Re: [PATCH -mm] ehca: avoid crash on kthread_create() failure

Mon, 25 Dec 2006 01:36:53 -0800 

On Mon, Dec 25, 2006 at 10:55:51AM +0200, Muli Ben-Yehuda wrote:
> This is correct because cct is allocated via alloc_percpu, which in
> turn calls kzalloc, which means cct->task is NULL by default, but it's
> a little too obscure for me. How about making it explicit?
> 
> task = kthread_create(...)
> if (!IS_ERR(task))
>    cct->task = task;
> else
>   cct->task = NULL;
> 
> return cct->task;

Subject: [PATCH -mm] ehca: avoid crash on kthread_create() failure (v3)

This patch disallows invalid task_struct pointer returned by
kthread_create() to be written to percpu data to avoid crash.

Cc: Heiko Carstens <[EMAIL PROTECTED]>
Cc: Hoang-Nam Nguyen <[EMAIL PROTECTED]>
Cc: Christoph Raisch <[EMAIL PROTECTED]>
Signed-off-by: Akinobu Mita <[EMAIL PROTECTED]>

---
 drivers/infiniband/hw/ehca/ehca_irq.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

Index: 2.6-mm/drivers/infiniband/hw/ehca/ehca_irq.c
===================================================================
--- 2.6-mm.orig/drivers/infiniband/hw/ehca/ehca_irq.c
+++ 2.6-mm/drivers/infiniband/hw/ehca/ehca_irq.c
@@ -606,15 +606,20 @@ static int comp_task(void *__cct)
 static struct task_struct *create_comp_task(struct ehca_comp_pool *pool,
                                            int cpu)
 {
+       struct task_struct *task;
        struct ehca_cpu_comp_task *cct;
 
        cct = per_cpu_ptr(pool->cpu_comp_tasks, cpu);
        spin_lock_init(&cct->task_lock);
        INIT_LIST_HEAD(&cct->cq_list);
        init_waitqueue_head(&cct->wait_queue);
-       cct->task = kthread_create(comp_task, cct, "ehca_comp/%d", cpu);
+       task = kthread_create(comp_task, cct, "ehca_comp/%d", cpu);
+       if (!IS_ERR(task))
+               cct->task = task;
+       else
+               cct->task = NULL;
 
-       return cct->task;
+       return task;
 }
 
 static void destroy_comp_task(struct ehca_comp_pool *pool,
@@ -684,8 +689,10 @@ static int comp_pool_callback(struct not
        case CPU_UP_CANCELED:
                ehca_gen_dbg("CPU: %x (CPU_CANCELED)", cpu);
                cct = per_cpu_ptr(pool->cpu_comp_tasks, cpu);
-               kthread_bind(cct->task, any_online_cpu(cpu_online_map));
-               destroy_comp_task(pool, cpu);
+               if (cct->task) {
+                       kthread_bind(cct->task, any_online_cpu(cpu_online_map));
+                       destroy_comp_task(pool, cpu);
+               }
                break;
        case CPU_ONLINE:
                ehca_gen_dbg("CPU: %x (CPU_ONLINE)", cpu);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to