| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 May 2016 14:22:04 -0700
From: Munehisa Kamata <kamatam@...zon.com>
To: boris.ostrovsky@...cle.com, david.vrabel@...rix.com
Cc: Munehisa Kamata <kamatam@...zon.com>,
xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, Matt Wilson <msw@...zon.com>
Subject: [Xen-devel][PATCH] xen/events: don't migrate disabled IRQs
Commit ff1e22e7a638 ("xen/events: Mask a moving irq") introduced
a crash below. This can be triggered after being resumed from suspend
(e.g. live migration) if there are disabled IRQs with
IRQD_SETAFFINITY_PENDING set.
kernel BUG at kernel/irq/migration.c:31!
...
CPU: 0 PID: 9 Comm: migration/0 Tainted: G E 4.4.8 #1
Hardware name: Xen HVM domU, BIOS 4.2.amazon 04/04/2016
task: ffff880206200000 ti: ffff880206208000 task.ti: ffff880206208000
RIP: 0010:[<ffffffff810c13e9>] [<ffffffff810c13e9>] irq_move_masked_irq+0xd9/0xf0
RSP: 0018:ffff88020620bc88 EFLAGS: 00010046
...
Call Trace:
[<ffffffff81355877>] eoi_pirq+0xa7/0xd0
[<ffffffff81355a07>] __startup_pirq+0xd7/0x140
[<ffffffff81356f77>] xen_irq_resume+0x2c7/0x330
[<ffffffff81354a66>] xen_suspend+0x86/0x140
[<ffffffff810f9a83>] multi_cpu_stop+0xb3/0xe0
[<ffffffff810f99d0>] ? cpu_stop_queue_work+0x80/0x80
[<ffffffff810f9caa>] cpu_stopper_thread+0x7a/0x110
[<ffffffff81092292>] ? finish_task_switch+0x72/0x1d0
[<ffffffff810b2c51>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[<ffffffff8108d44f>] smpboot_thread_fn+0x10f/0x170
[<ffffffff8108d340>] ? sort_range+0x30/0x30
[<ffffffff8108a039>] kthread+0xc9/0xe0
[<ffffffff81089f70>] ? kthread_park+0x60/0x60
[<ffffffff814d700f>] ret_from_fork+0x3f/0x70
[<ffffffff81089f70>] ? kthread_park+0x60/0x60
The pending state may last until being suspended, because some IRQs may
show no activities after their affinity settings have been changed.
This change don't let ACK and EOI handlers of xen-pirq and xen-dyn chips
try to migrate disabled IRQs to avoid the BUG in that situation.
Fixes: ff1e22e7a638 ("xen/events: Mask a moving irq")
Reported-and-tested-by: Guilherme Wuensch Manika <gmanika@...zon.de>
To: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: David Vrabel <david.vrabel@...rix.com>
Cc: xen-devel@...ts.xenproject.org
Cc: linux-kernel@...r.kernel.org
Cc: stable@...r.kernel.org
Cc: Matt Wilson <msw@...zon.com>
Signed-off-by: Munehisa Kamata <kamatam@...zon.com>
---
drivers/xen/events/events_base.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index cb7138c..be8410f 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -487,7 +487,8 @@ static void eoi_pirq(struct irq_data *data)
if (!VALID_EVTCHN(evtchn))
return;
- if (unlikely(irqd_is_setaffinity_pending(data))) {
+ if (unlikely(irqd_is_setaffinity_pending(data) &&
+ !irqd_irq_disabled(data))) {
int masked = test_and_set_mask(evtchn);
clear_evtchn(evtchn);
@@ -1370,7 +1371,8 @@ static void ack_dynirq(struct irq_data *data)
if (!VALID_EVTCHN(evtchn))
return;
- if (unlikely(irqd_is_setaffinity_pending(data))) {
+ if (unlikely(irqd_is_setaffinity_pending(data) &&
+ !irqd_irq_disabled(data))) {
int masked = test_and_set_mask(evtchn);
clear_evtchn(evtchn);
--
2.7.4
Powered by blists - more mailing lists