git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From 3eae49ca8954f958b2001ab5643ef302cb7b67c7 Mon Sep 17 00:00:00 2001
   2 From: cpw <cpw@sgi.com>
   3 Date: Tue, 3 Dec 2013 17:15:30 -0600
   4 Subject: x86/UV: Fix NULL pointer dereference in uv_flush_tlb_others() if the 'nobau' boot option is used
   5
   6 From: cpw <cpw@sgi.com>
   7
   8 commit 3eae49ca8954f958b2001ab5643ef302cb7b67c7 upstream.
   9
  10 The SGI UV tlb shootdown code panics the system with a NULL
  11 pointer deference if 'nobau' is specified on the boot
  12 commandline.
  13
  14 uv_flush_tlb_other() gets called for every flush, whether the
  15 BAU is disabled or not.  It should not be keeping the s_enters
  16 statistic while the BAU is disabled.
  17
  18 The panic occurs because during initialization
  19 init_per_cpu_tunables() does not set the bcp->statp pointer if
  20 'nobau' was specified.
  21
  22 Signed-off-by: Cliff Wickman <cpw@sgi.com>
  23 Link: http://lkml.kernel.org/r/E1VnzBi-0005yF-MU@eag09.americas.sgi.com
  24 Signed-off-by: Ingo Molnar <mingo@kernel.org>
  25 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  26
  27 ---
  28  arch/x86/platform/uv/tlb_uv.c |    5 +++--
  29  1 file changed, 3 insertions(+), 2 deletions(-)
  30
  31 --- a/arch/x86/platform/uv/tlb_uv.c
  32 +++ b/arch/x86/platform/uv/tlb_uv.c
  33 @@ -1070,12 +1070,13 @@ const struct cpumask *uv_flush_tlb_other
  34         unsigned long status;
  35
  36         bcp = &per_cpu(bau_control, cpu);
  37 -       stat = bcp->statp;
  38 -       stat->s_enters++;
  39
  40         if (bcp->nobau)
  41                 return cpumask;
  42
  43 +       stat = bcp->statp;
  44 +       stat->s_enters++;
  45 +
  46         if (bcp->busy) {
  47                 descriptor_status =
  48                         read_lmmr(UVH_LB_BAU_SB_ACTIVATION_STATUS_0);