linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Vaibhav Jain <vaibhav@linux.vnet.ibm.com>,
	Andrew Donnellan <andrew.donnellan@au1.ibm.com>,
	Frederic Barrat <fbarrat@linux.vnet.ibm.com>,
	Michael Ellerman <mpe@ellerman.id.au>
Subject: [PATCH 4.9 084/119] cxl: Avoid double free_irq() for psl,slice interrupts
Date: Mon, 12 Jun 2017 17:25:46 +0200	[thread overview]
Message-ID: <20170612152602.739522925@linuxfoundation.org> (raw)
In-Reply-To: <20170612152556.601664278@linuxfoundation.org>

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>

commit b3aa20ba2ba8072b73bd799605b8c98927b7056c upstream.

During an eeh call to cxl_remove can result in double free_irq of
psl,slice interrupts. This can happen if perst_reloads_same_image == 1
and call to cxl_configure_adapter() fails during slot_reset
callback. In such a case we see a kernel oops with following back-trace:

Oops: Kernel access of bad area, sig: 11 [#1]
Call Trace:
  free_irq+0x88/0xd0 (unreliable)
  cxl_unmap_irq+0x20/0x40 [cxl]
  cxl_native_release_psl_irq+0x78/0xd8 [cxl]
  pci_deconfigure_afu+0xac/0x110 [cxl]
  cxl_remove+0x104/0x210 [cxl]
  pci_device_remove+0x6c/0x110
  device_release_driver_internal+0x204/0x2e0
  pci_stop_bus_device+0xa0/0xd0
  pci_stop_and_remove_bus_device+0x28/0x40
  pci_hp_remove_devices+0xb0/0x150
  pci_hp_remove_devices+0x68/0x150
  eeh_handle_normal_event+0x140/0x580
  eeh_handle_event+0x174/0x360
  eeh_event_handler+0x1e8/0x1f0

This patch fixes the issue of double free_irq by checking that
variables that hold the virqs (err_hwirq, serr_hwirq, psl_virq) are
not '0' before un-mapping and resetting these variables to '0' when
they are un-mapped.

Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/misc/cxl/native.c |   14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

--- a/drivers/misc/cxl/native.c
+++ b/drivers/misc/cxl/native.c
@@ -1066,13 +1066,16 @@ int cxl_native_register_psl_err_irq(stru
 
 void cxl_native_release_psl_err_irq(struct cxl *adapter)
 {
-	if (adapter->native->err_virq != irq_find_mapping(NULL, adapter->native->err_hwirq))
+	if (adapter->native->err_virq == 0 ||
+	    adapter->native->err_virq !=
+	    irq_find_mapping(NULL, adapter->native->err_hwirq))
 		return;
 
 	cxl_p1_write(adapter, CXL_PSL_ErrIVTE, 0x0000000000000000);
 	cxl_unmap_irq(adapter->native->err_virq, adapter);
 	cxl_ops->release_one_irq(adapter, adapter->native->err_hwirq);
 	kfree(adapter->irq_name);
+	adapter->native->err_virq = 0;
 }
 
 int cxl_native_register_serr_irq(struct cxl_afu *afu)
@@ -1102,13 +1105,15 @@ int cxl_native_register_serr_irq(struct
 
 void cxl_native_release_serr_irq(struct cxl_afu *afu)
 {
-	if (afu->serr_virq != irq_find_mapping(NULL, afu->serr_hwirq))
+	if (afu->serr_virq == 0 ||
+	    afu->serr_virq != irq_find_mapping(NULL, afu->serr_hwirq))
 		return;
 
 	cxl_p1n_write(afu, CXL_PSL_SERR_An, 0x0000000000000000);
 	cxl_unmap_irq(afu->serr_virq, afu);
 	cxl_ops->release_one_irq(afu->adapter, afu->serr_hwirq);
 	kfree(afu->err_irq_name);
+	afu->serr_virq = 0;
 }
 
 int cxl_native_register_psl_irq(struct cxl_afu *afu)
@@ -1131,12 +1136,15 @@ int cxl_native_register_psl_irq(struct c
 
 void cxl_native_release_psl_irq(struct cxl_afu *afu)
 {
-	if (afu->native->psl_virq != irq_find_mapping(NULL, afu->native->psl_hwirq))
+	if (afu->native->psl_virq == 0 ||
+	    afu->native->psl_virq !=
+	    irq_find_mapping(NULL, afu->native->psl_hwirq))
 		return;
 
 	cxl_unmap_irq(afu->native->psl_virq, afu);
 	cxl_ops->release_one_irq(afu->adapter, afu->native->psl_hwirq);
 	kfree(afu->psl_irq_name);
+	afu->native->psl_virq = 0;
 }
 
 static void recover_psl_err(struct cxl_afu *afu, u64 errstat)

  parent reply	other threads:[~2017-06-12 15:37 UTC|newest]

Thread overview: 116+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-12 15:24 [PATCH 4.9 000/119] 4.9.32-stable review Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 001/119] bnx2x: Fix Multi-Cos Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 002/119] vxlan: eliminate cached dst leak Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 003/119] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 004/119] cxgb4: avoid enabling napi twice to the same queue Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 005/119] tcp: disallow cwnd undo when switching congestion control Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 006/119] vxlan: fix use-after-free on deletion Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 007/119] ipv6: Fix leak in ipv6_gso_segment() Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 008/119] net: ping: do not abuse udp_poll() Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 009/119] net/ipv6: Fix CALIPSO causing GPF with datagram support Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 010/119] net: ethoc: enable NAPI before poll may be scheduled Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 011/119] net: stmmac: fix completely hung TX when using TSO Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 012/119] net: bridge: start hello timer only if device is up Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 013/119] sparc64: Add __multi3 for gcc 7.x and later Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 014/119] sparc64: mm: fix copy_tsb to correctly copy huge page TSBs Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 015/119] sparc: Machine description indices can vary Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 016/119] sparc64: reset mm cpumask after wrap Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 017/119] sparc64: combine activate_mm and switch_mm Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 018/119] sparc64: redefine first version Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 019/119] sparc64: add per-cpu mm of secondary contexts Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 020/119] sparc64: new context wrap Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 021/119] sparc64: delete old wrap code Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 022/119] arch/sparc: support NR_CPUS = 4096 Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 023/119] serial: ifx6x60: fix use-after-free on module unload Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 024/119] ptrace: Properly initialize ptracer_cred on fork Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 025/119] crypto: asymmetric_keys - handle EBUSY due to backlog correctly Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 026/119] KEYS: fix dereferencing NULL payload with nonzero length Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 027/119] KEYS: fix freeing uninitialized memory in key_update() Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 028/119] KEYS: encrypted: avoid encrypting/decrypting stack buffers Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 029/119] crypto: drbg - wait for crypto op not signal safe Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 030/119] crypto: gcm " Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 032/119] nfsd4: fix null dereference on replay Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 033/119] nfsd: Fix up the "supattr_exclcreat" attributes Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 034/119] efi: Dont issue error message when booted under Xen Greg Kroah-Hartman
2017-06-12 15:24 ` [PATCH 4.9 037/119] arm64: KVM: Preserve RES1 bits in SCTLR_EL2 Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 038/119] arm64: KVM: Allow unaligned accesses at EL2 Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 039/119] arm: KVM: Allow unaligned accesses at HYP Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 041/119] KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 042/119] KVM: arm/arm64: vgic-v2: " Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 043/119] dmaengine: usb-dmac: Fix DMAOR AE bit definition Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 044/119] dmaengine: ep93xx: Always start from BASE0 Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 045/119] dmaengine: ep93xx: Dont drain the transfers in terminate_all() Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 046/119] dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 047/119] dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 048/119] dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 049/119] dmaengine: mv_xor_v2: enable XOR engine after its configuration Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 050/119] dmaengine: mv_xor_v2: fix tx_submit() implementation Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 051/119] dmaengine: mv_xor_v2: remove interrupt coalescing Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 052/119] dmaengine: mv_xor_v2: set DMA mask to 40 bits Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 053/119] cfq-iosched: fix the delay of cfq_groups vdisktime under iops mode Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 054/119] xen/privcmd: Support correctly 64KB page granularity when mapping memory Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 055/119] ext4: fix SEEK_HOLE Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 056/119] ext4: keep existing extra fields when inode expands Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 057/119] ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 058/119] ext4: fix fdatasync(2) after extent manipulation operations Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 060/119] usb: gadget: f_mass_storage: Serialize wake and sleep execution Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 061/119] usb: chipidea: udc: fix NULL pointer dereference if udc_start failed Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 062/119] usb: chipidea: debug: check before accessing ci_role Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 063/119] staging/lustre/lov: remove set_fs() call from lov_getstripe() Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 064/119] iio: adc: bcm_iproc_adc: swap primary and secondary isr handlers Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 065/119] iio: light: ltr501 Fix interchanged als/ps register field Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 066/119] iio: proximity: as3935: fix AS3935_INT mask Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 067/119] iio: proximity: as3935: fix iio_trigger_poll issue Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 068/119] mei: make sysfs modalias format similar as uevent modalias Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 069/119] cpufreq: cpufreq_register_driver() should return -ENODEV if init fails Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 070/119] target: Re-add check to reject control WRITEs with overflow data Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 071/119] drm/msm: Expose our reservation object when exporting a dmabuf Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 072/119] ahci: Acer SA5-271 SSD Not Detected Fix Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 073/119] cgroup: Prevent kill_css() from being called more than once Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 074/119] Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 075/119] cpuset: consider dying css as offline Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 076/119] fs: add i_blocksize() Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 077/119] ufs: restore proper tail allocation Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 078/119] fix ufs_isblockset() Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 079/119] ufs: restore maintaining ->i_blocks Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 080/119] ufs: set correct ->s_maxsize Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 081/119] ufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments() Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 082/119] ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 083/119] cxl: Fix error path on bad ioctl Greg Kroah-Hartman
2017-06-12 15:25 ` Greg Kroah-Hartman [this message]
2017-06-12 15:25 ` [PATCH 4.9 085/119] btrfs: use correct types for page indices in btrfs_page_exists_in_range Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 086/119] btrfs: fix memory leak in update_space_info failure path Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 087/119] KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 088/119] scsi: qla2xxx: dont disable a not previously enabled PCI device Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 089/119] scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to debug customer issues Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 090/119] scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 091/119] scsi: qla2xxx: Fix mailbox pointer error in fwdump capture Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 092/119] powerpc/sysdev/simple_gpio: Fix oops in gpio save_regs function Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 093/119] powerpc/numa: Fix percpu allocations to be NUMA aware Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 094/119] powerpc/hotplug-mem: Fix missing endian conversion of aa_index Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 095/119] powerpc/kernel: Fix FP and vector register restoration Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 096/119] powerpc/kernel: Initialize load_tm on task creation Greg Kroah-Hartman
2017-06-12 15:25 ` [PATCH 4.9 097/119] perf/core: Drop kernel samples even though :u is specified Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 098/119] drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 099/119] drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 100/119] drm/vmwgfx: Make sure backup_handle is always valid Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 101/119] drm/nouveau/tmr: fully separate alarm execution/pending lists Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 102/119] ALSA: timer: Fix race between read and ioctl Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 103/119] ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 104/119] ASoC: Fix use-after-free at card unregistration Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 105/119] cpu/hotplug: Drop the device lock on error Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 106/119] drivers: char: mem: Fix wraparound check to allow mappings up to the end Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 107/119] serial: sh-sci: Fix panic when serial console and DMA are enabled Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 108/119] arm64: traps: fix userspace cache maintenance emulation on a tagged pointer Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 109/119] arm64: hw_breakpoint: fix watchpoint matching for tagged pointers Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 110/119] arm64: entry: improve data abort handling of " Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 111/119] ARM: 8636/1: Cleanup sanity_check_meminfo Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 112/119] ARM: 8637/1: Adjust memory boundaries after reservations Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 113/119] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 114/119] usercopy: Adjust tests to deal with SMAP/PAN Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 117/119] cpufreq: schedutil: move cached_raw_freq to struct sugov_policy Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 118/119] cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 4.9 119/119] netfilter: nft_set_rbtree: handle element re-addition after deletion Greg Kroah-Hartman
2017-06-12 21:54 ` [PATCH 4.9 000/119] 4.9.32-stable review Guenter Roeck
2017-06-13  7:24   ` Greg Kroah-Hartman
2017-06-13  0:44 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170612152602.739522925@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=andrew.donnellan@au1.ibm.com \
    --cc=fbarrat@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpe@ellerman.id.au \
    --cc=stable@vger.kernel.org \
    --cc=vaibhav@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).