From: daniel.lezcano@linaro.org (Daniel Lezcano)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] clockevent: sun4i: Fix race condition in the probe code
Date: Wed, 19 Nov 2014 10:21:57 +0100 [thread overview]
Message-ID: <546C6135.90201@linaro.org> (raw)
In-Reply-To: <1416351573-5815-1-git-send-email-maxime.ripard@free-electrons.com>
On 11/18/2014 11:59 PM, Maxime Ripard wrote:
> The interrupts were activated and the handler registered before the clockevent
> was registered in the probe function.
>
> The interrupt handler, however, was making the assumption that the clockevent
> device was registered.
>
> That could cause a null pointer dereferenc if the timer interrupt was firing
> during this narrow window.
>
> Fix that by moving the clockevent registration before the interrupt is enabled.
>
> Reported-by: Roman Byshko <rbyshko@gmail.com>
> Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
> Cc: stable at vger.kernel.org
Applied to my tree as 3.18 fix.
Thanks !
-- Daniel
> ---
> drivers/clocksource/sun4i_timer.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/clocksource/sun4i_timer.c b/drivers/clocksource/sun4i_timer.c
> index efb17c3ee120..f4a9c0058b4d 100644
> --- a/drivers/clocksource/sun4i_timer.c
> +++ b/drivers/clocksource/sun4i_timer.c
> @@ -182,6 +182,12 @@ static void __init sun4i_timer_init(struct device_node *node)
> /* Make sure timer is stopped before playing with interrupts */
> sun4i_clkevt_time_stop(0);
>
> + sun4i_clockevent.cpumask = cpu_possible_mask;
> + sun4i_clockevent.irq = irq;
> +
> + clockevents_config_and_register(&sun4i_clockevent, rate,
> + TIMER_SYNC_TICKS, 0xffffffff);
> +
> ret = setup_irq(irq, &sun4i_timer_irq);
> if (ret)
> pr_warn("failed to setup irq %d\n", irq);
> @@ -189,12 +195,6 @@ static void __init sun4i_timer_init(struct device_node *node)
> /* Enable timer0 interrupt */
> val = readl(timer_base + TIMER_IRQ_EN_REG);
> writel(val | TIMER_IRQ_EN(0), timer_base + TIMER_IRQ_EN_REG);
> -
> - sun4i_clockevent.cpumask = cpu_possible_mask;
> - sun4i_clockevent.irq = irq;
> -
> - clockevents_config_and_register(&sun4i_clockevent, rate,
> - TIMER_SYNC_TICKS, 0xffffffff);
> }
> CLOCKSOURCE_OF_DECLARE(sun4i, "allwinner,sun4i-a10-timer",
> sun4i_timer_init);
>
--
<http://www.linaro.org/> Linaro.org ? Open source software for ARM SoCs
Follow Linaro: <http://www.facebook.com/pages/Linaro> Facebook |
<http://twitter.com/#!/linaroorg> Twitter |
<http://www.linaro.org/linaro-blog/> Blog
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Lezcano <daniel.lezcano@linaro.org>
To: Maxime Ripard <maxime.ripard@free-electrons.com>,
Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Roman Byshko <rbyshko@gmail.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] clockevent: sun4i: Fix race condition in the probe code
Date: Wed, 19 Nov 2014 10:21:57 +0100 [thread overview]
Message-ID: <546C6135.90201@linaro.org> (raw)
In-Reply-To: <1416351573-5815-1-git-send-email-maxime.ripard@free-electrons.com>
On 11/18/2014 11:59 PM, Maxime Ripard wrote:
> The interrupts were activated and the handler registered before the clockevent
> was registered in the probe function.
>
> The interrupt handler, however, was making the assumption that the clockevent
> device was registered.
>
> That could cause a null pointer dereferenc if the timer interrupt was firing
> during this narrow window.
>
> Fix that by moving the clockevent registration before the interrupt is enabled.
>
> Reported-by: Roman Byshko <rbyshko@gmail.com>
> Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
> Cc: stable@vger.kernel.org
Applied to my tree as 3.18 fix.
Thanks !
-- Daniel
> ---
> drivers/clocksource/sun4i_timer.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/clocksource/sun4i_timer.c b/drivers/clocksource/sun4i_timer.c
> index efb17c3ee120..f4a9c0058b4d 100644
> --- a/drivers/clocksource/sun4i_timer.c
> +++ b/drivers/clocksource/sun4i_timer.c
> @@ -182,6 +182,12 @@ static void __init sun4i_timer_init(struct device_node *node)
> /* Make sure timer is stopped before playing with interrupts */
> sun4i_clkevt_time_stop(0);
>
> + sun4i_clockevent.cpumask = cpu_possible_mask;
> + sun4i_clockevent.irq = irq;
> +
> + clockevents_config_and_register(&sun4i_clockevent, rate,
> + TIMER_SYNC_TICKS, 0xffffffff);
> +
> ret = setup_irq(irq, &sun4i_timer_irq);
> if (ret)
> pr_warn("failed to setup irq %d\n", irq);
> @@ -189,12 +195,6 @@ static void __init sun4i_timer_init(struct device_node *node)
> /* Enable timer0 interrupt */
> val = readl(timer_base + TIMER_IRQ_EN_REG);
> writel(val | TIMER_IRQ_EN(0), timer_base + TIMER_IRQ_EN_REG);
> -
> - sun4i_clockevent.cpumask = cpu_possible_mask;
> - sun4i_clockevent.irq = irq;
> -
> - clockevents_config_and_register(&sun4i_clockevent, rate,
> - TIMER_SYNC_TICKS, 0xffffffff);
> }
> CLOCKSOURCE_OF_DECLARE(sun4i, "allwinner,sun4i-a10-timer",
> sun4i_timer_init);
>
--
<http://www.linaro.org/> Linaro.org │ Open source software for ARM SoCs
Follow Linaro: <http://www.facebook.com/pages/Linaro> Facebook |
<http://twitter.com/#!/linaroorg> Twitter |
<http://www.linaro.org/linaro-blog/> Blog
next prev parent reply other threads:[~2014-11-19 9:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-18 22:59 [PATCH] clockevent: sun4i: Fix race condition in the probe code Maxime Ripard
2014-11-18 22:59 ` Maxime Ripard
2014-11-19 9:21 ` Daniel Lezcano [this message]
2014-11-19 9:21 ` Daniel Lezcano
-- strict thread matches above, loose matches on Subject: below --
2014-11-19 9:47 [GIT PULL] clockevents: 3.18 fix Daniel Lezcano
2014-11-19 9:49 ` [PATCH] clockevent: sun4i: Fix race condition in the probe code Daniel Lezcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546C6135.90201@linaro.org \
--to=daniel.lezcano@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.