All of lore.kernel.org
 help / color / mirror / Atom feed
From: zanussi@kernel.org
To: LKML <linux-kernel@vger.kernel.org>,
	linux-rt-users <linux-rt-users@vger.kernel.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Carsten Emde <C.Emde@osadl.org>, John Kacur <jkacur@redhat.com>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	Daniel Wagner <wagi@monom.org>, Tom Zanussi <zanussi@kernel.org>
Subject: [PATCH RT 01/23] Fix wrong-variable use in irq_set_affinity_notifier
Date: Thu, 27 Feb 2020 08:33:12 -0600	[thread overview]
Message-ID: <3e96d7fce5c890b243bd194810f1675bbcadf253.1582814004.git.zanussi@kernel.org> (raw)
In-Reply-To: <cover.1582814004.git.zanussi@kernel.org>
In-Reply-To: <cover.1582814004.git.zanussi@kernel.org>

From: Joe Korty <joe.korty@concurrent-rt.com>

v4.14.170-rt75-rc2 stable review patch.
If anyone has any objections, please let me know.

-----------


[ Fixes upstream commit 3e4242082f0384311f15ab9c93e2620268c6257f,
  which erroneously switched old_notify->work to notify->work when
  fixing a merge conflict ]

4.14-rt: Fix wrong-variable use in irq_set_affinity_notifier.

The bug was introduced in the 4.14-rt patch

   0461-genirq-Handle-missing-work_struct-in-irq_set_affinit.patch

The symptom is a NULL pointer panic in the i40e driver on
system shutdown.

    Rebooting.
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
    IP: __kthread_cancel_work_sync+0x12/0xa0
    CPU: 15 PID: 6274 Comm: reboot Not tainted 4.14.155-rt70-RedHawk-8.0.2-prt-trace #1
    task: ffff9ef0d1a58000 task.stack: ffffbe540c038000
    RIP: 0010:__kthread_cancel_work_sync+0x12/0xa0
    RSP: 0018:ffffbe540c03bbd8 EFLAGS: 00010296
    RAX: 0000084000000020 RBX: 0000000000000000 RCX: 0000000000000034
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
    RBP: ffffbe540c03bc00 R08: ffff9ee8ccdc3800 R09: ffff9ef0d8c0c000
    R10: ffff9ef0d8c0c028 R11: 0000000000000040 R12: ffff9ee8ccdc3800
    R13: 0000000000000000 R14: ffff9ee8ccdc3960 R15: 0000000000000074
    FS:  00007ffff7fcf380(0000) GS:ffff9ef0ffdc0000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000020 CR3: 000000104b428003 CR4: 00000000005606e0
    DR0: 00000000006040e0 DR1: 00000000006040e8 DR2: 00000000006040f0
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
    PKRU: 55555554

    Call Trace:
     kthread_cancel_work_sync+0xb/0x10
     irq_set_affinity_notifier+0x8e/0xc0
     i40e_vsi_free_irq+0xbc/0x230 [i40e]
     i40e_vsi_close+0x24/0xa0 [i40e]
     i40e_close+0x10/0x20 [i40e]
     i40e_quiesce_vsi.part.40+0x30/0x40 [i40e]
     i40e_pf_quiesce_all_vsi.isra.41+0x34/0x50 [i40e]
     i40e_prep_for_reset+0x67/0x110 [i40e]
     i40e_shutdown+0x39/0x220 [i40e]
     pci_device_shutdown+0x2b/0x50
     device_shutdown+0x147/0x1f0
     kernel_restart_prepare+0x71/0x74
     kernel_restart+0xd/0x4e
     SyS_reboot.cold.1+0x9/0x34
     do_syscall_64+0x7c/0x150

4.19-rt and above do not have this problem due to a refactoring.

Signed-off-by: Joe Korty <Joe.Korty@concurrent-rt.com>
Signed-off-by: Tom Zanussi <zanussi@kernel.org>
---
 kernel/irq/manage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
index 071691963f7b..12702d48aaa3 100644
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -353,7 +353,7 @@ irq_set_affinity_notifier(unsigned int irq, struct irq_affinity_notify *notify)
 
 	if (old_notify) {
 #ifdef CONFIG_PREEMPT_RT_BASE
-		kthread_cancel_work_sync(&notify->work);
+		kthread_cancel_work_sync(&old_notify->work);
 #else
 		cancel_work_sync(&old_notify->work);
 #endif
-- 
2.14.1


  reply	other threads:[~2020-02-27 14:35 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-27 14:33 [PATCH RT 00/23] Linux v4.14.170-rt75-rc2 zanussi
2020-02-27 14:33 ` zanussi [this message]
2020-02-27 14:33 ` [PATCH RT 02/23] i2c: exynos5: Remove IRQF_ONESHOT zanussi
2020-02-27 14:33 ` [PATCH RT 03/23] i2c: hix5hd2: " zanussi
2020-02-27 14:33 ` [PATCH RT 04/23] x86: preempt: Check preemption level before looking at lazy-preempt zanussi
2020-02-27 14:33 ` [PATCH RT 05/23] sched: migrate_dis/enable: Use sleeping_lock…() to annotate sleeping points zanussi
2020-02-27 14:33 ` [PATCH RT 06/23] sched: __set_cpus_allowed_ptr: Check cpus_mask, not cpus_ptr zanussi
2020-02-27 14:33 ` [PATCH RT 07/23] sched: Remove dead __migrate_disabled() check zanussi
2020-02-27 14:33 ` [PATCH RT 08/23] sched: migrate disable: Protect cpus_ptr with lock zanussi
2020-02-27 14:33 ` [PATCH RT 09/23] lib/smp_processor_id: Don't use cpumask_equal() zanussi
2020-02-27 14:33 ` [PATCH RT 10/23] futex: Make the futex_hash_bucket spinlock_t again and bring back its old state zanussi
2020-02-27 14:33 ` [PATCH RT 11/23] locking/rtmutex: Clean ->pi_blocked_on in the error case zanussi
2020-02-27 14:33 ` [PATCH RT 12/23] lib/ubsan: Don't seralize UBSAN report zanussi
2020-02-27 14:33 ` [PATCH RT 13/23] kmemleak: Change the lock of kmemleak_object to raw_spinlock_t zanussi
2020-02-27 14:33 ` [PATCH RT 14/23] Revert "ARM: Initialize split page table locks for vector page" zanussi
2020-02-27 14:33 ` [PATCH RT 15/23] locking: Make spinlock_t and rwlock_t a RCU section on RT zanussi
2020-02-27 14:33 ` [PATCH RT 16/23] sched: migrate_enable: Use select_fallback_rq() zanussi
2020-02-27 14:33 ` [PATCH RT 17/23] sched: Lazy migrate_disable processing zanussi
2020-02-27 14:33 ` [PATCH RT 18/23] sched: migrate_enable: Use stop_one_cpu_nowait() zanussi
2020-02-27 14:33 ` [PATCH RT 19/23] sched/core: migrate_enable() must access takedown_cpu_task on !HOTPLUG_CPU zanussi
2020-02-27 14:33 ` [PATCH RT 20/23] lib/smp_processor_id: Adjust check_preemption_disabled() zanussi
2020-02-27 14:33 ` [PATCH RT 21/23] sched: migrate_enable: Busy loop until the migration request is completed zanussi
2020-03-03 19:56   ` Scott Wood
2020-03-03 20:39     ` Tom Zanussi
2020-03-03 21:19       ` Scott Wood
2020-03-03 21:54         ` Steven Rostedt
2020-03-05 13:38   ` David Laight
2020-03-05 17:58     ` Tom Zanussi
2020-02-27 14:33 ` [PATCH RT 22/23] sched/deadline: Ensure inactive_timer runs in hardirq context zanussi
2020-02-27 14:33 ` [PATCH RT 23/23] Linux 4.14.170-rt75-rc2 zanussi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3e96d7fce5c890b243bd194810f1675bbcadf253.1582814004.git.zanussi@kernel.org \
    --to=zanussi@kernel.org \
    --cc=C.Emde@osadl.org \
    --cc=bigeasy@linutronix.de \
    --cc=jkacur@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-rt-users@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=tglx@linutronix.de \
    --cc=wagi@monom.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.