From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Gabriel C <nix.or.die@gmail.com>, Ingo Molnar <mingo@kernel.org>,
Peter Anvin <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Mike Galbraith <efault@gmx.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Ruslan Ruslichenko <rruslich@cisco.com>,
stable@vger.kernel.org
Subject: [patch 2/2] goldfish: Sanitize the broken interrupt handler
Date: Wed, 15 Feb 2017 11:11:51 +0100 [thread overview]
Message-ID: <20170215102145.154243375@linutronix.de> (raw)
In-Reply-To: 20170215101149.937286619@linutronix.de
[-- Attachment #1: goldfish--Sanitize-the-broken-interrupt-handler.patch --]
[-- Type: text/plain, Size: 1489 bytes --]
This interrupt handler is broken in several ways:
- It loops forever when the op code is not decodeable
- It never returns IRQ_HANDLED because the only way to exit the loop
returns IRQ_NONE unconditionally.
The whole concept of this is broken. Creating devices in an interrupt
handler is beyond any point of sanity.
Make it at least behave halfways sane so accidental users do not have to
deal with a hard to debug lockup.
Fixes: e809c22b8fb028 ("goldfish: add the goldfish virtual bus")
Reported-by: Gabriel C <nix.or.die@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
---
drivers/platform/goldfish/pdev_bus.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/platform/goldfish/pdev_bus.c
+++ b/drivers/platform/goldfish/pdev_bus.c
@@ -157,23 +157,26 @@ static int goldfish_new_pdev(void)
static irqreturn_t goldfish_pdev_bus_interrupt(int irq, void *dev_id)
{
irqreturn_t ret = IRQ_NONE;
+
while (1) {
u32 op = readl(pdev_bus_base + PDEV_BUS_OP);
- switch (op) {
- case PDEV_BUS_OP_DONE:
- return IRQ_NONE;
+ switch (op) {
case PDEV_BUS_OP_REMOVE_DEV:
goldfish_pdev_remove();
+ ret = IRQ_HANDLED;
break;
case PDEV_BUS_OP_ADD_DEV:
goldfish_new_pdev();
+ ret = IRQ_HANDLED;
break;
+
+ case PDEV_BUS_OP_DONE:
+ default:
+ return ret;
}
- ret = IRQ_HANDLED;
}
- return ret;
}
static int goldfish_pdev_bus_probe(struct platform_device *pdev)
next prev parent reply other threads:[~2017-02-15 10:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 10:11 [patch 0/2] goldfish: Prevent the trainwreck from doing harm Thomas Gleixner
2017-02-15 10:11 ` [patch 1/2] x86/platform/goldfish: Prevent unconditional loading Thomas Gleixner
2017-02-15 10:53 ` Peter Zijlstra
2017-02-15 10:57 ` Thomas Gleixner
2017-02-15 12:17 ` Alan Cox
2017-02-15 14:52 ` Thomas Gleixner
2017-02-15 10:11 ` Thomas Gleixner [this message]
2017-02-15 15:49 ` [patch 0/2] goldfish: Prevent the trainwreck from doing harm Linus Torvalds
2017-02-15 16:52 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170215102145.154243375@linutronix.de \
--to=tglx@linutronix.de \
--cc=bp@alien8.de \
--cc=efault@gmx.de \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=nix.or.die@gmail.com \
--cc=peterz@infradead.org \
--cc=rruslich@cisco.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox