[PATCH 1/1] Revert "genirq: Remove the second parameter from handle_irq_event_percpu()"

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: <zyjzyj2000@gmail.com>
To: <zyjzyj2000@gmail.com>, <tglx@linutronix.de>,
	<linux-kernel@vger.kernel.org>
Subject: [PATCH 1/1] Revert "genirq: Remove the second parameter from handle_irq_event_percpu()"
Date: Wed, 13 Jan 2016 18:31:56 +0800	[thread overview]
Message-ID: <1452681116-20924-1-git-send-email-zyjzyj2000@gmail.com> (raw)

From: Zhu Yanjun <zyjzyj2000@gmail.com>

After this commit 71f64340fc0e ("genirq: Remove the second parameter
from handle_irq_event_percpu()") is applied, the variable action is
not protected by raw_spin_lock. The following calltrace will pop up.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff810a4991>] handle_irq_event_percpu+0x31/0x1c0
PGD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in:
CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.4.0 #30
task: ffff88003d2ed040 ti: ffff88003d380000 task.ti: ffff88003d380000
RIP: 0010:[<ffffffff810a4991>]  [<ffffffff810a4991>] handle_irq_event_percpu+0x31/0x1c0
RSP: 0018:ffff88003eb03ed8  EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000010003
RDX: 0000000080010003 RSI: 0000000000000000 RDI: ffff88003d02ac00
RBP: ffff88003eb03f10 R08: ffff88003d380000 R09: 0000000000000002
R10: 0000000000027e88 R11: 0000000000000282 R12: 0000000000000004
R13: ffff88003d02ac38 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88003eb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000008 CR3: 0000000001e0a000 CR4: 00000000000006e0
Stack:
 ffff88003d02ac00 0000000000000007 ffff88003d02ac00 ffff88003d02acb4
 ffff88003d02ac38 0000000000000034 0000000000000000 ffff88003eb03f38
 ffffffff810a4b5c ffff88003d02ac00 ffff88003d02acb4 ffff88003d02ac38
Call Trace:
 <IRQ>
 [<ffffffff810a4b5c>] handle_irq_event+0x3c/0x60
 [<ffffffff810a7c9f>] handle_edge_irq+0xcf/0x160
 [<ffffffff810067ba>] handle_irq+0x1a/0x30
 [<ffffffff819b0d37>] do_IRQ+0x57/0xf0
 [<ffffffff819af1ff>] common_interrupt+0x7f/0x7f
 <EOI>
 [<ffffffff819ae192>] ? _raw_write_unlock_irq+0x12/0x30
 [<ffffffff819ae1be>] _raw_spin_unlock_irq+0xe/0x10
 [<ffffffff8107703a>] finish_task_switch+0x9a/0x1f0
 [<ffffffff819aa375>] __schedule+0x3c5/0xb60
 [<ffffffff819aac8f>] schedule+0x3f/0x90
 [<ffffffff819aaf18>] schedule_preempt_disabled+0x18/0x30
 [<ffffffff8108f2ec>] cpu_startup_entry+0x13c/0x320
 [<ffffffff810379b1>] start_secondary+0xf1/0x100
RIP  [<ffffffff810a4991>] handle_irq_event_percpu+0x31/0x1c0
 RSP <ffff88003eb03ed8>
CR2: 0000000000000008
---[ end trace c62dc8f0b2aee0f5 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: disabled
---[ end Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Zhu Yanjun <zyjzyj2000@gmail.com>
---
 kernel/irq/chip.c      | 2 +-
 kernel/irq/handle.c    | 7 ++++---
 kernel/irq/internals.h | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
index 5797909..ce483ac 100644
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -692,7 +692,7 @@ void handle_percpu_irq(struct irq_desc *desc)
 	if (chip->irq_ack)
 		chip->irq_ack(&desc->irq_data);
 
-	handle_irq_event_percpu(desc);
+	handle_irq_event_percpu(desc, desc->action);
 
 	if (chip->irq_eoi)
 		chip->irq_eoi(&desc->irq_data);
diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
index a302cf9..e25a83b 100644
--- a/kernel/irq/handle.c
+++ b/kernel/irq/handle.c
@@ -132,11 +132,11 @@ void __irq_wake_thread(struct irq_desc *desc, struct irqaction *action)
 	wake_up_process(action->thread);
 }
 
-irqreturn_t handle_irq_event_percpu(struct irq_desc *desc)
+irqreturn_t
+handle_irq_event_percpu(struct irq_desc *desc, struct irqaction *action)
 {
 	irqreturn_t retval = IRQ_NONE;
 	unsigned int flags = 0, irq = desc->irq_data.irq;
-	struct irqaction *action = desc->action;
 
 	do {
 		irqreturn_t res;
@@ -184,13 +184,14 @@ irqreturn_t handle_irq_event_percpu(struct irq_desc *desc)
 
 irqreturn_t handle_irq_event(struct irq_desc *desc)
 {
+	struct irqaction *action = desc->action;
 	irqreturn_t ret;
 
 	desc->istate &= ~IRQS_PENDING;
 	irqd_set(&desc->irq_data, IRQD_IRQ_INPROGRESS);
 	raw_spin_unlock(&desc->lock);
 
-	ret = handle_irq_event_percpu(desc);
+	ret = handle_irq_event_percpu(desc, action);
 
 	raw_spin_lock(&desc->lock);
 	irqd_clear(&desc->irq_data, IRQD_IRQ_INPROGRESS);
diff --git a/kernel/irq/internals.h b/kernel/irq/internals.h
index fcab63c..25a2c9c 100644
--- a/kernel/irq/internals.h
+++ b/kernel/irq/internals.h
@@ -83,7 +83,7 @@ extern void irq_mark_irq(unsigned int irq);
 
 extern void init_kstat_irqs(struct irq_desc *desc, int node, int nr);
 
-irqreturn_t handle_irq_event_percpu(struct irq_desc *desc);
+irqreturn_t handle_irq_event_percpu(struct irq_desc *desc, struct irqaction *action);
 irqreturn_t handle_irq_event(struct irq_desc *desc);
 
 /* Resending of interrupts :*/
-- 
1.9.1

next             reply	other threads:[~2016-01-13 10:31 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-13 10:31 zyjzyj2000 [this message]
2016-01-13 13:07 ` [PATCH 1/1] Revert "genirq: Remove the second parameter from handle_irq_event_percpu()" Thomas Gleixner
2016-01-14  1:29   ` Huang Shijie
2016-01-18  8:00     ` zhuyj
2016-01-14 19:15   ` [tip:irq/urgent] genirq: Validate action before dereferencing it in handle_irq_event_percpu() tip-bot for Thomas Gleixner
2016-01-21  7:52 ` [V2 PATCH 1/1] genirq: fix desc->action become NULL error zyjzyj2000
2016-01-21  7:52   ` zyjzyj2000

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5797909 dfblob:ce483ac dfblob:a302cf9 dfblob:e25a83b
dfblob:fcab63c dfblob:25a2c9c )
 OR (
bs:"[PATCH 1/1] Revert "
bs:"genirq: Remove the second parameter from handle_irq_event_percpu()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1452681116-20924-1-git-send-email-zyjzyj2000@gmail.com \
    --to=zyjzyj2000@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).