[PATCH] powerpc/powernv: Fix idle state allocation corruption

[PATCH] powerpc/powernv: Fix idle state allocation corruption

[Jack Miller]

pnv_alloc_idle_core_states is iterating over PACAs based on the
configured maximum number of CPUs (NR_CPUS), but PACAs are only
initialized up to nr_cpu_ids, so rein in loops to keep from overwriting
adjacent memory.

Signed-off-by: Jack Miller <millerjo@us.ibm.com>
---
 arch/powerpc/platforms/powernv/setup.c | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index ad0e32e..8e794b6 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -356,9 +356,8 @@ int pnv_save_sprs_for_winkle(void)
 
 static void pnv_alloc_idle_core_states(void)
 {
-	int i, j;
-	int nr_cores = cpu_nr_cores();
-	u32 *core_idle_state;
+	u32 *core_idle_state = NULL;
+	int i, thread;
 
 	/*
 	 * core_idle_state - First 8 bits track the idle state of each thread
@@ -371,20 +370,17 @@ static void pnv_alloc_idle_core_states(void)
 	 * b. While the last thread in the core is saving the core state, it
 	 * prevents a different thread from waking up.
 	 */
-	for (i = 0; i < nr_cores; i++) {
-		int first_cpu = i * threads_per_core;
-		int node = cpu_to_node(first_cpu);
+	for (i = 0; i < nr_cpu_ids; i++) {
+		thread = i % threads_per_core;
 
-		core_idle_state = kmalloc_node(sizeof(u32), GFP_KERNEL, node);
-		*core_idle_state = PNV_CORE_IDLE_THREAD_BITS;
-
-		for (j = 0; j < threads_per_core; j++) {
-			int cpu = first_cpu + j;
-
-			paca[cpu].core_idle_state_ptr = core_idle_state;
-			paca[cpu].thread_idle_state = PNV_THREAD_RUNNING;
-			paca[cpu].thread_mask = 1 << j;
+		if (thread == 0) {
+			core_idle_state = kmalloc_node(sizeof(u32), GFP_KERNEL, cpu_to_node(i));
+			*core_idle_state = PNV_CORE_IDLE_THREAD_BITS;
 		}
+
+		paca[i].core_idle_state_ptr = core_idle_state;
+		paca[i].thread_idle_state = PNV_THREAD_RUNNING;
+		paca[i].thread_mask = 1 << thread;
 	}
 
 	update_subcore_sibling_mask();
-- 
2.4.1

Re: [PATCH] powerpc/powernv: Fix idle state allocation corruption

[Shreyas B Prabhu]

On Wednesday 20 May 2015 10:43 PM, Jack Miller wrote:
> pnv_alloc_idle_core_states is iterating over PACAs based on the
> configured maximum number of CPUs (NR_CPUS), but PACAs are only
> initialized up to nr_cpu_ids, so rein in loops to keep from overwriting
> adjacent memory.
> 

Hi Jack,

Jan Stancek has a patch fixing this (d52356e7f powerpc: fix memory
corruption by pnv_alloc_idle_core_states).

Thanks,
Shreyas

> Signed-off-by: Jack Miller <millerjo@us.ibm.com>
> ---
>  arch/powerpc/platforms/powernv/setup.c | 26 +++++++++++---------------
>  1 file changed, 11 insertions(+), 15 deletions(-)
> 
> diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
> index ad0e32e..8e794b6 100644
> --- a/arch/powerpc/platforms/powernv/setup.c
> +++ b/arch/powerpc/platforms/powernv/setup.c
> @@ -356,9 +356,8 @@ int pnv_save_sprs_for_winkle(void)
> 
>  static void pnv_alloc_idle_core_states(void)
>  {
> -	int i, j;
> -	int nr_cores = cpu_nr_cores();
> -	u32 *core_idle_state;
> +	u32 *core_idle_state = NULL;
> +	int i, thread;
> 
>  	/*
>  	 * core_idle_state - First 8 bits track the idle state of each thread
> @@ -371,20 +370,17 @@ static void pnv_alloc_idle_core_states(void)
>  	 * b. While the last thread in the core is saving the core state, it
>  	 * prevents a different thread from waking up.
>  	 */
> -	for (i = 0; i < nr_cores; i++) {
> -		int first_cpu = i * threads_per_core;
> -		int node = cpu_to_node(first_cpu);
> +	for (i = 0; i < nr_cpu_ids; i++) {
> +		thread = i % threads_per_core;
> 
> -		core_idle_state = kmalloc_node(sizeof(u32), GFP_KERNEL, node);
> -		*core_idle_state = PNV_CORE_IDLE_THREAD_BITS;
> -
> -		for (j = 0; j < threads_per_core; j++) {
> -			int cpu = first_cpu + j;
> -
> -			paca[cpu].core_idle_state_ptr = core_idle_state;
> -			paca[cpu].thread_idle_state = PNV_THREAD_RUNNING;
> -			paca[cpu].thread_mask = 1 << j;
> +		if (thread == 0) {
> +			core_idle_state = kmalloc_node(sizeof(u32), GFP_KERNEL, cpu_to_node(i));
> +			*core_idle_state = PNV_CORE_IDLE_THREAD_BITS;
>  		}
> +
> +		paca[i].core_idle_state_ptr = core_idle_state;
> +		paca[i].thread_idle_state = PNV_THREAD_RUNNING;
> +		paca[i].thread_mask = 1 << thread;
>  	}
> 
>  	update_subcore_sibling_mask();
> 

Re: [PATCH] powerpc/powernv: Fix idle state allocation corruption

[Jack Miller]

On Wed, May 20, 2015 at 10:58:42PM +0530, Shreyas B Prabhu wrote:
> 
> 
> On Wednesday 20 May 2015 10:43 PM, Jack Miller wrote:
> > pnv_alloc_idle_core_states is iterating over PACAs based on the
> > configured maximum number of CPUs (NR_CPUS), but PACAs are only
> > initialized up to nr_cpu_ids, so rein in loops to keep from overwriting
> > adjacent memory.
> > 
> 
> Hi Jack,
> 
> Jan Stancek has a patch fixing this (d52356e7f powerpc: fix memory
> corruption by pnv_alloc_idle_core_states).

Must've missed it, just ran into the issue and didn't see a fix upstream.
Just found it in the April list archive.

Thanks,

- Jack