From: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
To: tglx@linutronix.de, mingo@kernel.org
Cc: hpa@zytor.com, suresh.b.siddha@intel.com, yinghai@kernel.org,
agordeev@redhat.com, x86@kernel.org,
linux-kernel@vger.kernel.org, yrl.pp-manager.tt@hitachi.com
Subject: [PATCH] x86/ioapic: Fix NULL pointer dereference on CPU hotplug after disabling irqs
Date: Wed, 25 Jul 2012 18:17:54 +0900 [thread overview]
Message-ID: <500FB9C2.1030103@hitachi.com> (raw)
Hi,
In current Linux, percpu variable `vector_irq' is not always cleared when
a CPU is offlined. If the cpu that has the disabled irqs in vector_irq is
hotplugged again, __setup_vector_irq() hits invalid irq vector and may
crash.
Commit f6175f5bfb4c partially fixes this, but was not enough in
environments with IOMMU IRQ remapper.
This bug can be reproduced as following;
# echo 0 > /sys/devices/system/cpu/cpu7/online
# modprobe -r some_driver_using_interrupts # vector_irq@cpu7 uncleared
# echo 1 > /sys/devices/system/cpu/cpu7/online # kernel may crash
This patch fixes this bug by clearing vector_irq in __fixup_irqs() when
the cpu is offlined.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Alexander Gordeev <agordeev@redhat.com>
---
arch/x86/kernel/irq.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index 3dafc60..d27b27d 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -328,6 +328,7 @@ void fixup_irqs(void)
chip->irq_retrigger(data);
raw_spin_unlock(&desc->lock);
}
+ __this_cpu_write(vector_irq[vector], -1);
}
}
#endif
--
1.7.7.6
--
Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
next reply other threads:[~2012-07-25 9:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-25 9:17 Tomoki Sekiyama [this message]
2012-07-25 23:28 ` [PATCH] x86/ioapic: Fix NULL pointer dereference on CPU hotplug after disabling irqs Siddha, Suresh B
2012-07-26 9:38 ` Tomoki Sekiyama
2012-07-26 9:43 ` Tomoki Sekiyama
2012-07-26 10:21 ` Ingo Molnar
2012-07-26 10:47 ` [RESEND PATCH] " Tomoki Sekiyama
2012-07-26 15:16 ` [tip:x86/urgent] " tip-bot for Tomoki Sekiyama
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=500FB9C2.1030103@hitachi.com \
--to=tomoki.sekiyama.qu@hitachi.com \
--cc=agordeev@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yinghai@kernel.org \
--cc=yrl.pp-manager.tt@hitachi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.