Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756386AbcCAX6v (ORCPT <rfc822;w@1wt.eu>);
	Tue, 1 Mar 2016 18:58:51 -0500
Received: from mail333.us4.mandrillapp.com ([205.201.137.77]:57058 "EHLO
	mail333.us4.mandrillapp.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S932633AbcCAX6h (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 1 Mar 2016 18:58:37 -0500
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mandrill; d=linuxfoundation.org;
 b=c43sQLh2eepHkiD/+Xmw99s7si9fwIpuwfcFXcBuVJCAsunT4TvogpcX/KOZVLCUgXg+fCBsz89P
   zhx6+654g/7+D1NYWOKT9X+SWPQDEPWcMlYcwDF1lKWp8LaqqXbRBhw/xivZjNPQpJj/CgxKRFcf
   7av2Qz4iqgJRgNmD/YI=;
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 4.4 324/342] x86/irq: Validate that irq descriptor is still active
X-Mailer: git-send-email 2.7.2
To: <linux-kernel@vger.kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, <stable@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Jiang Liu <jiang.liu@linux.intel.com>,
        Joe Lawrence <joe.lawrence@stratus.com>,
        Jeremiah Mahler <jmmahler@gmail.com>, Borislav Petkov <bp@alien8.de>,
        <andy.shevchenko@gmail.com>, Guenter Roeck <linux@roeck-us.net>
Message-Id: <20160301234538.336831268@linuxfoundation.org>
In-Reply-To: <20160301234527.990448862@linuxfoundation.org>
References: <20160301234527.990448862@linuxfoundation.org>
X-Report-Abuse: Please forward a copy of this message, including all headers, to abuse@mandrill.com
X-Report-Abuse: You can also report abuse here: http://mandrillapp.com/contact/abuse?id=30481620.fcd3047a7a9749a784b23e0cd57f43f8
X-Mandrill-User: md_30481620
Date: Tue, 01 Mar 2016 23:55:40 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1407
Lines: 42

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thomas Gleixner <tglx@linutronix.de>

commit 36f34c8c63da3e272fd66f91089228c22d2b6e8b upstream.

In fixup_irqs() we unconditionally dereference the irq chip of an irq
descriptor. The descriptor might still be valid, but already cleaned up,
i.e. the chip removed. Add a check for this condition.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Joe Lawrence <joe.lawrence@stratus.com>
Cc: Jeremiah Mahler <jmmahler@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: andy.shevchenko@gmail.com
Cc: Guenter Roeck <linux@roeck-us.net>
Link: http://lkml.kernel.org/r/20151231160106.236423282@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index f8062aaf5df9..c0b58dd1ca04 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -470,6 +470,15 @@ void fixup_irqs(void)
 		}
 
 		chip = irq_data_get_irq_chip(data);
+		/*
+		 * The interrupt descriptor might have been cleaned up
+		 * already, but it is not yet removed from the radix tree
+		 */
+		if (!chip) {
+			raw_spin_unlock(&desc->lock);
+			continue;
+		}
+
 		if (!irqd_can_move_in_process_context(data) && chip->irq_mask)
 			chip->irq_mask(data);