From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chao Peng <chao.p.peng@linux.intel.com>
Subject: [PATCH] x86: avoid invalid phys_proc_id reference
Date: Mon, 13 Jul 2015 11:36:26 +0800
Message-ID: <1436758586-20860-1-git-send-email-chao.p.peng@linux.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
Cc: andrew.cooper3@citrix.com, dario.faggioli@citrix.com, keir@xen.org, JBeulich@suse.com
List-Id: xen-devel@lists.xenproject.org

phys_proc_id is invalidated in remove_siblinginfo() which gets called
before cpu_smpboot_free(). This means calling cpu_to_socket(cpu) in
cpu_smpboot_free() is not possible to be correct.

This patch invokes remove_siblinginfo() in cpu_smpboot_free(),
immediately after the use for cpu_to_socket(cpu).

The clearing of cpu_{core,sibling}_mask in remove_siblinginfo() is also
removed as now both masks will get freed afterwards so clearing is
useless.

Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
Reported-by: Dario Faggioli <dario.faggioli@citrix.com>
---
 xen/arch/x86/smpboot.c | 55 +++++++++++++++++++++++++-------------------------
 1 file changed, 27 insertions(+), 28 deletions(-)

diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c
index 0f03364..ededa1c 100644
--- a/xen/arch/x86/smpboot.c
+++ b/xen/arch/x86/smpboot.c
@@ -320,6 +320,29 @@ static void set_cpu_sibling_map(int cpu)
     }
 }
 
+static void
+remove_siblinginfo(int cpu)
+{
+    int sibling;
+    struct cpuinfo_x86 *c = cpu_data;
+
+    for_each_cpu ( sibling, per_cpu(cpu_core_mask, cpu) )
+    {
+        cpumask_clear_cpu(cpu, per_cpu(cpu_core_mask, sibling));
+        /* Last thread sibling in this cpu core going down. */
+        if ( cpumask_weight(per_cpu(cpu_sibling_mask, cpu)) == 1 )
+            c[sibling].booted_cores--;
+    }
+
+    for_each_cpu(sibling, per_cpu(cpu_sibling_mask, cpu))
+        cpumask_clear_cpu(cpu, per_cpu(cpu_sibling_mask, sibling));
+    c[cpu].phys_proc_id = XEN_INVALID_SOCKET_ID;
+    c[cpu].cpu_core_id = XEN_INVALID_CORE_ID;
+    c[cpu].compute_unit_id = INVALID_CUID;
+    cpumask_clear_cpu(cpu, &cpu_sibling_setup_map);
+}
+
+
 void start_secondary(void *unused)
 {
     /*
@@ -667,12 +690,16 @@ static void cpu_smpboot_free(unsigned int cpu)
 {
     unsigned int order, socket = cpu_to_socket(cpu);
 
+    cpumask_clear_cpu(cpu, socket_cpumask[socket]);
+
     if ( cpumask_empty(socket_cpumask[socket]) )
     {
         xfree(socket_cpumask[socket]);
         socket_cpumask[socket] = NULL;
     }
 
+    remove_siblinginfo(cpu);
+
     free_cpumask_var(per_cpu(cpu_sibling_mask, cpu));
     free_cpumask_var(per_cpu(cpu_core_mask, cpu));
 
@@ -878,32 +905,6 @@ void __init smp_prepare_boot_cpu(void)
     cpumask_set_cpu(smp_processor_id(), &cpu_present_map);
 }
 
-static void
-remove_siblinginfo(int cpu)
-{
-    int sibling;
-    struct cpuinfo_x86 *c = cpu_data;
-
-    cpumask_clear_cpu(cpu, socket_cpumask[cpu_to_socket(cpu)]);
-
-    for_each_cpu ( sibling, per_cpu(cpu_core_mask, cpu) )
-    {
-        cpumask_clear_cpu(cpu, per_cpu(cpu_core_mask, sibling));
-        /* Last thread sibling in this cpu core going down. */
-        if ( cpumask_weight(per_cpu(cpu_sibling_mask, cpu)) == 1 )
-            c[sibling].booted_cores--;
-    }
-   
-    for_each_cpu(sibling, per_cpu(cpu_sibling_mask, cpu))
-        cpumask_clear_cpu(cpu, per_cpu(cpu_sibling_mask, sibling));
-    cpumask_clear(per_cpu(cpu_sibling_mask, cpu));
-    cpumask_clear(per_cpu(cpu_core_mask, cpu));
-    c[cpu].phys_proc_id = XEN_INVALID_SOCKET_ID;
-    c[cpu].cpu_core_id = XEN_INVALID_CORE_ID;
-    c[cpu].compute_unit_id = INVALID_CUID;
-    cpumask_clear_cpu(cpu, &cpu_sibling_setup_map);
-}
-
 void __cpu_disable(void)
 {
     int cpu = smp_processor_id();
@@ -919,8 +920,6 @@ void __cpu_disable(void)
 
     time_suspend();
 
-    remove_siblinginfo(cpu);
-
     /* It's now safe to remove this processor from the online map */
     cpumask_clear_cpu(cpu, &cpu_online_map);
     fixup_irqs();
-- 
1.9.1