.c | 8 +-------
kernel/irq/numa_migrate.c | 13 ++++++++-----
3 files changed, 16 insertions(+), 14 deletions(-)
--- linux-2.6-for-ingo.orig/include/linux/irq.h
+++ linux-2.6-for-ingo/include/linux/irq.h
@@ -426,15 +426,18 @@ extern int set_irq_msi(unsigned int irq,
/**
* init_alloc_desc_masks - allocate cpumasks for irq_desc
* @desc: pointer to irq_desc struct
+ * @cpu: cpu which will be handling the cpumasks
* @boot: true if need bootmem
*
* Allocates affinity and pending_mask cpumask if required.
* Returns true if successful (or not required).
* Side effect: affinity has all bits set, pending_mask has all bits clear.
*/
-static inline bool init_alloc_desc_masks(struct irq_desc *desc, int node,
+static inline bool init_alloc_desc_masks(struct irq_desc *desc, int cpu,
bool boot)
{
+ int node;
+
if (boot) {
alloc_bootmem_cpumask_var(&desc->affinity);
cpumask_setall(desc->affinity);
@@ -446,6 +449,8 @@ static inline bool init_alloc_desc_masks
return true;
}
+ node = cpu_to_node(cpu);
+
if (!alloc_cpumask_var_node(&desc->affinity, GFP_ATOMIC, node))
return false;
cpumask_setall(desc->affinity);
@@ -484,7 +489,7 @@ static inline void init_copy_desc_masks(
#else /* !CONFIG_SMP */
-static inline bool init_alloc_desc_masks(struct irq_desc *desc, int node,
+static inline bool init_alloc_desc_masks(struct irq_desc *desc, int cpu,
bool boot)
{
return true;
--- linux-2.6-for-ingo.orig/kernel/irq/handle.c
+++ linux-2.6-for-ingo/kernel/irq/handle.c
@@ -85,8 +85,6 @@ void init_kstat_irqs(struct irq_desc *de
static void init_one_irq_desc(int irq, struct irq_desc *desc, int cpu)
{
- int node = cpu_to_node(cpu);
-
memcpy(desc, &irq_desc_init, sizeof(struct irq_desc));
spin_lock_init(&desc->lock);
@@ -100,7 +98,7 @@ static void init_one_irq_desc(int irq, s
printk(KERN_ERR "can not alloc kstat_irqs\n");
BUG_ON(1);
}
- if (!init_alloc_desc_masks(desc, node, false)) {
+ if (!init_alloc_desc_masks(desc, cpu, false)) {
printk(KERN_ERR "can not alloc irq_desc cpumasks\n");
BUG_ON(1);
}
@@ -188,10 +186,6 @@ struct irq_desc *irq_to_desc_alloc_cpu(u
printk(KERN_ERR "can not alloc irq_desc\n");
BUG_ON(1);
}
- if (!init_alloc_desc_masks(desc, node, false)) {
- printk(KERN_ERR "can not alloc irq_desc cpumasks\n");
- BUG_ON(1);
- }
init_one_irq_desc(irq, desc, cpu);
irq_desc_ptrs[irq] = desc;
--- linux-2.6-for-ingo.orig/kernel/irq/numa_migrate.c
+++ linux-2.6-for-ingo/kernel/irq/numa_migrate.c
@@ -38,16 +38,22 @@ static void free_kstat_irqs(struct irq_d
old_desc->kstat_irqs = NULL;
}
-static void init_copy_one_irq_desc(int irq, struct irq_desc *old_desc,
+static bool init_copy_one_irq_desc(int irq, struct irq_desc *old_desc,
struct irq_desc *desc, int cpu)
{
memcpy(desc, old_desc, sizeof(struct irq_desc));
+ if (!init_alloc_desc_masks(desc, cpu, false)) {
+ printk(KERN_ERR "irq %d: can not get new irq_desc cpumask "
+ "for migration.\n", irq);
+ return false;
+ }
spin_lock_init(&desc->lock);
desc->cpu = cpu;
lockdep_set_class(&desc->lock, &irq_desc_lock_class);
init_copy_kstat_irqs(old_desc, desc, cpu, nr_cpu_ids);
init_copy_desc_masks(old_desc, desc);
arch_init_copy_chip_data(old_desc, desc, cpu);
+ return true;
}
static void free_one_irq_desc(struct irq_desc *old_desc, struct irq_desc *desc)
@@ -83,15 +89,12 @@ static struct irq_desc *__real_move_irq_
desc = old_desc;
goto out_unlock;
}
- if (!init_alloc_desc_masks(desc, node, false)) {
- printk(KERN_ERR "irq %d: can not get new irq_desc cpumask "
- "for migration.\n", irq);
+ if (!init_copy_one_irq_desc(irq, old_desc, desc, cpu)) {
/* still use old one */
kfree(desc);
desc = old_desc;
goto out_unlock;
}
- init_copy_one_irq_desc(irq, old_desc, desc, cpu);
irq_desc_ptrs[irq] = desc;
next prev parent reply other threads:[~2009-01-08 18:40 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-07 19:58 [PATCH 0/5] cpumask: more cpumask updates Mike Travis
2009-01-07 19:58 ` [PATCH 1/5] cpumask: update irq_desc to use cpumask_var_t Mike Travis
2009-01-07 20:27 ` Yinghai Lu
2009-01-07 20:27 ` Yinghai Lu
2009-01-07 22:32 ` Mike Travis
2009-01-07 22:32 ` Mike Travis
2009-01-08 3:15 ` Yinghai Lu
2009-01-08 3:15 ` Yinghai Lu
2009-01-08 15:45 ` Mike Travis
2009-01-08 19:31 ` Yinghai Lu
2009-01-08 18:40 ` Mike Travis [this message]
2009-01-07 19:58 ` [PATCH 2/5] cpumask: Use topology_core_cpumask()/topology_thread_cpumask() Mike Travis
2009-01-19 17:11 ` Ben Hutchings
2009-01-07 19:58 ` [PATCH 3/5] cpumask: convert misc driver functions Mike Travis
2009-01-10 10:57 ` Rusty Russell
2009-01-16 18:42 ` Tony Luck
2009-01-16 18:55 ` Mike Travis
2009-01-16 22:02 ` Mike Travis
2009-01-22 13:11 ` Robert Richter
2009-01-22 13:14 ` [PATCH] cpumask: modifiy oprofile initialization Robert Richter
2009-01-22 13:37 ` Ingo Molnar
2009-01-22 17:20 ` Mike Travis
2009-01-22 17:40 ` Ingo Molnar
2009-01-22 19:41 ` Mike Travis
2009-01-22 16:56 ` Mike Travis
2009-01-23 14:12 ` Robert Richter
2009-01-07 19:58 ` [PATCH 4/5] cpumask: convert drivers/net/sfc Mike Travis
2009-01-19 17:08 ` Ben Hutchings
[not found] ` <200901201209.34854.rusty@rustcorp.com.au>
2009-01-20 18:26 ` [PATCH 4/5] cpumask: convert drivers/net/sfc [PATCH supplied] Mike Travis
2009-01-26 15:04 ` [PATCH] sfc: modify allocation error message Mike Travis
2009-01-27 12:13 ` Ben Hutchings
2009-01-07 19:58 ` [PATCH 5/5] cpumask: convert other misc kernel functions Mike Travis
2009-01-07 20:52 ` [PATCH 0/5] cpumask: more cpumask updates Ingo Molnar
2009-01-07 21:20 ` Mike Travis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=496648AC.4000409@sgi.com \
--to=travis@sgi.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=steiner@sgi.com \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.