korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-27 00:04:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
bd85f4b37d
linux/drivers/char
History
Xie XiuQi bd85f4b37d ipmi: fix crash on reading version from proc after unregisted bmc 
I meet a crash, which could be reproduce:
1) while true; do cat /proc/ipmi/0/version; done
2) modprobe -rv ipmi_si ipmi_msghandler ipmi_devintf

[82761.021137] IPMI BT: req2rsp=5 secs retries=2
[82761.034524] ipmi device interface
[82761.222218] ipmi_si ipmi_si.0: Found new BMC (man_id: 0x0007db, prod_id: 0x0001, dev_id: 0x01)
[82761.222230] ipmi_si ipmi_si.0: IPMI bt interface initialized
[82903.922740] BUG: unable to handle kernel NULL pointer dereference at 00000000000002d4
[82903.930952] IP: [<ffffffffa030d9e8>] smi_version_proc_show+0x18/0x40 [ipmi_msghandler]
[82903.939220] PGD 86693a067 PUD 865304067 PMD 0
[82903.943893] Thread overran stack, or stack corrupted
[82903.949034] Oops: 0000 [#1] SMP
[82903.983091] Modules linked in: ipmi_si(-) ipmi_msghandler binfmt_misc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter
...
[82904.057285]  pps_core scsi_transport_sas dm_mod vfio_iommu_type1 vfio xt_sctp nf_conntrack_proto_sctp nf_nat_proto_sctp
                nf_nat nf_conntrack sctp libcrc32c [last unloaded: ipmi_devintf]
[82904.073169] CPU: 37 PID: 28089 Comm: cat Tainted: GF          O   ---- -------   3.10.0-327.28.3.el7.x86_64 #1
[82904.083373] Hardware name: Huawei RH2288H V3/BC11HGSA0, BIOS 3.22 05/16/2016
[82904.090592] task: ffff880101cc2e00 ti: ffff880369c54000 task.ti: ffff880369c54000
[82904.098414] RIP: 0010:[<ffffffffa030d9e8>]  [<ffffffffa030d9e8>] smi_version_proc_show+0x18/0x40 [ipmi_msghandler]
[82904.109124] RSP: 0018:ffff880369c57e70  EFLAGS: 00010203
[82904.114608] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000024688470
[82904.121912] RDX: fffffffffffffff4 RSI: ffffffffa0313404 RDI: ffff8808670ce200
[82904.129218] RBP: ffff880369c57e70 R08: 0000000000019720 R09: ffffffff81204a27
[82904.136521] R10: ffff88046f803300 R11: 0000000000000246 R12: ffff880662399700
[82904.143828] R13: 0000000000000001 R14: ffff880369c57f48 R15: ffff8808670ce200
[82904.151128] FS:  00007fb70c9ca740(0000) GS:ffff88086e340000(0000) knlGS:0000000000000000
[82904.159557] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[82904.165473] CR2: 00000000000002d4 CR3: 0000000864c0c000 CR4: 00000000003407e0
[82904.172778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[82904.180084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[82904.187385] Stack:
[82904.189573]  ffff880369c57ee0 ffffffff81204f1a 00000000122a2427 0000000001426000
[82904.197392]  ffff8808670ce238 0000000000010000 0000000000000000 0000000000000fff
[82904.205198]  00000000122a2427 ffff880862079600 0000000001426000 ffff880369c57f48
[82904.212962] Call Trace:
[82904.219667]  [<ffffffff81204f1a>] seq_read+0xfa/0x3a0
[82904.224893]  [<ffffffff8124ce2d>] proc_reg_read+0x3d/0x80
[82904.230468]  [<ffffffff811e102c>] vfs_read+0x9c/0x170
[82904.235689]  [<ffffffff811e1b7f>] SyS_read+0x7f/0xe0
[82904.240816]  [<ffffffff81649209>] system_call_fastpath+0x16/0x1b
[82904.246991] Code: 30 a0 e8 0c 6f ef e0 5b 5d c3 66 0f 1f 84 00 00 00 00 00 0f 1f
               44 00 00 48 8b 47 78 55 48 c7 c6 04 34 31 a0 48 89 e5 48 8b 40 50 <0f>
	       b6 90 d4 02 00 00 31 c0 89 d1 83 e2 0f c0 e9 04 0f b6 c9 e8
[82904.267710] RIP  [<ffffffffa030d9e8>] smi_version_proc_show+0x18/0x40 [ipmi_msghandler]
[82904.276079]  RSP <ffff880369c57e70>
[82904.279734] CR2: 00000000000002d4
[82904.283731] ---[ end trace a69e4328b49dd7c4 ]---
[82904.328118] Kernel panic - not syncing: Fatal exception

Reading versin from /proc need bmc device struct available. So in this patch
we move add/remove_proc_entries between ipmi_bmc_register and ipmi_bmc_unregister.

Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2016-10-03 09:09:47 -05:00
..
agp drm/i915: Add support for mapping an object page by page 2016-06-13 10:03:54 +01:00
hw_random hwrng: mxc-rnga - Fix Kconfig dependency 2016-08-24 20:51:18 +08:00
ipmi ipmi: fix crash on reading version from proc after unregisted bmc 2016-10-03 09:09:47 -05:00
mwave drivers/char: delete non-required instances of include <linux/init.h> 2014-02-07 15:10:19 -08:00
pcmcia TTY and Serial driver update for 4.7-rc1 2016-05-20 20:57:27 -07:00
tpm tpm: invalid self test error message 2016-09-03 08:27:37 +10:00
xilinx_hwicap char:xilinx_hwicap:buffer_icap - change 1/0 to true/false for bool type variable in function buffer_icap_set_configuration(). 2015-06-12 16:58:33 -07:00
xillybus char: xillybus: use devm_add_action_or_reset 2016-04-30 14:04:45 -07:00
apm-emulation.c apm-emulation: add hibernation APM events to support suspend2disk 2014-01-07 13:50:28 +01:00
applicom.c applicom: dereferencing NULL on error path 2014-05-27 17:43:12 -07:00
applicom.h
bfin-otp.c
bsr.c bsr: avoid format string leaking into device name 2014-07-09 16:59:15 -07:00
ds1302.c
ds1620.c
dsp56k.c dsp56k: prevent a harmless underflow 2016-07-14 16:21:53 +09:00
dtlk.c
efirtc.c drivers/char: make efirtc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
generic_nvram.c don't open-code generic_file_llseek_size() 2015-12-09 13:00:45 -05:00
hangcheck-timer.c hangcheck-timer: cleanup casting in hangcheck_init() 2014-11-07 11:24:01 -08:00
hpet.c hpet: Drop stale URLs 2016-02-17 09:39:56 +01:00
Kconfig RTC for 4.8 2016-08-05 09:48:22 -04:00
lp.c char: Int overflow in lp_do_ioctl(). 2013-12-18 16:39:54 -08:00
Makefile RTC for 4.8 2016-08-05 09:48:22 -04:00
mbcs.c don't open-code generic_file_llseek_size() 2015-12-09 13:00:45 -05:00
mbcs.h
mem.c shmem: get_unmapped_area align huge page 2016-07-26 16:19:19 -07:00
misc.c char: make misc_deregister a void function 2015-08-05 10:35:49 -07:00
mmtimer.c
mspec.c tree wide: use kvfree() than conditional kfree()/vfree() 2016-01-22 17:02:18 -08:00
nsc_gpio.c
nvram.c char/nvram: set array of const as const 2016-02-08 14:57:30 -08:00
nwbutton.c char: nwbutton: avoid unused variable warning 2016-02-09 17:39:56 -08:00
nwbutton.h
nwflash.c new helpers: no_seek_end_llseek{,_size}() 2015-12-23 10:41:31 -05:00
pc8736x_gpio.c
powernv-op-panel.c powerpc/powernv: Add driver for operator panel on FSP machines 2016-06-29 17:33:46 +10:00
ppdev.c Revert "ppdev: use new parport device model" 2016-03-25 09:02:13 -07:00
ps3flash.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
random.c random: Fix crashes with sparse node ids 2016-07-30 21:00:06 -07:00
raw.c drivers: char: raw: Removed unnecessary braces 2016-02-08 14:57:30 -08:00
rtc.c various char drivers: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
scx200_gpio.c
snsc_event.c various char drivers: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
snsc.c drivers/char: make SGI snsc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
snsc.h
sonypi.c char: drop owner assignment from platform_drivers 2014-10-20 16:20:19 +02:00
tb0219.c char: drop owner assignment from platform_drivers 2014-10-20 16:20:19 +02:00
tile-srom.c fs: move struct kiocb to fs.h 2015-03-25 20:28:11 -04:00
tlclk.c tlclk: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
toshiba.c toshiba laptop: replace ioremap_cache with ioremap 2015-08-05 17:26:00 -07:00
ttyprintk.c char: constify tty_port_operations structs 2016-02-06 23:31:08 -08:00
uv_mmtimer.c
virtio_console.c virtio_console: Stop doing DMA on the stack 2016-09-09 21:12:45 +03:00