[tip:x86/timers] x86/tsc: Validate cpumask pointer before accessing it

tip-bot for Thomas Gleixner <tipbot@xxxxxxxxx> · Thu, 1 Dec 2016 05:46:15 -0800

Commit-ID:  31f8a651fc5784a9e6f482be5ef0dd111a535e88
Gitweb:     http://git.kernel.org/tip/31f8a651fc5784a9e6f482be5ef0dd111a535e88
Author:     Thomas Gleixner <tglx@xxxxxxxxxxxxx>
AuthorDate: Thu, 1 Dec 2016 13:26:58 +0100
Committer:  Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitDate: Thu, 1 Dec 2016 14:40:52 +0100

x86/tsc: Validate cpumask pointer before accessing it

0-day testing encountered a NULL pointer dereference in a cpumask access
from tsc_store_and_check_tsc_adjust().

This happens when the function is called on the boot CPU and the topology
masks are not yet available due to CPUMASK_OFFSTACK=y.

Add a NULL pointer check for the mask pointer. If NULL it's safe to assume
that the CPU is the boot CPU and the first one in the package.

Fixes: 8b223bc7abe0 ("x86/tsc: Store and check TSC ADJUST MSR")
Reported-by: kernel test robot <xiaolong.ye@xxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
 arch/x86/kernel/tsc_sync.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/tsc_sync.c b/arch/x86/kernel/tsc_sync.c
index 8fde44f..a75f696 100644
--- a/arch/x86/kernel/tsc_sync.c
+++ b/arch/x86/kernel/tsc_sync.c
@@ -84,6 +84,7 @@ bool tsc_store_and_check_tsc_adjust(void)
 {
 	struct tsc_adjust *ref, *cur = this_cpu_ptr(&tsc_adjust);
 	unsigned int refcpu, cpu = smp_processor_id();
+	struct cpumask *mask;
 	s64 bootval;
 
 	if (!boot_cpu_has(X86_FEATURE_TSC_ADJUST))
@@ -98,9 +99,11 @@ bool tsc_store_and_check_tsc_adjust(void)
 	 * Check whether this CPU is the first in a package to come up. In
 	 * this case do not check the boot value against another package
 	 * because the package might have been physically hotplugged, where
-	 * TSC_ADJUST is expected to be different.
+	 * TSC_ADJUST is expected to be different. When called on the boot
+	 * CPU topology_core_cpumask() might not be available yet.
 	 */
-	refcpu = cpumask_any_but(topology_core_cpumask(cpu), cpu);
+	mask = topology_core_cpumask(cpu);
+	refcpu = mask ? cpumask_any_but(mask, cpu) : nr_cpu_ids;
 
 	if (refcpu >= nr_cpu_ids) {
 		/*
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


