Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1807609pxk;
        Tue, 1 Sep 2020 08:15:59 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyqtxAdXVL+ZjUduaEnGe3QGc6ahiWw77ijCtxo3kx51TeEyD6/DNPFfNu3C/uqviCkTglc
X-Received: by 2002:a50:9d0a:: with SMTP id v10mr563506ede.144.1598973359612;
        Tue, 01 Sep 2020 08:15:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1598973359; cv=none;
        d=google.com; s=arc-20160816;
        b=lHm8aplA0SbkjgyJYO+lcNWgrT8hSbDK6edIrLOUL4f8KSDXvKTCGzgB6MR+So2P6I
         MRbG/86kv4voPPzMErYRrQVtSQts+mLmW80zIAj17xqdzxezeGXVNICLBSbbEr6gAniK
         qVo+GDmownuQoBkoBHi/BoosC/33O1DmCzyUKKjJUK9MoAMJlpO9R4g3cl3cgEg5Vkdi
         /3s7wsZA2XysWWagqjjwEfS12xHBor3RwzmuZdbGKc0j4KIDXryDESY210fAmej7K7WC
         loj7dtrj+qAEYVk9+9dPkK7DOi5eNsBw11m9erg7/j2r4IbmFjBRR/mtC2eIX6kHwclP
         KI6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=yrQPBLAyEMsq0M/dcb0rpWaVs/8hOL0auSroLPQA3ow=;
        b=M9DiVf/PXfu3F/atIopcdDfJ/RyMwyP/1Dr4rXL63OnGPs68Aik68YPl0uEVb77HSR
         GpSWaMwm4D9jwo+cNp42gPgH3mBbENpevgnbA/Dm1rNX+KngElN7OSm6KWRWZMgYuex2
         KOaxG7S18nIEZ/WMOIK67euTW2CcmBaEJEch3e5oNFIX/rALUOVOHIFRFAENON575H2d
         JgEMy9H8ihl222rkQGczoDZPxi1owx9mPxZN+IoiNIPxQ5mg1pY6W29LuKFIo5tGNkpD
         SKbAsi1i0xPUSsGeLsIGYD/odLF9L9YbggrMERYQL5KSVQE+s0rz4PG4SKmp3jwMQsSc
         SvYw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=r4oWSbah;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id t16si824088ejt.27.2020.09.01.08.15.35;
        Tue, 01 Sep 2020 08:15:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=r4oWSbah;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728948AbgIAPOA (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Tue, 1 Sep 2020 11:14:00 -0400
Received: from mail.kernel.org ([198.145.29.99]:56586 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728820AbgIAPNa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Sep 2020 11:13:30 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 48EBE2100A;
        Tue,  1 Sep 2020 15:13:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1598973209;
        bh=Lryw0f1Nbw9zOBSfGU+aYbC7z1GWIMz3wMR7aAvU97E=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=r4oWSbahtE37tMwQhnNVGqDHPpeQBCQuzepITKiBL+rPlZ5Bk+U2ji80szi+25n6v
         GIrqqsxHR/HbHxuW1HfOWpm5S8W9BGL11CMRkB8PEKwH/y7OfjNrLUW2bSaU1VxpWq
         mrGbviZ+F8V4drcgk3QcGVd3I8CJuCsZ4bHfIhaM=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Roman Shaposhnik <roman@zededa.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Juergen Gross <jgross@suse.com>
Subject: [PATCH 4.4 50/62] XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information.
Date:   Tue,  1 Sep 2020 17:10:33 +0200
Message-Id: <20200901150923.247002384@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200901150920.697676718@linuxfoundation.org>
References: <20200901150920.697676718@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Thomas Gleixner <tglx@linutronix.de>

commit c330fb1ddc0a922f044989492b7fcca77ee1db46 upstream.

handler data is meant for interrupt handlers and not for storing irq chip
specific information as some devices require handler data to store internal
per interrupt information, e.g. pinctrl/GPIO chained interrupt handlers.

This obviously creates a conflict of interests and crashes the machine
because the XEN pointer is overwritten by the driver pointer.

As the XEN data is not handler specific it should be stored in
irqdesc::irq_data::chip_data instead.

A simple sed s/irq_[sg]et_handler_data/irq_[sg]et_chip_data/ cures that.

Cc: stable@vger.kernel.org
Reported-by: Roman Shaposhnik <roman@zededa.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Roman Shaposhnik <roman@zededa.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/87lfi2yckt.fsf@nanos.tec.linutronix.de
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/xen/events/events_base.c |   16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -155,7 +155,7 @@ int get_evtchn_to_irq(unsigned evtchn)
 /* Get info for IRQ */
 struct irq_info *info_for_irq(unsigned irq)
 {
-	return irq_get_handler_data(irq);
+	return irq_get_chip_data(irq);
 }
 
 /* Constructors for packed IRQ information. */
@@ -384,7 +384,7 @@ static void xen_irq_init(unsigned irq)
 	info->type = IRQT_UNBOUND;
 	info->refcnt = -1;
 
-	irq_set_handler_data(irq, info);
+	irq_set_chip_data(irq, info);
 
 	list_add_tail(&info->list, &xen_irq_list_head);
 }
@@ -433,14 +433,14 @@ static int __must_check xen_allocate_irq
 
 static void xen_free_irq(unsigned irq)
 {
-	struct irq_info *info = irq_get_handler_data(irq);
+	struct irq_info *info = irq_get_chip_data(irq);
 
 	if (WARN_ON(!info))
 		return;
 
 	list_del(&info->list);
 
-	irq_set_handler_data(irq, NULL);
+	irq_set_chip_data(irq, NULL);
 
 	WARN_ON(info->refcnt > 0);
 
@@ -610,7 +610,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi);
 static void __unbind_from_irq(unsigned int irq)
 {
 	int evtchn = evtchn_from_irq(irq);
-	struct irq_info *info = irq_get_handler_data(irq);
+	struct irq_info *info = irq_get_chip_data(irq);
 
 	if (info->refcnt > 0) {
 		info->refcnt--;
@@ -1114,7 +1114,7 @@ int bind_ipi_to_irqhandler(enum ipi_vect
 
 void unbind_from_irqhandler(unsigned int irq, void *dev_id)
 {
-	struct irq_info *info = irq_get_handler_data(irq);
+	struct irq_info *info = irq_get_chip_data(irq);
 
 	if (WARN_ON(!info))
 		return;
@@ -1148,7 +1148,7 @@ int evtchn_make_refcounted(unsigned int
 	if (irq == -1)
 		return -ENOENT;
 
-	info = irq_get_handler_data(irq);
+	info = irq_get_chip_data(irq);
 
 	if (!info)
 		return -ENOENT;
@@ -1176,7 +1176,7 @@ int evtchn_get(unsigned int evtchn)
 	if (irq == -1)
 		goto done;
 
-	info = irq_get_handler_data(irq);
+	info = irq_get_chip_data(irq);
 
 	if (!info)
 		goto done;