From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
David Vrabel <david.vrabel@citrix.com>
Subject: [PATCH 3.10 80/80] xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted.
Date: Tue, 1 Mar 2016 15:46:14 -0800 [thread overview]
Message-ID: <20160301234352.183196588@linuxfoundation.org> (raw)
In-Reply-To: <20160301234349.667990420@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit 4d8c8bd6f2062c9988817183a91fe2e623c8aa5e upstream.
Occasionaly PV guests would crash with:
pciback 0000:00:00.1: Xen PCI mapped GSI0 to IRQ16
BUG: unable to handle kernel paging request at 0000000d1a8c0be0
.. snip..
<ffffffff8139ce1b>] find_next_bit+0xb/0x10
[<ffffffff81387f22>] cpumask_next_and+0x22/0x40
[<ffffffff813c1ef8>] pci_device_probe+0xb8/0x120
[<ffffffff81529097>] ? driver_sysfs_add+0x77/0xa0
[<ffffffff815293e4>] driver_probe_device+0x1a4/0x2d0
[<ffffffff813c1ddd>] ? pci_match_device+0xdd/0x110
[<ffffffff81529657>] __device_attach_driver+0xa7/0xb0
[<ffffffff815295b0>] ? __driver_attach+0xa0/0xa0
[<ffffffff81527622>] bus_for_each_drv+0x62/0x90
[<ffffffff8152978d>] __device_attach+0xbd/0x110
[<ffffffff815297fb>] device_attach+0xb/0x10
[<ffffffff813b75ac>] pci_bus_add_device+0x3c/0x70
[<ffffffff813b7618>] pci_bus_add_devices+0x38/0x80
[<ffffffff813dc34e>] pcifront_scan_root+0x13e/0x1a0
[<ffffffff817a0692>] pcifront_backend_changed+0x262/0x60b
[<ffffffff814644c6>] ? xenbus_gather+0xd6/0x160
[<ffffffff8120900f>] ? put_object+0x2f/0x50
[<ffffffff81465c1d>] xenbus_otherend_changed+0x9d/0xa0
[<ffffffff814678ee>] backend_changed+0xe/0x10
[<ffffffff81463a28>] xenwatch_thread+0xc8/0x190
[<ffffffff810f22f0>] ? woken_wake_function+0x10/0x10
which was the result of two things:
When we call pci_scan_root_bus we would pass in 'sd' (sysdata)
pointer which was an 'pcifront_sd' structure. However in the
pci_device_add it expects that the 'sd' is 'struct sysdata' and
sets the dev->node to what is in sd->node (offset 4):
set_dev_node(&dev->dev, pcibus_to_node(bus));
__pcibus_to_node(const struct pci_bus *bus)
{
const struct pci_sysdata *sd = bus->sysdata;
return sd->node;
}
However our structure was pcifront_sd which had nothing at that
offset:
struct pcifront_sd {
int domain; /* 0 4 */
/* XXX 4 bytes hole, try to pack */
struct pcifront_device * pdev; /* 8 8 */
}
That is an hole - filled with garbage as we used kmalloc instead of
kzalloc (the second problem).
This patch fixes the issue by:
1) Use kzalloc to initialize to a well known state.
2) Put 'struct pci_sysdata' at the start of 'pcifront_sd'. That
way access to the 'node' will access the right offset.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/xen-pcifront.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/pci/xen-pcifront.c
+++ b/drivers/pci/xen-pcifront.c
@@ -51,7 +51,7 @@ struct pcifront_device {
};
struct pcifront_sd {
- int domain;
+ struct pci_sysdata sd;
struct pcifront_device *pdev;
};
@@ -65,7 +65,9 @@ static inline void pcifront_init_sd(stru
unsigned int domain, unsigned int bus,
struct pcifront_device *pdev)
{
- sd->domain = domain;
+ /* Because we do not expose that information via XenBus. */
+ sd->sd.node = first_online_node;
+ sd->sd.domain = domain;
sd->pdev = pdev;
}
@@ -463,8 +465,8 @@ static int pcifront_scan_root(struct pci
dev_info(&pdev->xdev->dev, "Creating PCI Frontend Bus %04x:%02x\n",
domain, bus);
- bus_entry = kmalloc(sizeof(*bus_entry), GFP_KERNEL);
- sd = kmalloc(sizeof(*sd), GFP_KERNEL);
+ bus_entry = kzalloc(sizeof(*bus_entry), GFP_KERNEL);
+ sd = kzalloc(sizeof(*sd), GFP_KERNEL);
if (!bus_entry || !sd) {
err = -ENOMEM;
goto err_out;
next prev parent reply other threads:[~2016-03-02 2:16 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-01 23:44 [PATCH 3.10 00/80] 3.10.99-stable review Greg Kroah-Hartman
2016-03-01 23:44 ` [PATCH 3.10 01/80] tracepoints: Do not trace when cpu is offline Greg Kroah-Hartman
2016-03-01 23:44 ` [PATCH 3.10 02/80] drm/ast: Initialized data needed to map fbdev memory Greg Kroah-Hartman
2016-03-01 23:44 ` [PATCH 3.10 03/80] netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get Greg Kroah-Hartman
2016-03-01 23:44 ` [PATCH 3.10 04/80] bcache: unregister reboot notifier if bcache fails to unregister device Greg Kroah-Hartman
2016-03-01 23:44 ` [PATCH 3.10 05/80] tools: Add a "make all" rule Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 06/80] drm/radeon: fix hotplug race at startup Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 07/80] efi: Disable interrupts around EFI calls, not in the epilog/prolog calls Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 08/80] dm thin metadata: fix bug when taking a metadata snapshot Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 09/80] dm thin: fix race condition when destroying thin pool workqueue Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 10/80] can: ems_usb: Fix possible tx overflow Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 11/80] USB: cp210x: add IDs for GE B650V3 and B850V3 boards Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 12/80] USB: option: add support for SIM7100E Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 14/80] proc: Fix ptrace-based permission checks for accessing task maps Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 15/80] iw_cxgb3: Fix incorrectly returning error on success Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 16/80] MIPS: KVM: Fix ASID restoration logic Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 17/80] MIPS: KVM: Fix CACHE immediate offset sign extension Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 18/80] MIPS: KVM: Uninit VCPU in vcpu_create error path Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 19/80] splice: sendfile() at once fails for big files Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 21/80] unix: correctly track in-flight fds in sending process user_struct Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 23/80] dts: vt8500: Add SDHC node to DTS file for WM8650 Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 24/80] clocksource/drivers/vt8500: Increase the minimum delta Greg Kroah-Hartman
2016-03-01 23:45 ` Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 25/80] lockd: create NSM handles per net namespace Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 26/80] devres: fix a for loop bounds check Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 27/80] wm831x_power: Use IRQF_ONESHOT to request threaded IRQs Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 28/80] megaraid_sas: Do not use PAGE_SIZE for max_sectors Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 29/80] megaraid_sas : SMAP restriction--do not access user memory from IOCTL code Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 30/80] mmc: remove bondage between REQ_META and reliable write Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 31/80] mac: validate mac_partition is within sector Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 32/80] ARC: dw2 unwind: Remove falllback linear search thru FDE entries Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 33/80] vfs: Avoid softlockups with sendfile(2) Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 34/80] ring-buffer: Update read stamp with first real commit on page Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 35/80] virtio: fix memory leak of virtio ida cache layers Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 36/80] mac80211: mesh: fix call_rcu() usage Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 37/80] RDS: fix race condition when sending a message on unbound socket Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 38/80] can: sja1000: clear interrupts on start Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 39/80] sched/core: Remove false-positive warning from wake_up_process() Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 40/80] sata_sil: disable trim Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 41/80] dm btree: fix bufio buffer leaks in dm_btree_del() error path Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 42/80] vgaarb: fix signal handling in vga_get() Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 43/80] rfkill: copy the name into the rfkill struct Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 44/80] ses: Fix problems with simple enclosures Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 45/80] ses: fix additional element traversal bug Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 46/80] scripts: recordmcount: break hardlinks Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 47/80] Btrfs: add missing brelse when superblock checksum fails Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 48/80] Btrfs: igrab inode in writepage Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 49/80] Btrfs: send, dont BUG_ON() when an empty symlink is found Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 50/80] Btrfs: fix number of transaction units required to create symlink Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 51/80] s390: fix normalization bug in exception table sorting Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 52/80] s390/dasd: prevent incorrect length error under z/VM after PAV changes Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 53/80] s390/dasd: fix refcount for PAV reassignment Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 54/80] uml: flush stdout before forking Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 55/80] uml: fix hostfs mknod() Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 56/80] [media] media: dvb-core: Dont force CAN_INVERSION_AUTO in oneshot mode Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 57/80] [media] gspca: ov534/topro: prevent a division by 0 Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 58/80] [media] tda1004x: only update the frontend properties if locked Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 59/80] dm snapshot: fix hung bios when copy error occurs Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 60/80] posix-clock: Fix return code on the poll methods error path Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 61/80] mmc: mmci: fix an ages old detection error Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 62/80] sparc64: fix incorrect sign extension in sys_sparc64_personality Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 63/80] drm/vmwgfx: respect nomodeset Greg Kroah-Hartman
2016-03-01 23:45 ` [PATCH 3.10 64/80] drm/radeon: clean up fujitsu quirks Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 67/80] IB/qib: fix mcast detach when qp not attached Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 68/80] libceph: dont bail early from try_read() when skipping a message Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 69/80] cdc-acm:exclude Samsung phone 04e8:685d Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 70/80] rfkill: fix rfkill_fop_read wait_event usage Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 71/80] Revert "workqueue: make sure delayed work run in local cpu" Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 72/80] libata: fix sff host state machine locking while polling Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 73/80] PCI/AER: Flush workqueue on device remove to avoid use-after-free Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 74/80] nfs: fix nfs_size_to_loff_t Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 75/80] KVM: async_pf: do not warn on page allocation failures Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 76/80] tracing: Fix showing function event in available_events Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 77/80] sunrpc/cache: fix off-by-one in qword_get() Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 78/80] kernel/resource.c: fix muxed resource handling in __request_region() Greg Kroah-Hartman
2016-03-01 23:46 ` [PATCH 3.10 79/80] do_last(): dont let a bogus return value from ->open() et.al. to confuse us Greg Kroah-Hartman
2016-03-01 23:46 ` Greg Kroah-Hartman [this message]
2016-03-02 1:37 ` [PATCH 3.10 00/80] 3.10.99-stable review Shuah Khan
2016-03-02 14:32 ` Guenter Roeck
2016-03-02 15:48 ` Willy Tarreau
2016-03-02 17:29 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160301234352.183196588@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=boris.ostrovsky@oracle.com \
--cc=david.vrabel@citrix.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.