• Thomas Gleixner's avatar
    cpu/hotplug: Reset node state after operation · 1f7c70d6
    Thomas Gleixner authored
    The recent rework of the cpu hotplug internals changed the usage of the per
    cpu state->node field, but missed to clean it up after usage.
    
    So subsequent hotplug operations use the stale pointer from a previous
    operation and hand it into the callback functions. The callbacks then
    dereference a pointer which either belongs to a different facility or
    points to freed and potentially reused memory. In either case data
    corruption and crashes are the obvious consequence.
    
    Reset the node and the last pointers in the per cpu state to NULL after the
    operation which set them has completed.
    
    Fixes: 96abb968 ("smp/hotplug: Allow external multi-instance rollback")
    Reported-by: default avatarTvrtko Ursulin <tursulin@ursulin.net>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
    Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1710211606130.3213@nanos
    1f7c70d6
cpu.c 48.1 KB