linux-hardened/drivers/char/ipmi
Jan Glauber 0711e8c1b4 ipmi: Fix timer race with module unload
Please note that below oops is from an older kernel, but the same
race seems to be present in the upstream kernel too.

---8<---

The following panic was encountered during removing the ipmi_ssif
module:

[ 526.352555] Unable to handle kernel paging request at virtual address ffff000006923090
[ 526.360464] Mem abort info:
[ 526.363257] ESR = 0x86000007
[ 526.366304] Exception class = IABT (current EL), IL = 32 bits
[ 526.372221] SET = 0, FnV = 0
[ 526.375269] EA = 0, S1PTW = 0
[ 526.378405] swapper pgtable: 4k pages, 48-bit VAs, pgd = 000000008ae60416
[ 526.385185] [ffff000006923090] *pgd=000000bffcffe803, *pud=000000bffcffd803, *pmd=0000009f4731a003, *pte=0000000000000000
[ 526.396141] Internal error: Oops: 86000007 [#1] SMP
[ 526.401008] Modules linked in: nls_iso8859_1 ipmi_devintf joydev input_leds ipmi_msghandler shpchp sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i2c_smbus hid_generic usbhid uas hid usb_storage ast aes_ce_blk i2c_algo_bit aes_ce_cipher qede ttm crc32_ce ptp crct10dif_ce drm_kms_helper ghash_ce syscopyarea sha2_ce sysfillrect sysimgblt pps_core fb_sys_fops sha256_arm64 sha1_ce mpt3sas qed drm raid_class ahci scsi_transport_sas libahci gpio_xlp i2c_xlp9xx aes_neon_bs aes_neon_blk crypto_simd cryptd aes_arm64 [last unloaded: ipmi_ssif]
[ 526.468085] CPU: 125 PID: 0 Comm: swapper/125 Not tainted 4.15.0-35-generic #38~lp1775396+build.1
[ 526.476942] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL022 08/14/2018
[ 526.484932] pstate: 00400009 (nzcv daif +PAN -UAO)
[ 526.489713] pc : 0xffff000006923090
[ 526.493198] lr : call_timer_fn+0x34/0x178
[ 526.497194] sp : ffff000009b0bdd0
[ 526.500496] x29: ffff000009b0bdd0 x28: 0000000000000082
[ 526.505796] x27: 0000000000000002 x26: ffff000009515188
[ 526.511096] x25: ffff000009515180 x24: ffff0000090f1018
[ 526.516396] x23: ffff000009519660 x22: dead000000000200
[ 526.521696] x21: ffff000006923090 x20: 0000000000000100
[ 526.526995] x19: ffff809eeb466a40 x18: 0000000000000000
[ 526.532295] x17: 000000000000000e x16: 0000000000000007
[ 526.537594] x15: 0000000000000000 x14: 071c71c71c71c71c
[ 526.542894] x13: 0000000000000000 x12: 0000000000000000
[ 526.548193] x11: 0000000000000001 x10: ffff000009b0be88
[ 526.553493] x9 : 0000000000000000 x8 : 0000000000000005
[ 526.558793] x7 : ffff80befc1f8528 x6 : 0000000000000020
[ 526.564092] x5 : 0000000000000040 x4 : 0000000020001b20
[ 526.569392] x3 : 0000000000000000 x2 : ffff809eeb466a40
[ 526.574692] x1 : ffff000006923090 x0 : ffff809eeb466a40
[ 526.579992] Process swapper/125 (pid: 0, stack limit = 0x000000002eb50acc)
[ 526.586854] Call trace:
[ 526.589289] 0xffff000006923090
[ 526.592419] expire_timers+0xc8/0x130
[ 526.596070] run_timer_softirq+0xec/0x1b0
[ 526.600070] __do_softirq+0x134/0x328
[ 526.603726] irq_exit+0xc8/0xe0
[ 526.606857] __handle_domain_irq+0x6c/0xc0
[ 526.610941] gic_handle_irq+0x84/0x188
[ 526.614679] el1_irq+0xe8/0x180
[ 526.617822] cpuidle_enter_state+0xa0/0x328
[ 526.621993] cpuidle_enter+0x34/0x48
[ 526.625564] call_cpuidle+0x44/0x70
[ 526.629040] do_idle+0x1b8/0x1f0
[ 526.632256] cpu_startup_entry+0x2c/0x30
[ 526.636174] secondary_start_kernel+0x11c/0x130
[ 526.640694] Code: bad PC value
[ 526.643800] ---[ end trace d020b0b8417c2498 ]---
[ 526.648404] Kernel panic - not syncing: Fatal exception in interrupt
[ 526.654778] SMP: stopping secondary CPUs
[ 526.658734] Kernel Offset: disabled
[ 526.662211] CPU features: 0x5800c38
[ 526.665688] Memory Limit: none
[ 526.668768] ---[ end Kernel panic - not syncing: Fatal exception in interrupt

Prevent mod_timer from arming a timer that was already removed by
del_timer during module unload.

Signed-off-by: Jan Glauber <jglauber@cavium.com>
Cc: <stable@vger.kernel.org> # 3.19
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2018-10-11 20:08:27 -05:00
..
bt-bmc.c ipmi: Add or fix SPDX-License-Identifier in all files 2018-02-27 07:42:51 -06:00
ipmi_bt_sm.c ipmi: Convert pr_xxx() to dev_xxx() in the BT code 2018-09-18 16:15:33 -05:00
ipmi_devintf.c ipmi: Convert printk(KERN_<level> to pr_<level>( 2018-09-18 16:15:33 -05:00
ipmi_dmi.c ipmi: Remove platform driver overrides and use the id_table 2018-09-18 16:15:33 -05:00
ipmi_dmi.h ipmi: Add or fix SPDX-License-Identifier in all files 2018-02-27 07:42:51 -06:00
ipmi_kcs_sm.c ipmi: Convert printk(KERN_<level> to pr_<level>( 2018-09-18 16:15:33 -05:00
ipmi_msghandler.c ipmi: fix return value of ipmi_set_my_LUN 2018-09-18 16:15:33 -05:00
ipmi_powernv.c ipmi:powernv: Convert ipmi_smi_t to struct ipmi_smi 2018-09-18 16:15:33 -05:00
ipmi_poweroff.c ipmi: Use more common logging styles 2018-09-18 16:15:33 -05:00
ipmi_si.h ipmi: Add or fix SPDX-License-Identifier in all files 2018-02-27 07:42:51 -06:00
ipmi_si_hardcode.c ipmi: Use more common logging styles 2018-09-18 16:15:33 -05:00
ipmi_si_hotmod.c ipmi: Use more common logging styles 2018-09-18 16:15:33 -05:00
ipmi_si_intf.c ipmi: Change to ktime_get_ts64() 2018-09-18 16:15:33 -05:00
ipmi_si_mem_io.c ipmi_si: fix potential integer overflow on large shift 2018-09-18 16:15:33 -05:00
ipmi_si_parisc.c ipmi: Add or fix SPDX-License-Identifier in all files 2018-02-27 07:42:51 -06:00
ipmi_si_pci.c ipmi_si_pci: fix NULL device in ipmi_si error message 2018-09-18 16:15:33 -05:00
ipmi_si_platform.c ipmi: Remove platform driver overrides and use the id_table 2018-09-18 16:15:33 -05:00
ipmi_si_port_io.c ipmi: Add or fix SPDX-License-Identifier in all files 2018-02-27 07:42:51 -06:00
ipmi_si_sm.h ipmi: Add or fix SPDX-License-Identifier in all files 2018-02-27 07:42:51 -06:00
ipmi_smic_sm.c ipmi: Convert printk(KERN_<level> to pr_<level>( 2018-09-18 16:15:33 -05:00
ipmi_ssif.c ipmi: Fix timer race with module unload 2018-10-11 20:08:27 -05:00
ipmi_watchdog.c ipmi: Use more common logging styles 2018-09-18 16:15:33 -05:00
Kconfig ipmi: Remove the proc interface 2018-05-09 12:21:46 -05:00
kcs_bmc.c ipmi: kcs_bmc: don't change device name 2018-08-30 14:55:18 -05:00
kcs_bmc.h ipmi: kcs_bmc: coding-style fixes and use new poll type 2018-02-26 09:49:21 -06:00
kcs_bmc_aspeed.c ipmi: kcs_bmc: coding-style fixes and use new poll type 2018-02-26 09:49:21 -06:00
kcs_bmc_npcm7xx.c ipmi: NPCM7xx KCS BMC: enable interrupt to the host 2018-05-23 08:29:23 -05:00
Makefile ipmi: add an NPCM7xx KCS BMC driver 2018-04-18 10:23:12 -05:00