From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Olaf Hering <olaf@aepfle.de>,
Juergen Gross <jgross@suse.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 77/94] xen: avoid crash in disable_hotplug_cpu
Date: Mon, 8 Oct 2018 20:31:58 +0200 [thread overview]
Message-ID: <20181008175610.196887565@linuxfoundation.org> (raw)
In-Reply-To: <20181008175605.067676667@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olaf Hering <olaf@aepfle.de>
[ Upstream commit 3366cdb6d350d95466ee430ac50f3c8415ca8f46 ]
The command 'xl vcpu-set 0 0', issued in dom0, will crash dom0:
BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 7 PID: 65 Comm: xenwatch Not tainted 4.19.0-rc2-1.ga9462db-default #1 openSUSE Tumbleweed (unreleased)
Hardware name: Intel Corporation S5520UR/S5520UR, BIOS S5500.86B.01.00.0050.050620101605 05/06/2010
RIP: e030:device_offline+0x9/0xb0
Code: 77 24 00 e9 ce fe ff ff 48 8b 13 e9 68 ff ff ff 48 8b 13 e9 29 ff ff ff 48 8b 13 e9 ea fe ff ff 90 66 66 66 66 90 41 54 55 53 <f6> 87 d8 02 00 00 01 0f 85 88 00 00 00 48 c7 c2 20 09 60 81 31 f6
RSP: e02b:ffffc90040f27e80 EFLAGS: 00010203
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8801f3800000 RSI: ffffc90040f27e70 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff820e47b3 R09: 0000000000000000
R10: 0000000000007ff0 R11: 0000000000000000 R12: ffffffff822e6d30
R13: dead000000000200 R14: dead000000000100 R15: ffffffff8158b4e0
FS: 00007ffa595158c0(0000) GS:ffff8801f39c0000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000002d8 CR3: 00000001d9602000 CR4: 0000000000002660
Call Trace:
handle_vcpu_hotplug_event+0xb5/0xc0
xenwatch_thread+0x80/0x140
? wait_woken+0x80/0x80
kthread+0x112/0x130
? kthread_create_worker_on_cpu+0x40/0x40
ret_from_fork+0x3a/0x50
This happens because handle_vcpu_hotplug_event is called twice. In the
first iteration cpu_present is still true, in the second iteration
cpu_present is false which causes get_cpu_device to return NULL.
In case of cpu#0, cpu_online is apparently always true.
Fix this crash by checking if the cpu can be hotplugged, which is false
for a cpu that was just removed.
Also check if the cpu was actually offlined by device_remove, otherwise
leave the cpu_present state as it is.
Rearrange to code to do all work with device_hotplug_lock held.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/cpu_hotplug.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--- a/drivers/xen/cpu_hotplug.c
+++ b/drivers/xen/cpu_hotplug.c
@@ -19,15 +19,16 @@ static void enable_hotplug_cpu(int cpu)
static void disable_hotplug_cpu(int cpu)
{
- if (cpu_online(cpu)) {
- lock_device_hotplug();
+ if (!cpu_is_hotpluggable(cpu))
+ return;
+ lock_device_hotplug();
+ if (cpu_online(cpu))
device_offline(get_cpu_device(cpu));
- unlock_device_hotplug();
- }
- if (cpu_present(cpu))
+ if (!cpu_online(cpu) && cpu_present(cpu)) {
xen_arch_unregister_cpu(cpu);
-
- set_cpu_present(cpu, false);
+ set_cpu_present(cpu, false);
+ }
+ unlock_device_hotplug();
}
static int vcpu_online(unsigned int cpu)
next prev parent reply other threads:[~2018-10-09 1:57 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-08 18:30 [PATCH 4.14 00/94] 4.14.75-stable review Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 01/94] drm/amd/pp: initialize result to before oring in data Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 02/94] drm/amdgpu: add another ATPX quirk for TOPAZ Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 03/94] serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 04/94] tools/power turbostat: fix possible sprintf buffer overflow Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 05/94] mac80211: Run TXQ teardown code before de-registering interfaces Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 06/94] mac80211_hwsim: require at least one channel Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 07/94] KVM: PPC: Book3S HV: Dont truncate HPTE index in xlate function Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 08/94] btrfs: btrfs_shrink_device should call commit transaction at the end Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 09/94] scsi: csiostor: add a check for NULL pointer after kmalloc() Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 10/94] mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 11/94] mac80211_hwsim: " Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 12/94] gpio: adp5588: Fix sleep-in-atomic-context bug Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 13/94] mac80211: mesh: fix HWMP sequence numbering to follow standard Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 14/94] mac80211: avoid kernel panic when building AMSDU from non-linear SKB Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 15/94] gpiolib: acpi: Switch to cansleep version of GPIO library call Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 16/94] gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 17/94] net: hns: add the code for cleaning pkt in chip Greg Kroah-Hartman
2018-10-08 18:30 ` [PATCH 4.14 18/94] net: hns: add netif_carrier_off before change speed and duplex Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 19/94] cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 20/94] mac80211: do not convert to A-MSDU if frag/subframe limited Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 21/94] mac80211: always account for A-MSDU header changes Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 22/94] tools/kvm_stat: fix python3 issues Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 23/94] tools/kvm_stat: fix handling of invalid paths in debugfs provider Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 24/94] gpio: Fix crash due to registration race Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 25/94] ARC: atomics: unbork atomic_fetch_##op() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 26/94] md/raid5-cache: disable reshape completely Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 27/94] RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 28/94] i2c: uniphier: issue STOP only for last message or I2C_M_STOP Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 29/94] i2c: uniphier-f: " Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 30/94] net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 31/94] fs/cifs: dont translate SFM_SLASH (U+F026) to backslash Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 32/94] mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 33/94] cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 34/94] mac80211: fix a race between restart and CSA flows Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 35/94] mac80211: Fix station bandwidth setting after channel switch Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 36/94] mac80211: dont Tx a deauth frame if the AP forbade Tx Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 37/94] mac80211: shorten the IBSS debug messages Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 38/94] tools/vm/slabinfo.c: fix sign-compare warning Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 39/94] tools/vm/page-types.c: fix "defined but not used" warning Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 40/94] mm: madvise(MADV_DODUMP): allow hugetlbfs pages Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 41/94] bpf: 32-bit RSH verification must truncate input before the ALU op Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 42/94] netfilter: xt_cluster: add dependency on conntrack module Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 43/94] HID: add support for Apple Magic Keyboards Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 44/94] usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 45/94] pinctrl: msm: Really mask level interrupts to prevent latching Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 46/94] HID: hid-saitek: Add device ID for RAT 7 Contagion Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 47/94] scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 48/94] scsi: qedi: Add the CRC size within iSCSI NVM image Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 49/94] perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 50/94] perf util: Fix bad memory access in trace info Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 51/94] perf probe powerpc: Ignore SyS symbols irrespective of endianness Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 52/94] netfilter: nf_tables: release chain in flushing set Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 53/94] Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 54/94] RDMA/ucma: check fd type in ucma_migrate_id() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 55/94] HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 56/94] USB: yurex: Check for truncation in yurex_read() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 57/94] nvmet-rdma: fix possible bogus dereference under heavy load Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 58/94] net/mlx5: Consider PCI domain in search for next dev Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 59/94] drm/nouveau/TBDdevinit: dont fail when PMU/PRE_OS is missing from VBIOS Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 60/94] drm/nouveau/disp: fix DP disable race Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 61/94] dm raid: fix rebuild of specific devices by updating superblock Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 62/94] fs/cifs: suppress a string overflow warning Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 63/94] net: ena: fix driver when PAGE_SIZE == 64kB Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 64/94] net: ena: fix missing calls to READ_ONCE Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 65/94] perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 66/94] dm thin metadata: try to avoid ever aborting transactions Greg Kroah-Hartman
2018-10-08 19:45 ` Sudip Mukherjee
2018-10-09 9:30 ` Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 67/94] netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 68/94] arch/hexagon: fix kernel/dma.c build warning Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 69/94] hexagon: modify ffs() and fls() to return int Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 70/94] arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 71/94] drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 72/94] r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 73/94] s390/qeth: use vzalloc for QUERY OAT buffer Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 74/94] s390/qeth: dont dump past end of unknown HW header Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 75/94] cifs: read overflow in is_valid_oplock_break() Greg Kroah-Hartman
2018-10-08 18:31 ` [PATCH 4.14 76/94] xen/manage: dont complain about an empty value in control/sysrq node Greg Kroah-Hartman
2018-10-08 18:31 ` Greg Kroah-Hartman [this message]
2018-10-08 18:31 ` [PATCH 4.14 78/94] xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 79/94] ovl: fix access beyond unterminated strings Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 80/94] ovl: fix memory leak on unlink of indexed file Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 81/94] ovl: fix format of setxattr debug Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 82/94] sysfs: Do not return POSIX ACL xattrs via listxattr Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 83/94] smb2: fix missing files in root share directory listing Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 84/94] iommu/amd: Clear memory encryption mask from physical address Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 85/94] ALSA: hda/realtek - Cannot adjust speakers volume on Dell XPS 27 7760 Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 86/94] crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 87/94] crypto: mxs-dcp - Fix wait logic on chan threads Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 88/94] crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 89/94] gpiolib: Free the last requested descriptor Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 90/94] Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 91/94] tools: hv: fcopy: set error in case an unknown operation was requested Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 92/94] proc: restrict kernel stack dumps to root Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 93/94] ocfs2: fix locking for res->tracking and dlm->tracking_list Greg Kroah-Hartman
2018-10-08 18:32 ` [PATCH 4.14 94/94] ixgbe: check return value of napi_complete_done() Greg Kroah-Hartman
2018-10-08 23:14 ` [PATCH 4.14 00/94] 4.14.75-stable review Shuah Khan
2018-10-09 16:15 ` Greg Kroah-Hartman
2018-10-10 4:13 ` Naresh Kamboju
2018-10-09 21:06 ` Guenter Roeck
2018-10-10 6:54 ` Jon Hunter
2018-10-10 7:42 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181008175610.196887565@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=boris.ostrovsky@oracle.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).