Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756230AbbFPIRq (ORCPT ); Tue, 16 Jun 2015 04:17:46 -0400 Received: from terminus.zytor.com ([198.137.202.10]:54987 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753738AbbFPIR3 (ORCPT ); Tue, 16 Jun 2015 04:17:29 -0400 Date: Tue, 16 Jun 2015 01:16:43 -0700 From: tip-bot for Jiang Liu Message-ID: Cc: mingo@kernel.org, benh@kernel.crashing.org, linux-kernel@vger.kernel.org, hpa@zytor.com, bp@alien8.de, bhelgaas@google.com, tony.luck@intel.com, jiang.liu@linux.intel.com, yinghai@kernel.org, ying.huang@intel.com, tglx@linutronix.de, konrad.wilk@oracle.com, rdunlap@infradead.org Reply-To: ying.huang@intel.com, jiang.liu@linux.intel.com, yinghai@kernel.org, rdunlap@infradead.org, tglx@linutronix.de, konrad.wilk@oracle.com, linux-kernel@vger.kernel.org, benh@kernel.crashing.org, mingo@kernel.org, tony.luck@intel.com, bhelgaas@google.com, bp@alien8.de, hpa@zytor.com In-Reply-To: <1433145945-789-3-git-send-email-jiang.liu@linux.intel.com> References: <1433145945-789-3-git-send-email-jiang.liu@linux.intel.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/apic] genirq: Prevent crash in irq_move_irq() Git-Commit-ID: f6b1464f647424bbeb609ec832428e4079940701 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2603 Lines: 66 Commit-ID: f6b1464f647424bbeb609ec832428e4079940701 Gitweb: http://git.kernel.org/tip/f6b1464f647424bbeb609ec832428e4079940701 Author: Jiang Liu AuthorDate: Mon, 1 Jun 2015 16:05:11 +0800 Committer: Thomas Gleixner CommitDate: Tue, 16 Jun 2015 10:10:20 +0200 genirq: Prevent crash in irq_move_irq() The functions irq_move_irq() and irq_move_masked_irq() expect that the caller passes the top-level irq_data to them when hierarchical irqdomains are enabled. But that's not true when called from apic_ack_edge(), which results in a null pointer dereference by idata->chip->irq_mask(idata). Instead of fixing callers to passing top-level irq_data, we rather change irq_move_irq()/irq_move_masked_irq() to accept any irq_data. Fixes: 52f518a3a7c 'x86/MSI: Use hierarchical irqdomains to manage MSI interrupts' Reported-by: Huang Ying Signed-off-by: Jiang Liu Cc: Konrad Rzeszutek Wilk Cc: Tony Luck Cc: Bjorn Helgaas Cc: Benjamin Herrenschmidt Cc: Randy Dunlap Cc: Yinghai Lu Cc: Borislav Petkov Link: http://lkml.kernel.org/r/1433145945-789-3-git-send-email-jiang.liu@linux.intel.com Signed-off-by: Thomas Gleixner --- kernel/irq/migration.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kernel/irq/migration.c b/kernel/irq/migration.c index ca3f4aa..dd203e2 100644 --- a/kernel/irq/migration.c +++ b/kernel/irq/migration.c @@ -7,7 +7,7 @@ void irq_move_masked_irq(struct irq_data *idata) { struct irq_desc *desc = irq_data_to_desc(idata); - struct irq_chip *chip = idata->chip; + struct irq_chip *chip = desc->irq_data.chip; if (likely(!irqd_is_setaffinity_pending(&desc->irq_data))) return; @@ -52,6 +52,13 @@ void irq_move_irq(struct irq_data *idata) { bool masked; + /* + * Get top level irq_data when CONFIG_IRQ_DOMAIN_HIERARCHY is enabled, + * and it should be optimized away when CONFIG_IRQ_DOMAIN_HIERARCHY is + * disabled. So we avoid an "#ifdef CONFIG_IRQ_DOMAIN_HIERARCHY" here. + */ + idata = irq_desc_get_irq_data(irq_data_to_desc(idata)); + if (likely(!irqd_is_setaffinity_pending(idata))) return; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/