From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Juergen Gross <jgross@suse.com>,
David Vrabel <david.vrabel@citrix.com>
Subject: [PATCH 3.19 086/123] xen/events: avoid NULL pointer dereference in dom0 on large machines
Date: Tue, 24 Mar 2015 16:46:35 +0100 [thread overview]
Message-ID: <20150324154427.900505276@linuxfoundation.org> (raw)
In-Reply-To: <20150324154423.655554012@linuxfoundation.org>
3.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit 85e40b0539b24518c8bdf63e2605c8522377d00f upstream.
Using the pvops kernel a NULL pointer dereference was detected on a
large machine (144 processors) when booting as dom0 in
evtchn_fifo_unmask() during assignment of a pirq.
The event channel in question was the first to need a new entry in
event_array[] in events_fifo.c. Unfortunately xen_irq_info_pirq_setup()
is called with evtchn being 0 for a new pirq and the real event channel
number is assigned to the pirq only during __startup_pirq().
It is mandatory to call xen_evtchn_port_setup() after assigning the
event channel number to the pirq to make sure all memory needed for the
event channel is allocated.
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/events/events_base.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -526,20 +526,26 @@ static unsigned int __startup_pirq(unsig
pirq_query_unmask(irq);
rc = set_evtchn_to_irq(evtchn, irq);
- if (rc != 0) {
- pr_err("irq%d: Failed to set port to irq mapping (%d)\n",
- irq, rc);
- xen_evtchn_close(evtchn);
- return 0;
- }
+ if (rc)
+ goto err;
+
bind_evtchn_to_cpu(evtchn, 0);
info->evtchn = evtchn;
+ rc = xen_evtchn_port_setup(info);
+ if (rc)
+ goto err;
+
out:
unmask_evtchn(evtchn);
eoi_pirq(irq_get_irq_data(irq));
return 0;
+
+err:
+ pr_err("irq%d: Failed to set port to irq mapping (%d)\n", irq, rc);
+ xen_evtchn_close(evtchn);
+ return 0;
}
static unsigned int startup_pirq(struct irq_data *data)
next prev parent reply other threads:[~2015-03-24 17:13 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-24 15:45 [PATCH 3.19 000/123] 3.19.3-stable review Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 001/123] sparc: semtimedop() unreachable due to comparison error Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 002/123] sparc: perf: Remove redundant perf_pmu_{en|dis}able calls Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 003/123] sparc: perf: Make counting mode actually work Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 004/123] sparc: Touch NMI watchdog when walking cpus and calling printk Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 005/123] sparc64: Fix several bugs in memmove() Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 006/123] net_sched: fix struct tc_u_hnode layout in u32 Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 007/123] net: fec: fix receive VLAN CTAG HW acceleration issue Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 008/123] tcp: fix tcp_cong_avoid_ai() credit accumulation bug with decreases in w Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 009/123] tcp: restore 1.5x per RTT limit to CUBIC cwnd growth in congestion avoidance Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 010/123] net: sysctl_net_core: check SNDBUF and RCVBUF for min length Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 011/123] rds: avoid potential stack overflow Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 012/123] virtio-net: correctly delete napi hash Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 013/123] inet_diag: fix possible overflow in inet_diag_dump_one_icsk() Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 014/123] caif: fix MSG_OOB test in caif_seqpkt_recvmsg() Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 015/123] rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg() Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 016/123] net/mlx4_en: Fix off-by-one in ethtool statistics display Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 017/123] Revert "net: cx82310_eth: use common match macro" Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 018/123] ipv6: call ipv6_proxy_select_ident instead of ipv6_select_ident in udp6_ufo_fragment Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 019/123] ipv6: fix backtracking for throw routes Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 020/123] tcp: fix tcp fin memory accounting Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 021/123] net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 022/123] net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 023/123] arm64: Honor __GFP_ZERO in dma allocations Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 024/123] arm64: Invalidate the TLB corresponding to intermediate page table levels Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 026/123] drm/radeon: do a posting read in evergreen_set_irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 027/123] drm/radeon: do a posting read in r100_set_irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 028/123] drm/radeon: do a posting read in r600_set_irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 029/123] drm/radeon: do a posting read in cik_set_irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 030/123] drm/radeon: do a posting read in si_set_irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 031/123] drm/radeon: do a posting read in rs600_set_irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 032/123] drm/radeon: fix interlaced modes on DCE8 Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 035/123] drm/radeon: Changing number of compute pipe lines Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 037/123] LZ4 : fix the data abort issue Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 038/123] fuse: set stolen page uptodate Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 039/123] fuse: notify: dont move pages Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 040/123] serial: core: Fix iotype userspace breakage Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 041/123] serial: 8250_dw: Fix deadlock in LCR workaround Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 042/123] console: Fix console name size mismatch Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 043/123] virtio_console: init work unconditionally Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 044/123] virtio_console: avoid config access from irq Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 045/123] Change email address for 8250_pci Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 046/123] ftrace: Clear REGS_EN and TRAMP_EN flags on disabling record via sysctl Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 047/123] ftrace: Fix en(dis)able graph caller when en(dis)abling " Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 048/123] ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 049/123] can: add missing initialisations in CAN related skbuffs Greg Kroah-Hartman
2015-03-24 15:45 ` [PATCH 3.19 050/123] can: kvaser_usb: Read all messages in a bulk-in URB buffer Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 051/123] workqueue: fix hang involving racing cancel[_delayed]_work_sync()s for PREEMPT_NONE Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 052/123] seq_buf: Fix seq_buf_vprintf() truncation Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 053/123] seq_buf: Fix seq_buf_bprintf() truncation Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 054/123] cpuset: initialize effective masks when clone_children is enabled Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 055/123] cpuset: fix a warning when clearing configured masks in old hierarchy Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 056/123] cpuset: Fix cpuset sched_relax_domain_level Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 057/123] tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 058/123] tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 059/123] s390/pci: fix possible information leak in mmio syscall Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 060/123] spi: atmel: Fix interrupt setup for PDC transfers Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 061/123] spi: dw-mid: avoid potential NULL dereference Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 062/123] spi: pl022: Fix race in giveback() leading to driver lock-up Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 064/123] ALSA: control: Add sanity checks for user ctl id name string Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 065/123] ALSA: hda - Fix built-in mic on Compaq Presario CQ60 Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 066/123] ALSA: hda - Dont access stereo amps for mono channel widgets Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 067/123] ALSA: hda - Set single_adc_amp flag for CS420x codecs Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 068/123] ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 069/123] ALSA: hda - Fix regression of HD-audio controller fallback modes Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 070/123] ALSA: hda - Treat stereo-to-mono mix properly Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 071/123] mtd: nand: pxa3xx: Fix PIO FIFO draining Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 072/123] bnx2x: Force fundamental reset for EEH recovery Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 073/123] net: fec: fix rcv is not last issue when do suspend/resume test Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 074/123] regulator: rk808: Set the enable time for LDOs Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 075/123] regulator: Only enable disabled regulators on resume Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 076/123] regulator: core: Fix enable GPIO reference counting Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 077/123] nilfs2: fix deadlock of segment constructor during recovery Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 078/123] mm: cma: fix CMA aligned offset calculation Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 080/123] drm/vmwgfx: Reorder device takedown somewhat Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 081/123] drm/vmwgfx: Fix a couple of lock dependency violations Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 083/123] drm/i915: add dev_to_i915 helper Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 085/123] drivers/rtc/rtc-s3c.c: add .needs_src_clk to s3c6410 RTC data Greg Kroah-Hartman
2015-03-24 15:46 ` Greg Kroah-Hartman [this message]
2015-03-24 15:46 ` [PATCH 3.19 087/123] x86/xen: correct bug in p2m list initialization Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 088/123] xen-pciback: limit guest control of command register Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 089/123] of: fix handling of / in options for of_find_node_by_path() Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 090/123] of: handle both / and : in path strings Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 091/123] gadgetfs: use-after-free in ->aio_read() Greg Kroah-Hartman
2015-03-24 17:30 ` Alexander Holler
2015-03-24 17:58 ` Greg Kroah-Hartman
2015-03-24 18:06 ` Alexander Holler
2015-03-25 8:33 ` Greg Kroah-Hartman
2015-03-25 9:23 ` Alexander Holler
2015-03-25 10:15 ` Greg Kroah-Hartman
2015-03-25 10:58 ` Alexander Holler
2015-03-25 11:08 ` Greg Kroah-Hartman
2015-03-25 11:15 ` Alexander Holler
2015-03-26 10:22 ` Alexander Holler
2015-03-24 15:46 ` [PATCH 3.19 092/123] libsas: Fix Kernel Crash in smp_execute_task Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 093/123] PCI: Dont read past the end of sysfs "driver_override" buffer Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 094/123] irqchip: armada-370-xp: Fix chained per-cpu interrupts Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 095/123] pagemap: do not leak physical addresses to non-privileged userspace Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 096/123] crypto: arm/aes update NEON AES module to latest OpenSSL version Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 097/123] crypto: aesni - fix memory usage in GCM decryption Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 098/123] x86/fpu: Avoid math_state_restore() without used_math() in __restore_xstate_sig() Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 099/123] x86/fpu: Drop_fpu() should not assume that tsk equals current Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 100/123] kvm: move advertising of KVM_CAP_IRQFD to common code Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 101/123] x86/vdso: Fix the build on GCC5 Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 102/123] x86/asm/entry/32: Fix user_mode() misuses Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 103/123] x86/apic/numachip: Fix sibling map with NumaChip Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 104/123] powerpc/smp: Wait until secondaries are active & online Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 105/123] powerpc/iommu: Remove IOMMU device references via bus notifier Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 106/123] ipvs: add missing ip_vs_pe_put in sync code Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 107/123] ipvs: fix inability to remove a mixed-family RS Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 108/123] netfilter: nft_compat: fix module refcount underflow Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 109/123] netfilter: xt_socket: fix a stack corruption bug Greg Kroah-Hartman
2015-03-24 15:46 ` [PATCH 3.19 110/123] netfilter: nf_tables: fix transaction race condition Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 111/123] netfilter: nf_tables: fix addition/deletion of elements from commit/abort Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 112/123] ARM: imx6sl-evk: set swbst_reg as vbuss parent reg Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 114/123] ARM: EXYNOS: Dont use LDREX and STREX after disabling cache coherency Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 115/123] ARM: imx6qdl-sabresd: set swbst_reg as vbuss parent reg Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 116/123] ARM: at91: pm: fix at91rm9200 standby Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 117/123] ARM: dts: DRA7x: Fix the bypass clock source for dpll_iva and others Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 118/123] ARM: dts: am33xx-clocks: Fix ehrpwm tbclk data on am33xx Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 119/123] ARM: dts: am43xx-clocks: Fix ehrpwm tbclk data on am43xx Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 120/123] target: Fix reference leak in target_get_sess_cmd() error path Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 121/123] target: Fix virtual LUN=0 target_configure_device failure OOPs Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 122/123] iscsi-target: Avoid early conn_logout_comp for iser connections Greg Kroah-Hartman
2015-03-24 15:47 ` [PATCH 3.19 123/123] target/pscsi: Fix NULL pointer dereference in get_device_type Greg Kroah-Hartman
2015-03-25 2:36 ` [PATCH 3.19 000/123] 3.19.3-stable review Guenter Roeck
2015-03-25 8:32 ` Greg Kroah-Hartman
[not found] ` <20150324154429.061840411@linuxfoundation.org>
2015-03-25 6:55 ` [PATCH 3.19 113/123] b43: fix support for 5 GHz only BCM43228 model Kalle Valo
2015-03-25 8:17 ` Greg Kroah-Hartman
2015-03-25 8:33 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150324154427.900505276@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=david.vrabel@citrix.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).