Skip to main content

Browse the archive

https://github.com/torvalds/linux
29 July 2024, 15:18:00 UTC
Revision 3366cdb6d350d95466ee430ac50f3c8415ca8f46 authored by Olaf Hering on 07 September 2018, 14:31:35 UTC, committed by Boris Ostrovsky on 14 September 2018, 12:51:10 UTC 
xen: avoid crash in disable_hotplug_cpu
 
The command 'xl vcpu-set 0 0', issued in dom0, will crash dom0:

BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 7 PID: 65 Comm: xenwatch Not tainted 4.19.0-rc2-1.ga9462db-default #1 openSUSE Tumbleweed (unreleased)
Hardware name: Intel Corporation S5520UR/S5520UR, BIOS S5500.86B.01.00.0050.050620101605 05/06/2010
RIP: e030:device_offline+0x9/0xb0
Code: 77 24 00 e9 ce fe ff ff 48 8b 13 e9 68 ff ff ff 48 8b 13 e9 29 ff ff ff 48 8b 13 e9 ea fe ff ff 90 66 66 66 66 90 41 54 55 53 <f6> 87 d8 02 00 00 01 0f 85 88 00 00 00 48 c7 c2 20 09 60 81 31 f6
RSP: e02b:ffffc90040f27e80 EFLAGS: 00010203
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8801f3800000 RSI: ffffc90040f27e70 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff820e47b3 R09: 0000000000000000
R10: 0000000000007ff0 R11: 0000000000000000 R12: ffffffff822e6d30
R13: dead000000000200 R14: dead000000000100 R15: ffffffff8158b4e0
FS:  00007ffa595158c0(0000) GS:ffff8801f39c0000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000002d8 CR3: 00000001d9602000 CR4: 0000000000002660
Call Trace:
 handle_vcpu_hotplug_event+0xb5/0xc0
 xenwatch_thread+0x80/0x140
 ? wait_woken+0x80/0x80
 kthread+0x112/0x130
 ? kthread_create_worker_on_cpu+0x40/0x40
 ret_from_fork+0x3a/0x50

This happens because handle_vcpu_hotplug_event is called twice. In the
first iteration cpu_present is still true, in the second iteration
cpu_present is false which causes get_cpu_device to return NULL.
In case of cpu#0, cpu_online is apparently always true.

Fix this crash by checking if the cpu can be hotplugged, which is false
for a cpu that was just removed.

Also check if the cpu was actually offlined by device_remove, otherwise
leave the cpu_present state as it is.

Rearrange to code to do all work with device_hotplug_lock held.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
1 parent 197ecb3
History
Tip revision: 3366cdb6d350d95466ee430ac50f3c8415ca8f46 authored by Olaf Hering on 07 September 2018, 14:31:35 UTC
xen: avoid crash in disable_hotplug_cpu
Tip revision: 3366cdb
File Mode Size
ABI
EDID
PCI
RCU
accelerators
accounting
acpi
admin-guide
aoe
arm
arm64
auxdisplay
backlight
block
blockdev
bpf
bus-devices
cdrom
cgroup-v1
cma
connector
console
core-api
cpu-freq
cpuidle
crypto
dev-tools
device-mapper
devicetree
doc-guide
driver-api
driver-model
early-userspace
extcon
fault-injection
fb
features
filesystems
firmware_class
fmc
fpga
gpio
gpu
hid
hwmon
i2c
ia64
ide
iio
infiniband
input
ioctl
isdn
kbuild
kdump
kernel-hacking
laptops
leds
lightnvm
livepatch
locking
m68k
maintainer
md
media
memory-devices
mic
mips
misc-devices
mmc
mtd
namespaces
netlabel
networking
nfc
nios2
nvdimm
nvmem
openrisc
parisc
pcmcia
perf
phy
platform
power
powerpc
pps
process
pti
ptp
rapidio
riscv
s390
scheduler
scsi
security
serial
sh
sound
sparc
sphinx
sphinx-static
spi
sysctl
target
thermal
timers
trace
translations
usb
userspace-api
virtual
vm
w1
watchdog
wimax
x86
xtensa
.gitignore -rw-r--r-- 13 bytes
00-INDEX -rw-r--r-- 14.1 KB
Changes l--------- 19 bytes
CodingStyle -rw-r--r-- 48 bytes
DMA-API-HOWTO.txt -rw-r--r-- 34.1 KB
DMA-API.txt -rw-r--r-- 27.6 KB
DMA-ISA-LPC.txt -rw-r--r-- 5.1 KB
DMA-attributes.txt -rw-r--r-- 6.9 KB
IPMI.txt -rw-r--r-- 29.7 KB
IRQ-affinity.txt -rw-r--r-- 2.5 KB
IRQ-domain.txt -rw-r--r-- 10.9 KB
IRQ.txt -rw-r--r-- 994 bytes
Intel-IOMMU.txt -rw-r--r-- 3.9 KB
Makefile -rw-r--r-- 4.5 KB
SAK.txt -rw-r--r-- 3.0 KB
SM501.txt -rw-r--r-- 2.8 KB
SubmittingPatches -rw-r--r-- 54 bytes
atomic_bitops.txt -rw-r--r-- 1.5 KB
atomic_t.txt -rw-r--r-- 5.5 KB
bt8xxgpio.txt -rw-r--r-- 4.0 KB
btmrvl.txt -rw-r--r-- 2.7 KB
bus-virt-phys-mapping.txt -rw-r--r-- 8.0 KB
clearing-warn-once.txt -rw-r--r-- 224 bytes
conf.py -rw-r--r-- 19.0 KB
cpu-load.txt -rw-r--r-- 3.0 KB
cputopology.txt -rw-r--r-- 5.6 KB
crc32.txt -rw-r--r-- 8.6 KB
dcdbas.txt -rw-r--r-- 3.9 KB
debugging-modules.txt -rw-r--r-- 954 bytes
debugging-via-ohci1394.txt -rw-r--r-- 7.5 KB
dell_rbu.txt -rw-r--r-- 5.0 KB
digsig.txt -rw-r--r-- 3.0 KB
docutils.conf -rw-r--r-- 158 bytes
dontdiff -rw-r--r-- 2.5 KB
efi-stub.txt -rw-r--r-- 3.3 KB
eisa.txt -rw-r--r-- 7.6 KB
flexible-arrays.txt -rw-r--r-- 5.6 KB
futex-requeue-pi.txt -rw-r--r-- 5.1 KB
gcc-plugins.txt -rw-r--r-- 2.9 KB
highuid.txt -rw-r--r-- 2.6 KB
hw_random.txt -rw-r--r-- 3.8 KB
hwspinlock.txt -rw-r--r-- 12.5 KB
index.rst -rw-r--r-- 3.1 KB
intel_txt.txt -rw-r--r-- 10.3 KB
io-mapping.txt -rw-r--r-- 3.3 KB
io_ordering.txt -rw-r--r-- 2.0 KB
iostats.txt -rw-r--r-- 8.7 KB
irqflags-tracing.txt -rw-r--r-- 2.3 KB
isa.txt -rw-r--r-- 5.1 KB
isapnp.txt -rw-r--r-- 492 bytes
kernel-per-CPU-kthreads.txt -rw-r--r-- 13.3 KB
kobject.txt -rw-r--r-- 18.3 KB
kprobes.txt -rw-r--r-- 30.3 KB
kref.txt -rw-r--r-- 8.9 KB
ldm.txt -rw-r--r-- 4.6 KB
lockup-watchdogs.txt -rw-r--r-- 4.1 KB
logo.gif -rw-r--r-- 16.0 KB
logo.txt -rw-r--r-- 563 bytes
lsm.txt -rw-r--r-- 10.5 KB
lzo.txt -rw-r--r-- 7.9 KB
mailbox.txt -rw-r--r-- 4.4 KB
memory-barriers.txt -rw-r--r-- 114.7 KB
memory-hotplug.txt -rw-r--r-- 18.6 KB
men-chameleon-bus.txt -rw-r--r-- 5.7 KB
nommu-mmap.txt -rw-r--r-- 12.4 KB
ntb.txt -rw-r--r-- 10.8 KB
numastat.txt -rw-r--r-- 1.0 KB
padata.txt -rw-r--r-- 7.4 KB
parport-lowlevel.txt -rw-r--r-- 37.1 KB
percpu-rw-semaphore.txt -rw-r--r-- 1.1 KB
phy.txt -rw-r--r-- 7.8 KB
pi-futex.txt -rw-r--r-- 5.7 KB
pnp.txt -rw-r--r-- 7.0 KB
preempt-locking.txt -rw-r--r-- 5.6 KB
pwm.txt -rw-r--r-- 6.2 KB
rbtree.txt -rw-r--r-- 14.8 KB
remoteproc.txt -rw-r--r-- 12.6 KB
rfkill.txt -rw-r--r-- 5.0 KB
robust-futex-ABI.txt -rw-r--r-- 8.7 KB
robust-futexes.txt -rw-r--r-- 9.5 KB
rpmsg.txt -rw-r--r-- 13.1 KB
rtc.txt -rw-r--r-- 7.0 KB
sgi-ioc4.txt -rw-r--r-- 2.1 KB
siphash.txt -rw-r--r-- 6.3 KB
smsc_ece1099.txt -rw-r--r-- 2.5 KB
speculation.txt -rw-r--r-- 2.8 KB
static-keys.txt -rw-r--r-- 13.0 KB
svga.txt -rw-r--r-- 11.8 KB
switchtec.txt -rw-r--r-- 3.6 KB
sync_file.txt -rw-r--r-- 3.1 KB
tee.txt -rw-r--r-- 5.2 KB
this_cpu_ops.txt -rw-r--r-- 11.2 KB
unaligned-memory-access.txt -rw-r--r-- 10.4 KB
vfio-mediated-device.txt -rw-r--r-- 14.6 KB
vfio.txt -rw-r--r-- 21.2 KB
video-output.txt -rw-r--r-- 1.1 KB
xillybus.txt -rw-r--r-- 17.6 KB
xz.txt -rw-r--r-- 5.5 KB
zorro.txt -rw-r--r-- 2.9 KB
back to top