From: tip-bot for Jesper Juhl <jj@chaosbits.net>
To: linux-tip-commits@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, hpa@zytor.com, mingo@redhat.com,
jj@chaosbits.net, tglx@linutronix.de
Subject: [tip:irq/urgent] genirq: Prevent potential NULL dereference in irq_set_irq_wake()
Date: Fri, 10 Jun 2011 08:58:16 GMT [thread overview]
Message-ID: <tip-13863a66c9c8a663665445cf05d68de96ff31830@git.kernel.org> (raw)
In-Reply-To: <alpine.LNX.2.00.1106092300360.17868@swampdragon.chaosbits.net>
Commit-ID: 13863a66c9c8a663665445cf05d68de96ff31830
Gitweb: http://git.kernel.org/tip/13863a66c9c8a663665445cf05d68de96ff31830
Author: Jesper Juhl <jj@chaosbits.net>
AuthorDate: Thu, 9 Jun 2011 23:14:58 +0200
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Fri, 10 Jun 2011 10:53:42 +0200
genirq: Prevent potential NULL dereference in irq_set_irq_wake()
In kernel/irq/manage.c::irq_set_irq_wake() we call
irq_get_desc_buslock() which may return NULL, but the code
dereferences the result unconditionally.
irq_set_irq_wake() has lots of callers - I checked a few and I couldn't
find anything that guarantees that they won't call it with some input that
will cause irq_get_desc_buslock() to return NULL, so I think it's a good
thing to test and -EINVAL was the most sane error code in this situation
that I could think of.
Not all callers test the return value of irq_set_irq_wake(), but those
that do take != 0 to mean error as far as I can see, so they should be
fine. I guess those that don't test actually should, but that's a
different issue.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Link: http://lkml.kernel.org/r/alpine.LNX.2.00.1106092300360.17868@swampdragon.chaosbits.net
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
kernel/irq/manage.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
index d64bafb..0a7840ae 100644
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -491,6 +491,9 @@ int irq_set_irq_wake(unsigned int irq, unsigned int on)
struct irq_desc *desc = irq_get_desc_buslock(irq, &flags);
int ret = 0;
+ if (!desc)
+ return -EINVAL;
+
/* wakeup-capable irqs can be shared between drivers that
* don't need to have the same sleep mode behaviors.
*/
prev parent reply other threads:[~2011-06-10 8:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-09 21:14 [PATCH] Avoid potential NULL deref in irq_set_irq_wake() Jesper Juhl
2011-06-10 8:58 ` tip-bot for Jesper Juhl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-13863a66c9c8a663665445cf05d68de96ff31830@git.kernel.org \
--to=jj@chaosbits.net \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.