From: Leon Romanovsky <leon@kernel.org>
To: Haiyang Zhang <haiyangz@microsoft.com>
Cc: linux-hyperv@vger.kernel.org, netdev@vger.kernel.org,
decui@microsoft.com, kys@microsoft.com, paulros@microsoft.com,
olaf@aepfle.de, vkuznets@redhat.com, davem@davemloft.net,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH net,v2] net: mana: Fix accessing freed irq affinity_hint
Date: Thu, 2 Feb 2023 10:25:17 +0200 [thread overview]
Message-ID: <Y9tzbZDZmVoFV2bx@unreal> (raw)
In-Reply-To: <1675288013-2481-1-git-send-email-haiyangz@microsoft.com>
On Wed, Feb 01, 2023 at 01:46:53PM -0800, Haiyang Zhang wrote:
> After calling irq_set_affinity_and_hint(), the cpumask pointer is
> saved in desc->affinity_hint, and will be used later when reading
> /proc/irq/<num>/affinity_hint. So the cpumask variable needs to be
> persistent. Otherwise, we are accessing freed memory when reading
> the affinity_hint file.
>
> Also, need to clear affinity_hint before free_irq(), otherwise there
> is a one-time warning and stack trace during module unloading:
>
> [ 243.948687] WARNING: CPU: 10 PID: 1589 at kernel/irq/manage.c:1913 free_irq+0x318/0x360
> ...
> [ 243.948753] Call Trace:
> [ 243.948754] <TASK>
> [ 243.948760] mana_gd_remove_irqs+0x78/0xc0 [mana]
> [ 243.948767] mana_gd_remove+0x3e/0x80 [mana]
> [ 243.948773] pci_device_remove+0x3d/0xb0
> [ 243.948778] device_remove+0x46/0x70
> [ 243.948782] device_release_driver_internal+0x1fe/0x280
> [ 243.948785] driver_detach+0x4e/0xa0
> [ 243.948787] bus_remove_driver+0x70/0xf0
> [ 243.948789] driver_unregister+0x35/0x60
> [ 243.948792] pci_unregister_driver+0x44/0x90
> [ 243.948794] mana_driver_exit+0x14/0x3fe [mana]
> [ 243.948800] __do_sys_delete_module.constprop.0+0x185/0x2f0
>
> To fix the bug, use the persistent mask, cpumask_of(cpu#), and set
> affinity_hint to NULL before freeing the IRQ, as required by free_irq().
>
> Cc: stable@vger.kernel.org
> Fixes: 71fa6887eeca ("net: mana: Assign interrupts to CPUs based on NUMA nodes")
> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
> ---
> .../net/ethernet/microsoft/mana/gdma_main.c | 35 ++++++-------------
> 1 file changed, 10 insertions(+), 25 deletions(-)
>
Thanks,
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
next prev parent reply other threads:[~2023-02-02 8:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 21:46 [PATCH net,v2] net: mana: Fix accessing freed irq affinity_hint Haiyang Zhang
2023-02-01 22:09 ` Michael Kelley (LINUX)
2023-02-02 8:25 ` Leon Romanovsky [this message]
2023-02-02 19:38 ` Jakub Kicinski
2023-02-02 19:54 ` Haiyang Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y9tzbZDZmVoFV2bx@unreal \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=paulros@microsoft.com \
--cc=stable@vger.kernel.org \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).