From: Herbert Xu <herbert@gondor.apana.org.au>
To: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] padata: add separate cpuhp node for CPUHP_PADATA_DEAD
Date: Thu, 30 Apr 2020 15:29:42 +1000 [thread overview]
Message-ID: <20200430052942.GA11738@gondor.apana.org.au> (raw)
In-Reply-To: <20200421163455.2177998-1-daniel.m.jordan@oracle.com>
On Tue, Apr 21, 2020 at 12:34:55PM -0400, Daniel Jordan wrote:
> Removing the pcrypt module triggers this:
>
> general protection fault, probably for non-canonical
> address 0xdead000000000122
> CPU: 5 PID: 264 Comm: modprobe Not tainted 5.6.0+ #2
> Hardware name: QEMU Standard PC
> RIP: 0010:__cpuhp_state_remove_instance+0xcc/0x120
> Call Trace:
> padata_sysfs_release+0x74/0xce
> kobject_put+0x81/0xd0
> padata_free+0x12/0x20
> pcrypt_exit+0x43/0x8ee [pcrypt]
>
> padata instances wrongly use the same hlist node for the online and dead
> states, so __padata_free()'s second cpuhp remove call chokes on the node
> that the first poisoned.
>
> cpuhp multi-instance callbacks only walk forward in cpuhp_step->list and
> the same node is linked in both the online and dead lists, so the list
> corruption that results from padata_alloc() adding the node to a second
> list without removing it from the first doesn't cause problems as long
> as no instances are freed.
>
> Avoid the issue by giving each state its own node.
>
> Fixes: 894c9ef9780c ("padata: validate cpumask without removed CPU during offline")
> Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: Steffen Klassert <steffen.klassert@secunet.com>
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: stable@vger.kernel.org # v5.4+
> ---
> include/linux/padata.h | 6 ++++--
> kernel/padata.c | 14 ++++++++------
> 2 files changed, 12 insertions(+), 8 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
prev parent reply other threads:[~2020-04-30 5:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-21 16:34 [PATCH] padata: add separate cpuhp node for CPUHP_PADATA_DEAD Daniel Jordan
2020-04-22 13:27 ` Sasha Levin
2020-04-22 13:46 ` Daniel Jordan
2020-04-30 5:29 ` Herbert Xu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200430052942.GA11738@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=daniel.m.jordan@oracle.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.