* writing to "/proc/irq/xxxx/smp_affinity" produces a kernel crash
@ 2004-08-17 12:50 Francois Wellenreiter
2004-08-17 13:07 ` David Mosberger
0 siblings, 1 reply; 2+ messages in thread
From: Francois Wellenreiter @ 2004-08-17 12:50 UTC (permalink / raw)
To: linux-ia64
Dear all,
Apparently a little bug was introduced in 2.6.7 kernel dealing with IRQ
redirection managemant via proc filesystem.
The behavior is quite simple, just type :
echo "r 00000001" > /proc/irq/{xy}/smp_affinity
where {xy} is a valid irq, and your kernel will crash.
The bug is located in the file arch/ia64/kernel/irq.c , function
irq_affinity_write_proc,
at the following line we set a value called irq :
__________________
if (copy_from_user(rbuf, buffer, rlen))
return -EFAULT;
rbuf[rlen] = 0;
prelen = 0;
if (tolower(*rbuf) = 'r') {
prelen = strspn(rbuf, "Rr ");
irq |= IA64_IRQ_REDIRECTED; <----- IA64_IRQ_REDIRECTED
= 1<31 !!!!!
}
__________________
and later it is written :
__________________
spin_lock_irqsave(&desc->lock, flags);
pending_irq_cpumask[irq] = new_value; <----- code generating a
fatal page fault
spin_unlock_irqrestore(&desc->lock, flags);
__________________
reading this code, a trouble clearly exists around the irq notion.
The "irq" corresponding to irq number programmed in IOSAPIC
(taking into account the IA64_IRQ_REDIRECTED bit) is mixed with the
the irq index in the irq_affinity table.
Best regards,
Francois WELLENREITER
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-17 13:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-17 12:50 writing to "/proc/irq/xxxx/smp_affinity" produces a kernel crash Francois Wellenreiter
2004-08-17 13:07 ` David Mosberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox