From: Yinghai Lu <yinghai@kernel.org>
To: Brandon Philips <bphilips@suse.de>
Cc: Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
YinghaiLu@suse.de, Suresh Siddha <suresh.b.siddha@intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
stable <stable@kernel.org>
Subject: Re: x86: fix race in create_irq_nr on irq_desc
Date: Wed, 03 Feb 2010 02:32:18 -0800 [thread overview]
Message-ID: <4B6950B2.9060301@kernel.org> (raw)
In-Reply-To: <20100203033109.GA17985@jenkins.home.ifup.org>
On 02/02/2010 07:31 PM, Brandon Philips wrote:
> Race in create_irq_nr():
>
> - Thread 1 loops through and calls irq_to_desc_alloc_node with new=0x66.
>
> - Thread 2 has exited the loop with irq=0x66 and calls dynamic_irq_init(0x66)
> setting desc->chip_data = NULL
>
> - Thread 1 then dereferences NULL via desc_new->chip_data->vector
>
> Fix by moving holding vector_lock until after the dynamic_irq_init().
>
>
> Index: linux-2.6.32-SLE11-SP1/arch/x86/kernel/apic/io_apic.c
> ===================================================================
> --- linux-2.6.32-SLE11-SP1.orig/arch/x86/kernel/apic/io_apic.c
> +++ linux-2.6.32-SLE11-SP1/arch/x86/kernel/apic/io_apic.c
can you check if
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=37ef2a3029fde884808ff1b369677abc7dd9a79a
fix your problem with 2.6.32?
>From 37ef2a3029fde884808ff1b369677abc7dd9a79a Mon Sep 17 00:00:00 2001
From: Yinghai Lu <yinghai@kernel.org>
Date: Sat, 21 Nov 2009 00:23:37 -0800
Subject: [PATCH] x86: Re-get cfg_new in case reuse/move irq_desc
When irq_desc is moved, we need to make sure to use the right cfg_new.
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
LKML-Reference: <4B07A739.3030104@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
arch/x86/kernel/apic/io_apic.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index ff23719..085e60e 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -3186,6 +3186,7 @@ unsigned int create_irq_nr(unsigned int irq_want, int node)
continue;
desc_new = move_irq_desc(desc_new, node);
+ cfg_new = desc_new->chip_data;
if (__assign_irq_vector(new, cfg_new, apic->target_cpus()) == 0)
irq = new;
--
1.6.6.1
prev parent reply other threads:[~2010-02-03 10:33 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-03 3:31 x86: fix race in create_irq_nr on irq_desc Brandon Philips
2010-02-03 10:20 ` Yinghai Lu
2010-02-03 17:42 ` Brandon Philips
2010-02-03 19:31 ` Yinghai Lu
2010-02-04 3:17 ` Brandon Philips
2010-02-05 8:45 ` [PATCH] x86: keep chip_data in create_irq_nr Yinghai Lu
2010-02-05 21:05 ` Brandon Philips
2010-02-05 21:42 ` H. Peter Anvin
2010-02-05 21:09 ` [PATCH] x86: keep chip_data in create_irq_nr and destroy_irq Brandon Philips
2010-02-05 22:44 ` Yinghai Lu
2010-02-05 22:55 ` Brandon Philips
2010-02-06 0:06 ` Yinghai Lu
2010-02-06 0:18 ` [PATCH v2] " Brandon Philips
2010-02-06 6:42 ` [PATCH v3] " Brandon Philips
2010-02-06 7:16 ` Yinghai Lu
2010-02-06 20:05 ` Brandon Philips
2010-02-07 21:02 ` [PATCH v4] " Brandon Philips
2010-02-19 6:06 ` [tip:x86/urgent] x86, irq: Keep " tip-bot for Brandon Philips
2010-02-26 10:26 ` [tip:x86/irq] x86: apic: Fix mismerge, add arch_probe_nr_irqs() again tip-bot for Ingo Molnar
2010-02-26 18:19 ` Yinghai Lu
2010-02-27 9:10 ` Ingo Molnar
2010-02-27 9:37 ` Eric W. Biederman
2010-02-27 9:53 ` Ingo Molnar
2010-02-27 10:12 ` Eric W. Biederman
2010-03-01 11:22 ` Ian Campbell
2010-03-01 18:34 ` Eric W. Biederman
2010-03-01 21:44 ` Ian Campbell
2010-03-01 21:58 ` Eric W. Biederman
2010-03-02 8:31 ` Thomas Gleixner
2010-03-10 10:55 ` Ian Campbell
2010-03-10 10:55 ` [PATCH] x86: namespace some I/O APIC related structures and functions ijc
2010-03-10 17:07 ` Eric W. Biederman
2010-03-10 10:55 ` [PATCH] irq: move some interrupt arch_* functions into struct irq_chip ijc
2010-03-10 10:55 ` ijc
2010-03-10 11:00 ` Ian Campbell
2010-03-10 11:00 ` Ian Campbell
2010-03-10 17:18 ` Eric W. Biederman
2010-03-10 17:18 ` Eric W. Biederman
2010-03-10 17:41 ` Ian Campbell
2010-03-10 17:41 ` Ian Campbell
2010-03-10 18:11 ` Eric W. Biederman
2010-03-10 18:11 ` Eric W. Biederman
2010-03-10 12:06 ` Yinghai Lu
2010-03-10 12:06 ` Yinghai Lu
2010-03-10 12:51 ` Ian Campbell
2010-03-10 12:51 ` Ian Campbell
2010-03-10 17:42 ` Eric W. Biederman
2010-03-10 17:42 ` Eric W. Biederman
2010-03-10 17:50 ` Ian Campbell
2010-03-10 17:50 ` Ian Campbell
2010-03-10 18:15 ` Eric W. Biederman
2010-03-10 18:15 ` Eric W. Biederman
2010-03-10 18:28 ` Ian Campbell
2010-03-10 18:28 ` Ian Campbell
2010-03-10 18:27 ` Jeremy Fitzhardinge
2010-03-10 18:27 ` Jeremy Fitzhardinge
2010-03-10 18:59 ` Yinghai Lu
2010-03-10 18:59 ` Yinghai Lu
2010-03-10 19:15 ` Eric W. Biederman
2010-03-10 19:15 ` Eric W. Biederman
2010-03-10 22:07 ` Michael Ellerman
2010-03-10 22:07 ` Michael Ellerman
2010-03-10 10:55 ` [PATCH] x86: irq_desc->chip_data is always correct whether or not SPARSE_IRQ is enabled ijc
2010-03-01 22:01 ` [tip:x86/irq] x86: apic: Fix mismerge, add arch_probe_nr_irqs() again Jeremy Fitzhardinge
2010-02-27 12:57 ` [tip:x86/apic] " tip-bot for Ingo Molnar
2010-02-03 10:32 ` Yinghai Lu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6950B2.9060301@kernel.org \
--to=yinghai@kernel.org \
--cc=YinghaiLu@suse.de \
--cc=bphilips@suse.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=stable@kernel.org \
--cc=suresh.b.siddha@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.