51 lines
1.9 KiB
Diff
51 lines
1.9 KiB
Diff
commit 94777fc51b3ad85ff9f705ddf7cdd0eb3bbad5a6
|
|
Author: Dimitri Sivanich <sivanich@sgi.com>
|
|
Date: Tue Oct 16 07:50:21 2012 -0500
|
|
|
|
x86/irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt
|
|
|
|
Posting this patch to fix an issue concerning sparse irq's that
|
|
I raised a while back. There was discussion about adding
|
|
refcounting to sparse irqs (to fix other potential race
|
|
conditions), but that does not appear to have been addressed
|
|
yet. This covers the only issue of this type that I've
|
|
encountered in this area.
|
|
|
|
A NULL pointer dereference can occur in
|
|
smp_irq_move_cleanup_interrupt() if we haven't yet setup the
|
|
irq_cfg pointer in the irq_desc.irq_data.chip_data.
|
|
|
|
In create_irq_nr() there is a window where we have set
|
|
vector_irq in __assign_irq_vector(), but not yet called
|
|
irq_set_chip_data() to set the irq_cfg pointer.
|
|
|
|
Should an IRQ_MOVE_CLEANUP_VECTOR hit the cpu in question during
|
|
this time, smp_irq_move_cleanup_interrupt() will attempt to
|
|
process the aforementioned irq, but panic when accessing
|
|
irq_cfg.
|
|
|
|
Only continue processing the irq if irq_cfg is non-NULL.
|
|
|
|
Signed-off-by: Dimitri Sivanich <sivanich@sgi.com>
|
|
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
|
|
Cc: Joerg Roedel <joerg.roedel@amd.com>
|
|
Cc: Yinghai Lu <yinghai@kernel.org>
|
|
Cc: Alexander Gordeev <agordeev@redhat.com>
|
|
Link: http://lkml.kernel.org/r/20121016125021.GA22935@sgi.com
|
|
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
|
|
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
|
|
index c265593..1817fa9 100644
|
|
--- a/arch/x86/kernel/apic/io_apic.c
|
|
+++ b/arch/x86/kernel/apic/io_apic.c
|
|
@@ -2257,6 +2257,9 @@ asmlinkage void smp_irq_move_cleanup_interrupt(void)
|
|
continue;
|
|
|
|
cfg = irq_cfg(irq);
|
|
+ if (!cfg)
|
|
+ continue;
|
|
+
|
|
raw_spin_lock(&desc->lock);
|
|
|
|
/*
|