Re: [PATCH net,v2] net: mana: Fix accessing freed irq affinity_hint
From: Leon Romanovsky
Date: Thu Feb 02 2023 - 03:25:31 EST
On Wed, Feb 01, 2023 at 01:46:53PM -0800, Haiyang Zhang wrote:
> After calling irq_set_affinity_and_hint(), the cpumask pointer is
> saved in desc->affinity_hint, and will be used later when reading
> /proc/irq/<num>/affinity_hint. So the cpumask variable needs to be
> persistent. Otherwise, we are accessing freed memory when reading
> the affinity_hint file.
>
> Also, need to clear affinity_hint before free_irq(), otherwise there
> is a one-time warning and stack trace during module unloading:
>
> [ 243.948687] WARNING: CPU: 10 PID: 1589 at kernel/irq/manage.c:1913 free_irq+0x318/0x360
> ...
> [ 243.948753] Call Trace:
> [ 243.948754] <TASK>
> [ 243.948760] mana_gd_remove_irqs+0x78/0xc0 [mana]
> [ 243.948767] mana_gd_remove+0x3e/0x80 [mana]
> [ 243.948773] pci_device_remove+0x3d/0xb0
> [ 243.948778] device_remove+0x46/0x70
> [ 243.948782] device_release_driver_internal+0x1fe/0x280
> [ 243.948785] driver_detach+0x4e/0xa0
> [ 243.948787] bus_remove_driver+0x70/0xf0
> [ 243.948789] driver_unregister+0x35/0x60
> [ 243.948792] pci_unregister_driver+0x44/0x90
> [ 243.948794] mana_driver_exit+0x14/0x3fe [mana]
> [ 243.948800] __do_sys_delete_module.constprop.0+0x185/0x2f0
>
> To fix the bug, use the persistent mask, cpumask_of(cpu#), and set
> affinity_hint to NULL before freeing the IRQ, as required by free_irq().
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 71fa6887eeca ("net: mana: Assign interrupts to CPUs based on NUMA nodes")
> Signed-off-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
> ---
> .../net/ethernet/microsoft/mana/gdma_main.c | 35 ++++++-------------
> 1 file changed, 10 insertions(+), 25 deletions(-)
>
Thanks,
Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxx>