From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Jiang Liu <jiang.liu@linux.intel.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Subject: Re: [RFC][PATCH] x86/hpet: fix NULL pointer dereference in msi_domain_alloc_irqs()
Date: Tue, 12 May 2015 13:14:44 +0900 [thread overview]
Message-ID: <20150512041444.GA1094@swordfish> (raw)
In-Reply-To: <1431344168-1872-1-git-send-email-sergey.senozhatsky@gmail.com>
> directly call __irq_domain_alloc_irqs() in hpet_assign_irq() and pass
> correct `arg' to fix the oops.
>
oh, what I was thinking about... it should be as simple as this.
8<-----8<-----
>From 8be2eb548cefc788c87b05da22176b7360c6aca9 Mon Sep 17 00:00:00 2001
From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Date: Mon, 11 May 2015 18:56:49 +0900
Subject: [PATCH] x86/hpet: fix NULL pointer deference in
msi_domain_alloc_irqs()
Fix the following oops:
hpet_msi_get_hwirq+0x1f/0x27
msi_domain_alloc+0x35/0xfe
? trace_hardirqs_on_caller+0x16c/0x188
irq_domain_alloc_irqs_recursive+0x51/0x95
__irq_domain_alloc_irqs+0x151/0x223
hpet_assign_irq+0x5d/0x68
hpet_msi_capability_lookup+0x121/0x1cb
? hpet_enable+0x2b4/0x2b4
hpet_late_init+0x5f/0xf2
? hpet_enable+0x2b4/0x2b4
do_one_initcall+0x184/0x199
kernel_init_freeable+0x1af/0x237
? rest_init+0x13a/0x13a
kernel_init+0xe/0xd4
ret_from_fork+0x3f/0x70
? rest_init+0x13a/0x13a
since 3cb96f0c9733 ('x86/hpet: Enhance HPET IRQ to support hierarchical
irqdomains') hpet_msi_capability_lookup() uses hpet_assign_irq(). the
latter discards `irq_alloc_info info' param and instead passes NULL to
__irq_domain_alloc_irqs() as `arg'. __irq_domain_alloc_irqs() invokes
irq_domain_alloc_irqs_recursive(), which msi_domain_alloc_irqs() and,
eventually, accesses `arg->hpet_index' in hpet_msi_get_hwirq().
pass a correct `irq_alloc_info info' pointer to irq_domain_alloc_irqs()
in hpet_assign_irq() to fix the oops.
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
---
arch/x86/kernel/apic/msi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/apic/msi.c b/arch/x86/kernel/apic/msi.c
index 58fde66..ef516af 100644
--- a/arch/x86/kernel/apic/msi.c
+++ b/arch/x86/kernel/apic/msi.c
@@ -351,6 +351,6 @@ int hpet_assign_irq(struct irq_domain *domain, struct hpet_dev *dev,
info.hpet_id = hpet_dev_id(domain);
info.hpet_index = dev_num;
- return irq_domain_alloc_irqs(domain, 1, NUMA_NO_NODE, NULL);
+ return irq_domain_alloc_irqs(domain, 1, NUMA_NO_NODE, &info);
}
#endif
--
2.4.0.rc3.3.g6eb1401
next prev parent reply other threads:[~2015-05-12 4:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 11:36 [RFC][PATCH] x86/hpet: fix NULL pointer dereference in msi_domain_alloc_irqs() Sergey Senozhatsky
2015-05-12 4:14 ` Sergey Senozhatsky [this message]
2015-05-13 6:02 ` Jiang Liu
2015-05-13 7:54 ` [tip:x86/apic] x86/hpet: Pass proper pointer to irq_alloc_info tip-bot for Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150512041444.GA1094@swordfish \
--to=sergey.senozhatsky.work@gmail.com \
--cc=hpa@zytor.com \
--cc=jiang.liu@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.