From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57085C64EAD for ; Mon, 1 Oct 2018 00:40:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 136082064D for ; Mon, 1 Oct 2018 00:40:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=microsoft.com header.i=@microsoft.com header.b="GqyzOd8/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 136082064D Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=microsoft.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729783AbeJAHPn (ORCPT ); Mon, 1 Oct 2018 03:15:43 -0400 Received: from mail-by2nam03on0129.outbound.protection.outlook.com ([104.47.42.129]:45056 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729720AbeJAHPm (ORCPT ); Mon, 1 Oct 2018 03:15:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oHCJyi6zW4RGTB4Bbj+9Goy95foR9Mt8NduAxPpOl1o=; b=GqyzOd8/Q+hmShdIZXN4udenC4xkTxBdCVzr+Nko8X1fIWV4r1xM5vOmFst4xJLmw88uOQB5gfkH9nQGk1iAsxDDAoqLf6FqudsOag7UlkUOPM+T1UDO474z4NuUXGD6HAvdkWwsns7rQVGd/kzmV1fyDcn5nL4moquWnKr1gRI= Received: from CY4PR21MB0776.namprd21.prod.outlook.com (10.173.192.22) by CY4PR21MB0120.namprd21.prod.outlook.com (10.173.189.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.3; Mon, 1 Oct 2018 00:40:20 +0000 Received: from CY4PR21MB0776.namprd21.prod.outlook.com ([fe80::54e2:88e0:b622:b36]) by CY4PR21MB0776.namprd21.prod.outlook.com ([fe80::54e2:88e0:b622:b36%5]) with mapi id 15.20.1228.006; Mon, 1 Oct 2018 00:40:20 +0000 From: Sasha Levin To: "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: Olaf Hering , Boris Ostrovsky , Sasha Levin Subject: [PATCH AUTOSEL 4.14 36/37] xen: avoid crash in disable_hotplug_cpu Thread-Topic: [PATCH AUTOSEL 4.14 36/37] xen: avoid crash in disable_hotplug_cpu Thread-Index: AQHUWR8uFYZ6B92q+kqxShVxuJBpXg== Date: Mon, 1 Oct 2018 00:39:15 +0000 Message-ID: <20181001003850.147107-36-alexander.levin@microsoft.com> References: <20181001003850.147107-1-alexander.levin@microsoft.com> In-Reply-To: <20181001003850.147107-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;CY4PR21MB0120;6:jzc2UndktRKOs22gIcJCJBgUDheb9Jr8jIOiPSoTNFT6XdqecgPtPnlVNh6+iV8kAU8L9R9LsmZM8VbcbsNOPAOx2XjPn/mxtoENcp2+v2vm4/2gna96aXAteBKSDZqxBeDP8P/bdEQQNrxPp2Gh/bZrbKAYDZkUq8dz1J090WY1Adw/IeSPT/CSDC4Huoo3LDqfGQjQzWQQ05l05YDoy7Bz4axlUyLiMOBngqx3XTMX30KjLOZLKiyY7C56BAcHJMBfmwX+oyLSB5vFTgptkrzE17zJZGs+FaPH+WPByisqB9mEtAcRS/Hjyv8QKwl4hlVemaW3LlXXS3/YuaweRbHSSNIt5A1t2/wvkUOEcL/o/k6YI+beKHqojDOqzKaM7XR3dl5q04oH4Q2a/F6uRUfc+wBnhkvUWfKIKSeSr9bghmq0rMDr9+sbsR7Dx14UnmdTTQR1qnuKBsXFNwCynw==;5:caZqofHeWmoxspbw4P7vHnopeFkKUpq7VERJ4goE4XlY+Ku2S6pueh8rem5wlCKjawToGylOQa9Cg/jTmf33yynoaIgJbysYyoRr5NYaVmVMDt0072KDBp3lcZlIVCjmVCIv7d5DwDGw1X/I/wd18Jtm1HIMFbuG7hOYCOGuOGg=;7:QIzNk3aN22kFbQwse4NX6ZAhT2Wp0leBwtoGNamMWB+8Qp7b0Rey/6NA1iW5FsWdAPvSQrT/kx+UgCByBPGPSzNGX6QKvCt07YJjE6G1iNfoWpwVE3QkSKINPq/qahbBC31ThvA+JCDbzkImiCWPE4CK4+Mr/MdAq2fyX8huo20N1ZOaqhmL5MNfhmeHkE7fnbHQBI8ofi+/hhb6kUWxuDX7llnOodnxg9elb3maOf42YQcNdMlklifPYQhm0bGH x-ms-office365-filtering-correlation-id: c3b4624d-835e-45a0-3f3d-08d6273677b5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020);SRVR:CY4PR21MB0120; x-ms-traffictypediagnostic: CY4PR21MB0120: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(146099531331640)(28532068793085)(89211679590171); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(2018427008)(10201501046)(93006095)(93001095)(3002001)(6055026)(149066)(150057)(6041310)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(201708071742011)(7699051)(76991041);SRVR:CY4PR21MB0120;BCL:0;PCL:0;RULEID:;SRVR:CY4PR21MB0120; x-forefront-prvs: 0812095267 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(136003)(396003)(346002)(39860400002)(376002)(199004)(189003)(86362001)(8936002)(6436002)(99286004)(6512007)(305945005)(76176011)(2616005)(68736007)(53936002)(34290500001)(186003)(10090500001)(105586002)(106356001)(86612001)(6486002)(81156014)(81166006)(8676002)(71200400001)(36756003)(54906003)(5250100002)(2501003)(26005)(110136005)(97736004)(6346003)(6116002)(3846002)(1076002)(5660300001)(102836004)(71190400001)(107886003)(2906002)(486006)(6506007)(2900100001)(4326008)(6666003)(66066001)(446003)(11346002)(14454004)(7736002)(476003)(25786009)(14444005)(256004)(478600001)(72206003)(10290500003)(316002)(22452003)(217873002);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR21MB0120;H:CY4PR21MB0776.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-message-info: JnJLjiArZlwfsBPy4Htw11jLE+Ed50lRMTKJ/u/8T2AlDzgk0zHa2wSLYA49linj3+7iJ51KgYwNqKBKSnAtjeeGyQ96WmRLmSwp+007c9sV+C6hGXUB1olbdTBVi/Cw1Ut5gbWGzNPq1kl3n0J1fU/nu6aYhk8SzM3kF8wPoo50OSy5Em1l+vwqnM6oEUdwIjKAvL0ukOrtDcjQyj9laKnazWNQfKFq2TSV7W2EY3HbnsdjWybe7E+gugUIc482/go3k+zDR4Kdw4wDEdgGSL+PAvHIZ+DsTTLYR1KZN8LkM+UANquiut1aELAxdt7dh7KwOX5L4AN3tUaNtwwtmA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: c3b4624d-835e-45a0-3f3d-08d6273677b5 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2018 00:39:15.2215 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0120 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Olaf Hering [ Upstream commit 3366cdb6d350d95466ee430ac50f3c8415ca8f46 ] The command 'xl vcpu-set 0 0', issued in dom0, will crash dom0: BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 65 Comm: xenwatch Not tainted 4.19.0-rc2-1.ga9462db-default #1 = openSUSE Tumbleweed (unreleased) Hardware name: Intel Corporation S5520UR/S5520UR, BIOS S5500.86B.01.00.0050= .050620101605 05/06/2010 RIP: e030:device_offline+0x9/0xb0 Code: 77 24 00 e9 ce fe ff ff 48 8b 13 e9 68 ff ff ff 48 8b 13 e9 29 ff ff = ff 48 8b 13 e9 ea fe ff ff 90 66 66 66 66 90 41 54 55 53 87 d8 02 00 0= 0 01 0f 85 88 00 00 00 48 c7 c2 20 09 60 81 31 f6 RSP: e02b:ffffc90040f27e80 EFLAGS: 00010203 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff8801f3800000 RSI: ffffc90040f27e70 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff820e47b3 R09: 0000000000000000 R10: 0000000000007ff0 R11: 0000000000000000 R12: ffffffff822e6d30 R13: dead000000000200 R14: dead000000000100 R15: ffffffff8158b4e0 FS: 00007ffa595158c0(0000) GS:ffff8801f39c0000(0000) knlGS:000000000000000= 0 CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000002d8 CR3: 00000001d9602000 CR4: 0000000000002660 Call Trace: handle_vcpu_hotplug_event+0xb5/0xc0 xenwatch_thread+0x80/0x140 ? wait_woken+0x80/0x80 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x40/0x40 ret_from_fork+0x3a/0x50 This happens because handle_vcpu_hotplug_event is called twice. In the first iteration cpu_present is still true, in the second iteration cpu_present is false which causes get_cpu_device to return NULL. In case of cpu#0, cpu_online is apparently always true. Fix this crash by checking if the cpu can be hotplugged, which is false for a cpu that was just removed. Also check if the cpu was actually offlined by device_remove, otherwise leave the cpu_present state as it is. Rearrange to code to do all work with device_hotplug_lock held. Signed-off-by: Olaf Hering Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin --- drivers/xen/cpu_hotplug.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/xen/cpu_hotplug.c b/drivers/xen/cpu_hotplug.c index d4265c8ebb22..b1357aa4bc55 100644 --- a/drivers/xen/cpu_hotplug.c +++ b/drivers/xen/cpu_hotplug.c @@ -19,15 +19,16 @@ static void enable_hotplug_cpu(int cpu) =20 static void disable_hotplug_cpu(int cpu) { - if (cpu_online(cpu)) { - lock_device_hotplug(); + if (!cpu_is_hotpluggable(cpu)) + return; + lock_device_hotplug(); + if (cpu_online(cpu)) device_offline(get_cpu_device(cpu)); - unlock_device_hotplug(); - } - if (cpu_present(cpu)) + if (!cpu_online(cpu) && cpu_present(cpu)) { xen_arch_unregister_cpu(cpu); - - set_cpu_present(cpu, false); + set_cpu_present(cpu, false); + } + unlock_device_hotplug(); } =20 static int vcpu_online(unsigned int cpu) --=20 2.17.1