> asmlinkage void smp_call_function_interrupt(void)
> {
> void (*func) (void *info) = call_data->func;
> void *info = call_data->info;
> int wait = call_data->wait;
>
> ack_APIC_irq();
> /*
> * Notify initiating CPU that I've grabbed the data and am
> * about to execute the function
> */
> mb();
> atomic_inc(&call_data->started);
> /*
> * At this point the info structure may be out of scope unless
> wait==1
> */
> irq_enter();
> (*func)(info); <--- passed bogus data
>
> Looks like you jumped through a bogus function pointer. I'm guessing it
> has something to do with an unitialized IRQ vector for the CPU speed on
> one of the cores (simply because it seems somewhat plausible):
What should a "IRQ vector for the CPU speed" be?
>
> extern u8 irq_vector[NR_IRQ_VECTORS];
> #define IO_APIC_VECTOR(irq) (irq_vector[irq])
> #define AUTO_ASSIGN -1
>
> So irq_vector[AUTO_ASSIGN] = 0xff which could have somehow made it into
> your function pointer.
Yes, but it is hard to see how that should happen short of massive
memory corruption. call_data is a global variable even.
However after a MCE things can be a bit instable. Maybe it would
be best to use a streamlined panic in this case that doesn't touch
the other CPUs.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
