leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cf31cd1a0c
linux/drivers
History
Srivatsa S. Bhat cf31cd1a0c ACPI idle, CPU hotplug: Fix NULL pointer dereference during hotplug 
On a KVM guest, when a CPU is taken offline and brought back online, we hit
the following NULL pointer dereference:

[   45.400843] Unregister pv shared memory for cpu 1
[   45.412331] smpboot: CPU 1 is now offline
[   45.529894] SMP alternatives: lockdep: fixing up alternatives
[   45.533472] smpboot: Booting Node 0 Processor 1 APIC 0x1
[   45.411526] kvm-clock: cpu 1, msr 0:7d14601, secondary cpu clock
[   45.571370] KVM setup async PF for cpu 1
[   45.572331] kvm-stealtime: cpu 1, msr 7d0e040
[   45.575031] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   45.576017] IP: [<ffffffff81519f98>] cpuidle_disable_device+0x18/0x80
[   45.576017] PGD 5dfb067 PUD 5da8067 PMD 0
[   45.576017] Oops: 0000 [#1] SMP
[   45.576017] Modules linked in:
[   45.576017] CPU 0
[   45.576017] Pid: 607, comm: stress_cpu_hotp Not tainted 3.6.0-padata-tp-debug #3 Bochs Bochs
[   45.576017] RIP: 0010:[<ffffffff81519f98>]  [<ffffffff81519f98>] cpuidle_disable_device+0x18/0x80
[   45.576017] RSP: 0018:ffff880005d93ce8  EFLAGS: 00010286
[   45.576017] RAX: ffff880005d93fd8 RBX: 0000000000000000 RCX: 0000000000000006
[   45.576017] RDX: 0000000000000006 RSI: 2222222222222222 RDI: 0000000000000000
[   45.576017] RBP: ffff880005d93cf8 R08: 2222222222222222 R09: 2222222222222222
[   45.576017] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   45.576017] R13: 0000000000000000 R14: ffffffff81c8cca0 R15: 0000000000000001
[   45.576017] FS:  00007f91936ae700(0000) GS:ffff880007c00000(0000) knlGS:0000000000000000
[   45.576017] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   45.576017] CR2: 0000000000000000 CR3: 0000000005db3000 CR4: 00000000000006f0
[   45.576017] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.576017] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   45.576017] Process stress_cpu_hotp (pid: 607, threadinfo ffff880005d92000, task ffff8800066bbf40)
[   45.576017] Stack:
[   45.576017]  ffff880007a96400 0000000000000000 ffff880005d93d28 ffffffff813ac689
[   45.576017]  ffff880007a96400 ffff880007a96400 0000000000000002 ffffffff81cd8d01
[   45.576017]  ffff880005d93d58 ffffffff813aa498 0000000000000001 00000000ffffffdd
[   45.576017] Call Trace:
[   45.576017]  [<ffffffff813ac689>] acpi_processor_hotplug+0x55/0x97
[   45.576017]  [<ffffffff813aa498>] acpi_cpu_soft_notify+0x93/0xce
[   45.576017]  [<ffffffff816ae47d>] notifier_call_chain+0x5d/0x110
[   45.576017]  [<ffffffff8109730e>] __raw_notifier_call_chain+0xe/0x10
[   45.576017]  [<ffffffff81069050>] __cpu_notify+0x20/0x40
[   45.576017]  [<ffffffff81069085>] cpu_notify+0x15/0x20
[   45.576017]  [<ffffffff816978f1>] _cpu_up+0xee/0x137
[   45.576017]  [<ffffffff81697983>] cpu_up+0x49/0x59
[   45.576017]  [<ffffffff8168758d>] store_online+0x9d/0xe0
[   45.576017]  [<ffffffff8140a9f8>] dev_attr_store+0x18/0x30
[   45.576017]  [<ffffffff812322c0>] sysfs_write_file+0xe0/0x150
[   45.576017]  [<ffffffff811b389c>] vfs_write+0xac/0x180
[   45.576017]  [<ffffffff811b3be2>] sys_write+0x52/0xa0
[   45.576017]  [<ffffffff816b31e9>] system_call_fastpath+0x16/0x1b
[   45.576017] Code: 48 c7 c7 40 e5 ca 81 e8 07 d0 18 00 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 48 83 ec 10 48 89 5d f0 4c 89 65 f8 48 89 fb <f6> 07 02 75 13 48 8b 5d f0 4c 8b 65 f8 c9 c3 66 0f 1f 84 00 00
[   45.576017] RIP  [<ffffffff81519f98>] cpuidle_disable_device+0x18/0x80
[   45.576017]  RSP <ffff880005d93ce8>
[   45.576017] CR2: 0000000000000000
[   45.656079] ---[ end trace 433d6c9ac0b02cef ]---

Analysis:
Commit 3d339dc (cpuidle / ACPI : move cpuidle_device field out of the
acpi_processor_power structure()) made the allocation of the dev structure
(struct cpuidle) of a CPU dynamic, whereas previously it was statically
allocated. And this dynamic allocation occurs in acpi_processor_power_init()
if pr->flags.power evaluates to non-zero.

On KVM guests, pr->flags.power evaluates to zero, hence dev is never
allocated. This causes the NULL pointer (dev) dereference in
cpuidle_disable_device() during a subsequent CPU online operation. Fix this
by ensuring that dev is non-NULL before dereferencing.

Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2012-10-08 22:52:54 -04:00
..
accessibility
acpi cpuidle / ACPI: fix potential NULL pointer dereference 2012-10-08 22:51:27 -04:00
amba
ata SCSI for-linus on 20121002 2012-10-02 19:01:32 -07:00
atm sections: fix section conflicts in drivers/atm 2012-10-06 03:04:40 +09:00
auxdisplay
base firmware: use 'kernel_read()' to read firmware into kernel buffer 2012-10-04 09:19:02 -07:00
bcma bcma: change delays to follow timers-howto guide 2012-09-28 13:54:02 -04:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-10-08 06:38:18 +09:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
bus drivers: bus: omap_l3: fixup merge conflict resolution 2012-10-01 19:39:48 -07:00
cdrom
char Merge branch 'virtio-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-07 21:04:56 +09:00
clk spi: Updates for v3.7 2012-10-02 17:26:42 -07:00
clocksource Power management updates for 3.7-rc1 2012-10-02 18:32:35 -07:00
connector Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
cpufreq Power management updates for 3.7-rc1 2012-10-02 18:32:35 -07:00
cpuidle ACPI idle, CPU hotplug: Fix NULL pointer dereference during hotplug 2012-10-08 22:52:54 -04:00
crypto ARM: soc: late platform updates 2012-10-07 20:55:16 +09:00
dca
devfreq
dio
dma Sound updates for 3.7-rc1 2012-10-09 07:07:14 +09:00
edac Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-10-06 03:16:12 +09:00
eisa
extcon Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2012-10-02 09:54:49 -07:00
firewire firewire: addendum to address handler RCU conversion 2012-09-28 11:47:42 +02:00
firmware
gpio ARM: soc: late platform updates 2012-10-07 20:55:16 +09:00
gpu Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2012-10-07 21:13:54 +10:00
hid Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2012-10-02 09:54:49 -07:00
hsi
hv
hwmon ARM: soc: late platform updates 2012-10-07 20:55:16 +09:00
hwspinlock
i2c Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-10-08 07:14:06 +09:00
ide sections: fix section conflicts in drivers/ide 2012-10-06 03:04:41 +09:00
idle
iio
infiniband Second batch of changes for the 3.7 merge window: 2012-10-07 17:19:49 +09:00
input Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-10-08 07:14:06 +09:00
iommu IOMMU Updates for Linux v3.7-rc1 2012-10-08 06:33:44 +09:00
irqchip
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
leds MFD bits for the 3.7 merge window. 2012-10-05 12:01:30 +09:00
lguest Merge branch 'virtio-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-07 21:04:56 +09:00
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-10-06 03:16:12 +09:00
md Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2012-10-02 09:54:49 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-10-07 17:49:05 +09:00
memory
memstick
message
mfd 1. New drivers: 2012-10-07 17:29:24 +09:00
misc Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2012-10-02 09:54:49 -07:00
mmc sections: fix section conflicts in drivers/mmc 2012-10-06 03:04:42 +09:00
mtd This pull request contains the UBI fastmap support implemented by Richard 2012-10-08 20:40:45 +09:00
net Second batch of changes for the 3.7 merge window: 2012-10-07 17:19:49 +09:00
nfc
nubus
of Devicetree updates for 3.7 2012-10-03 09:44:08 -07:00
oprofile
parisc
parport
pci Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-10-06 03:16:12 +09:00
pcmcia ARM: soc: multiplatform enablement 2012-10-01 19:11:38 -07:00
pinctrl ARM: soc: late platform updates 2012-10-07 20:55:16 +09:00
platform Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-10-08 07:14:06 +09:00
pnp
power 1. New drivers: 2012-10-07 17:29:24 +09:00
pps idr: rename MAX_LEVEL to MAX_IDR_LEVEL 2012-10-06 03:04:56 +09:00
ps3
ptp
pwm MFD bits for the 3.7 merge window. 2012-10-05 12:01:30 +09:00
rapidio rapidio: add destination ID allocation mechanism 2012-10-06 03:05:23 +09:00
regulator MFD bits for the 3.7 merge window. 2012-10-05 12:01:30 +09:00
remoteproc Merge branch 'virtio-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-07 21:04:56 +09:00
rpmsg Merge branch 'virtio-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-07 21:04:56 +09:00
rtc Merge branch 'akpm' (Andrew's patch-bomb) 2012-10-06 03:09:16 +09:00
s390 Merge branch 'virtio-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-07 21:04:56 +09:00
sbus
scsi Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-10-06 03:16:12 +09:00
sfi
sh ARM: soc: multiplatform enablement 2012-10-01 19:11:38 -07:00
sn
spi ARM: soc: late platform updates 2012-10-07 20:55:16 +09:00
ssb
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-10-07 17:49:05 +09:00
target Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-10-01 09:06:36 -07:00
tc
thermal idr: rename MAX_LEVEL to MAX_IDR_LEVEL 2012-10-06 03:04:56 +09:00
tty Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-10-06 03:16:12 +09:00
uio
usb Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-10-08 07:14:06 +09:00
uwb
vfio
vhost
video Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-10-06 03:16:12 +09:00
virt
virtio virtio_mmio: Don't attempt to create empty virtqueues 2012-09-28 15:05:16 +09:30
vlynq
vme
w1 char/misc driver merge for 3.7-rc1 2012-10-01 12:09:59 -07:00
watchdog Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu 2012-10-07 21:06:10 +09:00
xen Features: 2012-10-07 07:13:01 +09:00
zorro
Kconfig ARM: soc: driver specific changes 2012-10-01 18:46:13 -07:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00