From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755460AbbCFMdA (ORCPT ); Fri, 6 Mar 2015 07:33:00 -0500 Received: from cantor2.suse.de ([195.135.220.15]:43349 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750921AbbCFMc7 (ORCPT ); Fri, 6 Mar 2015 07:32:59 -0500 Message-ID: <54F99E78.5010208@suse.com> Date: Fri, 06 Mar 2015 13:32:56 +0100 From: Juergen Gross User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: linux-kernel@vger.kernel.org, xen-devel@lists.xensource.com, konrad.wilk@oracle.com, david.vrabel@citrix.com, boris.ostrovsky@oracle.com Subject: Re: [PATCH] xen: avoid NULL pointer dereference in dom0 on large machines References: <1424929925-18501-1-git-send-email-jgross@suse.com> In-Reply-To: <1424929925-18501-1-git-send-email-jgross@suse.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Ping? On 02/26/2015 06:52 AM, Juergen Gross wrote: > Using the pvops kernel a NULL pointer dereference was detected on a > large machine (144 processors) when booting as dom0 in > evtchn_fifo_unmask() during assignment of a pirq. > > The event channel in question was the first to need a new entry in > event_array[] in events_fifo.c. Unfortunately xen_irq_info_pirq_setup() > is called with evtchn being 0 for a new pirq and the real event channel > number is assigned to the pirq only during __startup_pirq(). > > It is mandatory to call xen_evtchn_port_setup() after assigning the > event channel number to the pirq to make sure all memory needed for the > event channel is allocated. > > Signed-off-by: Juergen Gross > --- > drivers/xen/events/events_base.c | 18 ++++++++++++------ > 1 file changed, 12 insertions(+), 6 deletions(-) > > diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c > index b4bca2d..70fba97 100644 > --- a/drivers/xen/events/events_base.c > +++ b/drivers/xen/events/events_base.c > @@ -526,20 +526,26 @@ static unsigned int __startup_pirq(unsigned int irq) > pirq_query_unmask(irq); > > rc = set_evtchn_to_irq(evtchn, irq); > - if (rc != 0) { > - pr_err("irq%d: Failed to set port to irq mapping (%d)\n", > - irq, rc); > - xen_evtchn_close(evtchn); > - return 0; > - } > + if (rc) > + goto err; > + > bind_evtchn_to_cpu(evtchn, 0); > info->evtchn = evtchn; > > + rc = xen_evtchn_port_setup(info); > + if (rc) > + goto err; > + > out: > unmask_evtchn(evtchn); > eoi_pirq(irq_get_irq_data(irq)); > > return 0; > + > +err: > + pr_err("irq%d: Failed to set port to irq mapping (%d)\n", irq, rc); > + xen_evtchn_close(evtchn); > + return 0; > } > > static unsigned int startup_pirq(struct irq_data *data) >