From: tip-bot for Thomas Gleixner <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, hpa@zytor.com, tglx@linutronix.de,
mingo@kernel.org, jwboyer@fedoraproject.org, rjones@redhat.com,
peterz@infradead.org
Subject: [tip:x86/urgent] x86/tsc: Prevent NULL pointer deref in calibrate_delay_is_known()
Date: Fri, 18 Mar 2016 06:54:58 -0700 [thread overview]
Message-ID: <tip-f508a5ba7a4570418df6cfd68fe663ffdef2be63@git.kernel.org> (raw)
In-Reply-To: <alpine.DEB.2.11.1603180843270.3978@nanos>
Commit-ID: f508a5ba7a4570418df6cfd68fe663ffdef2be63
Gitweb: http://git.kernel.org/tip/f508a5ba7a4570418df6cfd68fe663ffdef2be63
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Fri, 18 Mar 2016 08:35:29 +0100
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Fri, 18 Mar 2016 14:51:06 +0100
x86/tsc: Prevent NULL pointer deref in calibrate_delay_is_known()
The topology_core_cpumask is used to find a neighbour cpu in
calibrate_delay_is_known(). It might not be allocated at the first invocation
of that function on the boot cpu, when CONFIG_CPUMASK_OFFSTACK is set.
The mask is allocated later in native_smp_prepare_cpus. As a consequence the
underlying find_next_bit() call dereferences a NULL pointer.
Add a proper check to prevent this.
Fixes: c25323c07345 "x86/tsc: Use topology functions"
Reported-and-tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1603180843270.3978@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/tsc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 5e19d25..c9c4c7c 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1306,11 +1306,15 @@ void __init tsc_init(void)
unsigned long calibrate_delay_is_known(void)
{
int sibling, cpu = smp_processor_id();
+ struct cpumask *mask = topology_core_cpumask(cpu);
if (!tsc_disabled && !cpu_has(&cpu_data(cpu), X86_FEATURE_CONSTANT_TSC))
return 0;
- sibling = cpumask_any_but(topology_core_cpumask(cpu), cpu);
+ if (!mask)
+ return 0;
+
+ sibling = cpumask_any_but(mask, cpu);
if (sibling < nr_cpu_ids)
return cpu_data(sibling).loops_per_jiffy;
return 0;
prev parent reply other threads:[~2016-03-18 13:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-18 7:48 [PATCH] x86/tsc: Prevent NULL pointer deref in calibrate_delay_is_known() Thomas Gleixner
2016-03-18 10:17 ` Richard W.M. Jones
2016-03-18 13:54 ` tip-bot for Thomas Gleixner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-f508a5ba7a4570418df6cfd68fe663ffdef2be63@git.kernel.org \
--to=tipbot@zytor.com \
--cc=hpa@zytor.com \
--cc=jwboyer@fedoraproject.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rjones@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.