From: Corey Minyard <minyard@acm.org>
To: George Cherian <george.cherian@cavium.com>,
linux-kernel@vger.kernel.org,
openipmi-developer@lists.sourceforge.net
Cc: arnd@arndb.de, gregkh@linuxfoundation.org
Subject: Re: [PATCH 2/2] ipmi_ssif: Fix crash seen while ipmi_unregister_smi
Date: Fri, 24 Aug 2018 08:08:47 -0500 [thread overview]
Message-ID: <cb0a1ee4-69d7-b66c-b79b-6f8f542a4af0@acm.org> (raw)
In-Reply-To: <1535109010-5074-2-git-send-email-george.cherian@cavium.com>
On 08/24/2018 06:10 AM, George Cherian wrote:
> Dont set ssif_info->intf to NULL before ipmi_unresgiter_smi.
> shutdown_ssif will anyways free ssif_info.
This is correct, but it goes a little deeper. I just sent out a
patch yesterday that included this.
Thanks,
-corey
> Following crash is obsearved if ssif_info->intf is set to NULL
> before ipmi_unregister_smi.
>
> CPU: 119 PID: 7317 Comm: kssif000e Not tainted 4.18.0+ #80
> Hardware name: Cavium Inc. Saber/Saber, BIOS Cavium reference firmware version 7.0 08/04/2018
> pstate: 20400009 (nzCv daif +PAN -UAO)
> pc : ipmi_smi_msg_received+0x44/0x3bc [ipmi_msghandler]
> lr : deliver_recv_msg+0x30/0x5c [ipmi_ssif]
> sp : ffff000037a0fd20
> x29: ffff000037a0fd20 x28: 0000000000000000
> x27: ffff0000047e08f0 x26: ffff800ed9375800
> x25: ffff000037a0fe00 x24: ffff000009073000
> x23: 0000000000000013 x22: 0000000000000000
> x21: 0000000000007000 x20: ffff800adce18400
> x19: 0000000000000000 x18: ffff00003742fd38
> x17: ffff0000089960f0 x16: 000000000000000e
> x15: 0000000000000007 x14: 0000000000000000
> x13: 0000000000000000 x12: 0000000000000033
> x11: 0000000000000381 x10: 0000000000000ba0
> x9 : 0000000000000000 x8 : ffff800ac001fc00
> x7 : ffff7fe003b4d800 x6 : ffff800adce1854b
> x5 : 0000000000000014 x4 : 0000000000000004
> x3 : 0000000000000000 x2 : 0000000000000002
> x1 : 567cb12f8b916b00 x0 : 0000000000000002
> Process kssif000e (pid: 7317, stack limit = 0x0000000041077d8a)
> Call trace:
> ipmi_smi_msg_received+0x44/0x3bc [ipmi_msghandler]
> deliver_recv_msg+0x30/0x5c [ipmi_ssif]
> msg_done_handler+0x2f0/0x66c [ipmi_ssif]
> ipmi_ssif_thread+0x108/0x124 [ipmi_ssif]
> kthread+0x108/0x134
> ret_from_fork+0x10/0x18
> Code: b9402280 91401e75 f90037a1 7100041f (b945bab6)
> ---[ end trace fb7d748bc7b17490 ]---
> Kernel panic - not syncing: Fatal exception
> SMP: stopping secondary CPUs
> Kernel Offset: disabled
> CPU features: 0x23800c38
> Memory Limit: none
> ---[ end Kernel panic - not syncing: Fatal exception ]---
>
> Signed-off-by: George Cherian <george.cherian@cavium.com>
> ---
> drivers/char/ipmi/ipmi_ssif.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
> index ccdf6b1..1490636 100644
> --- a/drivers/char/ipmi/ipmi_ssif.c
> +++ b/drivers/char/ipmi/ipmi_ssif.c
> @@ -1226,7 +1226,6 @@ static void shutdown_ssif(void *send_info)
> static int ssif_remove(struct i2c_client *client)
> {
> struct ssif_info *ssif_info = i2c_get_clientdata(client);
> - struct ipmi_smi *intf;
> struct ssif_addr_info *addr_info;
>
> if (!ssif_info)
> @@ -1236,9 +1235,7 @@ static int ssif_remove(struct i2c_client *client)
> * After this point, we won't deliver anything asychronously
> * to the message handler. We can unregister ourself.
> */
> - intf = ssif_info->intf;
> - ssif_info->intf = NULL;
> - ipmi_unregister_smi(intf);
> + ipmi_unregister_smi(ssif_info->intf);
>
> list_for_each_entry(addr_info, &ssif_infos, link) {
> if (addr_info->client == client) {
next prev parent reply other threads:[~2018-08-24 13:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-24 11:10 [PATCH 1/2] ipmi_ssif: Unregister i2c device only if created by ssif George Cherian
2018-08-24 11:10 ` [PATCH 2/2] ipmi_ssif: Fix crash seen while ipmi_unregister_smi George Cherian
2018-08-24 13:08 ` Corey Minyard [this message]
2018-08-27 5:55 ` George Cherian
2018-08-24 13:07 ` [PATCH 1/2] ipmi_ssif: Unregister i2c device only if created by ssif Corey Minyard
2018-08-27 6:07 ` George Cherian
2018-08-27 23:29 ` Corey Minyard
2018-08-28 14:32 ` George Cherian
2018-08-28 16:57 ` Corey Minyard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb0a1ee4-69d7-b66c-b79b-6f8f542a4af0@acm.org \
--to=minyard@acm.org \
--cc=arnd@arndb.de \
--cc=george.cherian@cavium.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=openipmi-developer@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).