From: Jiang Liu <jiang.liu@linux.intel.com>
To: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Subject: Re: [RFC][PATCH] x86/hpet: fix NULL pointer dereference in msi_domain_alloc_irqs()
Date: Wed, 13 May 2015 14:02:30 +0800 [thread overview]
Message-ID: <5552E8F6.8020902@linux.intel.com> (raw)
In-Reply-To: <20150512041444.GA1094@swordfish>
On 2015/5/12 12:14, Sergey Senozhatsky wrote:
>> directly call __irq_domain_alloc_irqs() in hpet_assign_irq() and pass
>> correct `arg' to fix the oops.
>>
>
> oh, what I was thinking about... it should be as simple as this.
>
> 8<-----8<-----
>
> From 8be2eb548cefc788c87b05da22176b7360c6aca9 Mon Sep 17 00:00:00 2001
> From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
> Date: Mon, 11 May 2015 18:56:49 +0900
> Subject: [PATCH] x86/hpet: fix NULL pointer deference in
> msi_domain_alloc_irqs()
>
> Fix the following oops:
> hpet_msi_get_hwirq+0x1f/0x27
> msi_domain_alloc+0x35/0xfe
> ? trace_hardirqs_on_caller+0x16c/0x188
> irq_domain_alloc_irqs_recursive+0x51/0x95
> __irq_domain_alloc_irqs+0x151/0x223
> hpet_assign_irq+0x5d/0x68
> hpet_msi_capability_lookup+0x121/0x1cb
> ? hpet_enable+0x2b4/0x2b4
> hpet_late_init+0x5f/0xf2
> ? hpet_enable+0x2b4/0x2b4
> do_one_initcall+0x184/0x199
> kernel_init_freeable+0x1af/0x237
> ? rest_init+0x13a/0x13a
> kernel_init+0xe/0xd4
> ret_from_fork+0x3f/0x70
> ? rest_init+0x13a/0x13a
>
> since 3cb96f0c9733 ('x86/hpet: Enhance HPET IRQ to support hierarchical
> irqdomains') hpet_msi_capability_lookup() uses hpet_assign_irq(). the
> latter discards `irq_alloc_info info' param and instead passes NULL to
> __irq_domain_alloc_irqs() as `arg'. __irq_domain_alloc_irqs() invokes
> irq_domain_alloc_irqs_recursive(), which msi_domain_alloc_irqs() and,
> eventually, accesses `arg->hpet_index' in hpet_msi_get_hwirq().
>
> pass a correct `irq_alloc_info info' pointer to irq_domain_alloc_irqs()
> in hpet_assign_irq() to fix the oops.
>
> Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
> ---
> arch/x86/kernel/apic/msi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/apic/msi.c b/arch/x86/kernel/apic/msi.c
> index 58fde66..ef516af 100644
> --- a/arch/x86/kernel/apic/msi.c
> +++ b/arch/x86/kernel/apic/msi.c
> @@ -351,6 +351,6 @@ int hpet_assign_irq(struct irq_domain *domain, struct hpet_dev *dev,
> info.hpet_id = hpet_dev_id(domain);
> info.hpet_index = dev_num;
>
> - return irq_domain_alloc_irqs(domain, 1, NUMA_NO_NODE, NULL);
> + return irq_domain_alloc_irqs(domain, 1, NUMA_NO_NODE, &info);
> }
> #endif
Hi Sergey,
My fault, I have prepared 'info' without actually passing it to
irq_domain_alloc_irqs().
Thanks for fixing it.
Reviewed-by: Jiang Liu <jiang.liu@linux.intel.com>
next prev parent reply other threads:[~2015-05-13 6:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 11:36 [RFC][PATCH] x86/hpet: fix NULL pointer dereference in msi_domain_alloc_irqs() Sergey Senozhatsky
2015-05-12 4:14 ` Sergey Senozhatsky
2015-05-13 6:02 ` Jiang Liu [this message]
2015-05-13 7:54 ` [tip:x86/apic] x86/hpet: Pass proper pointer to irq_alloc_info tip-bot for Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5552E8F6.8020902@linux.intel.com \
--to=jiang.liu@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.