git://ftp.safe.ca / safe / jmp / linux-2.6 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e9c0748)
clockevents: Prevent clockevent_devices list corruption on cpu hotplug
authorThomas Gleixner <tglx@linutronix.de>
Thu, 10 Dec 2009 14:35:10 +0000 (15:35 +0100)
committerThomas Gleixner <tglx@linutronix.de>
Fri, 11 Dec 2009 09:28:08 +0000 (10:28 +0100)
Xiaotian Feng triggered a list corruption in the clock events list on
CPU hotplug and debugged the root cause.

If a CPU registers more than one per cpu clock event device, then only
the active clock event device is removed on CPU_DEAD. The unused
devices are kept in the clock events device list.

On CPU up the clock event devices are registered again, which means
that we list_add an already enqueued list_head. That results in list
corruption.

Resolve this by removing all devices which are associated to the dead
CPU on CPU_DEAD.

Reported-by: Xiaotian Feng <dfeng@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Xiaotian Feng <dfeng@redhat.com>
Cc: stable@kernel.org
kernel/time/clockevents.c patch | blob | history

diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c
index 20a8920..91db2e3 100644 (file)
--- a/kernel/time/clockevents.c
+++ b/kernel/time/clockevents.c
@@ -238,8 +238,9 @@ void clockevents_exchange_device(struct clock_event_device *old,
  */
 void clockevents_notify(unsigned long reason, void *arg)
 {
-       struct list_head *node, *tmp;
+       struct clock_event_device *dev, *tmp;
        unsigned long flags;
+       int cpu;
 
        spin_lock_irqsave(&clockevents_lock, flags);
        clockevents_do_notify(reason, arg);
@@ -250,8 +251,19 @@ void clockevents_notify(unsigned long reason, void *arg)
                 * Unregister the clock event devices which were
                 * released from the users in the notify chain.
                 */
-               list_for_each_safe(node, tmp, &clockevents_released)
-                       list_del(node);
+               list_for_each_entry_safe(dev, tmp, &clockevents_released, list)
+                       list_del(&dev->list);
+               /*
+                * Now check whether the CPU has left unused per cpu devices
+                */
+               cpu = *((int *)arg);
+               list_for_each_entry_safe(dev, tmp, &clockevent_devices, list) {
+                       if (cpumask_test_cpu(cpu, dev->cpumask) &&
+                           cpumask_weight(dev->cpumask) == 1) {
+                               BUG_ON(dev->mode != CLOCK_EVT_MODE_UNUSED);
+                               list_del(&dev->list);
+                       }
+               }
                break;
        default:
                break;
Full containers within linux kernel