Re: [discuss] [OOPS] powernow on smp dual core amd64

From: Andi Kleen
Date: Mon Jun 13 2005 - 19:05:53 EST


> asmlinkage void smp_call_function_interrupt(void)
> {
> void (*func) (void *info) = call_data->func;
> void *info = call_data->info;
> int wait = call_data->wait;
>
> ack_APIC_irq();
> /*
> * Notify initiating CPU that I've grabbed the data and am
> * about to execute the function
> */
> mb();
> atomic_inc(&call_data->started);
> /*
> * At this point the info structure may be out of scope unless
> wait==1
> */
> irq_enter();
> (*func)(info); <--- passed bogus data
>
> Looks like you jumped through a bogus function pointer. I'm guessing it
> has something to do with an unitialized IRQ vector for the CPU speed on
> one of the cores (simply because it seems somewhat plausible):

What should a "IRQ vector for the CPU speed" be?

>
> extern u8 irq_vector[NR_IRQ_VECTORS];
> #define IO_APIC_VECTOR(irq) (irq_vector[irq])
> #define AUTO_ASSIGN -1
>
> So irq_vector[AUTO_ASSIGN] = 0xff which could have somehow made it into
> your function pointer.


Yes, but it is hard to see how that should happen short of massive
memory corruption. call_data is a global variable even.

However after a MCE things can be a bit instable. Maybe it would
be best to use a streamlined panic in this case that doesn't touch
the other CPUs.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/