From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Olaf Hering <olaf@aepfle.de>, xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] xen: avoid crash in disable_hotplug_cpu
Date: Thu, 6 Sep 2018 14:45:57 -0400 [thread overview]
Message-ID: <b7306d7f-e827-6556-e1bb-4b934a162e46__4606.36328575692$1536259438$gmane$org@oracle.com> (raw)
In-Reply-To: <20180906063712.28639-1-olaf@aepfle.de>
On 09/06/2018 02:37 AM, Olaf Hering wrote:
> The command 'xl vcpu-set 0 0', issued in dom0, will crash dom0:
>
> BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8
> PGD 0 P4D 0
> Oops: 0000 [#1] PREEMPT SMP NOPTI
> CPU: 7 PID: 65 Comm: xenwatch Not tainted 4.19.0-rc2-1.ga9462db-default #1 openSUSE Tumbleweed (unreleased)
> Hardware name: Intel Corporation S5520UR/S5520UR, BIOS S5500.86B.01.00.0050.050620101605 05/06/2010
> RIP: e030:device_offline+0x9/0xb0
> Code: 77 24 00 e9 ce fe ff ff 48 8b 13 e9 68 ff ff ff 48 8b 13 e9 29 ff ff ff 48 8b 13 e9 ea fe ff ff 90 66 66 66 66 90 41 54 55 53 <f6> 87 d8 02 00 00 01 0f 85 88 00 00 00 48 c7 c2 20 09 60 81 31 f6
> RSP: e02b:ffffc90040f27e80 EFLAGS: 00010203
> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: ffff8801f3800000 RSI: ffffc90040f27e70 RDI: 0000000000000000
> RBP: 0000000000000000 R08: ffffffff820e47b3 R09: 0000000000000000
> R10: 0000000000007ff0 R11: 0000000000000000 R12: ffffffff822e6d30
> R13: dead000000000200 R14: dead000000000100 R15: ffffffff8158b4e0
> FS: 00007ffa595158c0(0000) GS:ffff8801f39c0000(0000) knlGS:0000000000000000
> CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00000000000002d8 CR3: 00000001d9602000 CR4: 0000000000002660
> Call Trace:
> handle_vcpu_hotplug_event+0xb5/0xc0
> xenwatch_thread+0x80/0x140
> ? wait_woken+0x80/0x80
> kthread+0x112/0x130
> ? kthread_create_worker_on_cpu+0x40/0x40
> ret_from_fork+0x3a/0x50
>
> This happens because handle_vcpu_hotplug_event is called twice. In the
> first iteration cpu_present is still true, in the second iteration
> cpu_present is false which causes get_cpu_device to return NULL.
> In case of cpu#0, cpu_online is apparently always true.
>
> Fix this crash by checking if the cpu can be hotplugged, which is false
> for a cpu that was just removed.
>
> Signed-off-by: Olaf Hering <olaf@aepfle.de>
> ---
> drivers/xen/cpu_hotplug.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/xen/cpu_hotplug.c b/drivers/xen/cpu_hotplug.c
> index d4265c8ebb22..bf1e41ed9d41 100644
> --- a/drivers/xen/cpu_hotplug.c
> +++ b/drivers/xen/cpu_hotplug.c
> @@ -19,6 +19,8 @@ static void enable_hotplug_cpu(int cpu)
>
> static void disable_hotplug_cpu(int cpu)
> {
> + if (!cpu_is_hotpluggable(cpu))
I think we should check both this and num_online_cpus() != 0.
Even though I don't believe cpu0_hotpluggable currently works, at some
point it might.
-boris
> + return;
> if (cpu_online(cpu)) {
> lock_device_hotplug();
> device_offline(get_cpu_device(cpu));
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-09-06 18:44 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-06 6:37 [PATCH v2] xen: avoid crash in disable_hotplug_cpu Olaf Hering
2018-09-06 18:45 ` Boris Ostrovsky
2018-09-06 20:31 ` Olaf Hering
2018-09-06 22:53 ` Boris Ostrovsky
2018-09-06 22:53 ` Boris Ostrovsky
2018-09-07 5:15 ` Juergen Gross
2018-09-07 5:15 ` Juergen Gross
2018-09-07 5:45 ` Olaf Hering
2018-09-07 5:45 ` Olaf Hering
2018-09-06 20:31 ` Olaf Hering
2018-09-06 18:45 ` Boris Ostrovsky [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-09-06 6:37 Olaf Hering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='b7306d7f-e827-6556-e1bb-4b934a162e46__4606.36328575692$1536259438$gmane$org@oracle.com' \
--to=boris.ostrovsky@oracle.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.