From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756199AbcIUPHQ (ORCPT <rfc822;w@1wt.eu>);
        Wed, 21 Sep 2016 11:07:16 -0400
Received: from mx1.redhat.com ([209.132.183.28]:50138 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754413AbcIUPHN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Sep 2016 11:07:13 -0400
From: Jiri Olsa <jolsa@kernel.org>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: "H. Peter Anvin" <hpa@zytor.com>, Greg Price <price@mit.edu>,
        lkml <linux-kernel@vger.kernel.org>
Subject: [PATCH] random: Fix early crash in credit_entropy_bits
Date: Wed, 21 Sep 2016 17:07:11 +0200
Message-Id: <1474470431-27532-1-git-send-email-jolsa@kernel.org>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 21 Sep 2016 15:07:13 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jiri Olsa <jolsa@redhat.com>

When printing out some early acpi messages I hit bug in
work queue code. The system_wq is not initialized at the
time acpi_early_init is called and causes irq storm that
makes credit_entropy_bits call schedule_work and crash:

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000102^M
  IP: [<ffffffff810bc282>] __queue_work+0x32/0x450^M
  PGD 0 ^M
  Oops: 0000 [#1] SMP^M
  ...
  Call Trace:^M
   <IRQ> [  286.521689]  [<ffffffff817b5dc6>] ? _raw_write_unlock_irqrestore+0x16/0x20^M
   [<ffffffff814f0f82>] ? add_interrupt_randomness+0x1c2/0x200^M
   [<ffffffff810bcc47>] queue_work_on+0x27/0x40^M
   [<ffffffff814f03a9>] credit_entropy_bits+0x219/0x280^M
   [<ffffffff814ee4f6>] ? __mix_pool_bytes+0x36/0x90^M
   [<ffffffff814f0f82>] add_interrupt_randomness+0x1c2/0x200^M
   [<ffffffff810fe570>] handle_irq_event_percpu+0x40/0x80^M
   [<ffffffff810fe5dc>] handle_irq_event+0x2c/0x50^M
   [<ffffffff81101b93>] handle_level_irq+0x83/0x100^M
   [<ffffffff8102fdb3>] handle_irq+0x73/0x120^M
   [<ffffffff810a8fa1>] ? _local_bh_enable+0x21/0x50^M
   [<ffffffff817b8d2b>] do_IRQ+0x4b/0xd0^M
   [<ffffffff817b6bcc>] common_interrupt+0x8c/0x8c^M
   <EOI> [  286.521717]  [<ffffffff81062216>] ? native_restore_fl+0x6/0x10^M
   [<ffffffff810fbb4f>] console_unlock+0x3ef/0x5d0^M
   [<ffffffff8100dade>] ? update_sample+0x6e/0xe0^M
   [<ffffffff810fc55a>] vprintk_emit+0x2aa/0x520^M
   [<ffffffff810fc96f>] vprintk_default+0x1f/0x30^M
   [<ffffffff811a87b9>] printk+0x57/0x73^M
   [<ffffffff81447dda>] acpi_os_vprintf+0x3f/0x41^M
   [<ffffffff81447e2e>] acpi_os_printf+0x52/0x6e^M
   ...
   [<ffffffff81dbfc56>] acpi_load_tables+0x6c/0xf4^M
   [<ffffffff81dbe4a6>] acpi_early_init+0x7a/0xf0^M
   [<ffffffff81d73f39>] start_kernel+0x3be/0x472^M

Preventing this by checking the system_wq has been initialized already.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 drivers/char/random.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 3efb3bf0ab83..f4dec86c2e25 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -725,7 +725,8 @@ retry:
 		/* If the input pool is getting full, send some
 		 * entropy to the blocking pool until it is 75% full.
 		 */
-		if (entropy_bits > random_write_wakeup_bits &&
+		if (keventd_up() &&
+		    entropy_bits > random_write_wakeup_bits &&
 		    r->initialized &&
 		    r->entropy_total >= 2*random_read_wakeup_bits) {
 			struct entropy_store *other = &blocking_pool;
-- 
2.7.4