[PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Jamie Iles]

It is optional for an irqdomain to have a to_irq() method, and for
simple domains they often don't require any operations at all - just
hwirq to Linux irq translation.  Check we have valid ops before
dereferencing them.

Patch originally by Rob Herring.

Suggested-by: Rob Herring <robherring2@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Jamie Iles <jamie@jamieiles.com>
---

Rob, I can't see that you've already posted this but I didn't want to
hold Marc's GIC patches up.

 include/linux/irqdomain.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
index 99834e58..78a1e66 100644
--- a/include/linux/irqdomain.h
+++ b/include/linux/irqdomain.h
@@ -74,7 +74,7 @@ struct irq_domain {
 static inline unsigned int irq_domain_to_irq(struct irq_domain *d,
 					     unsigned long hwirq)
 {
-	if (d->ops->to_irq)
+	if (d->ops && d->ops->to_irq)
 		return d->ops->to_irq(d, hwirq);
 	if (WARN_ON(hwirq < d->hwirq_base))
 		return 0;
-- 
1.7.4.1

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Jamie Iles]

On Thu, Nov 10, 2011 at 10:53:03AM +0000, Jamie Iles wrote:
> It is optional for an irqdomain to have a to_irq() method, and for
> simple domains they often don't require any operations at all - just
> hwirq to Linux irq translation.  Check we have valid ops before
> dereferencing them.
> 
> Patch originally by Rob Herring.
> 
> Suggested-by: Rob Herring <robherring2@gmail.com>

Naturally git send-email doesn't know how to convert this into a CC, so 
Rob is now CC'd!

Jamie

> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Grant Likely <grant.likely@secretlab.ca>
> Signed-off-by: Jamie Iles <jamie@jamieiles.com>
> ---
> 
> Rob, I can't see that you've already posted this but I didn't want to
> hold Marc's GIC patches up.
> 
>  include/linux/irqdomain.h |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
> index 99834e58..78a1e66 100644
> --- a/include/linux/irqdomain.h
> +++ b/include/linux/irqdomain.h
> @@ -74,7 +74,7 @@ struct irq_domain {
>  static inline unsigned int irq_domain_to_irq(struct irq_domain *d,
>  					     unsigned long hwirq)
>  {
> -	if (d->ops->to_irq)
> +	if (d->ops && d->ops->to_irq)
>  		return d->ops->to_irq(d, hwirq);
>  	if (WARN_ON(hwirq < d->hwirq_base))
>  		return 0;
> -- 
> 1.7.4.1
> 

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Rob Herring]

On 11/10/2011 05:14 AM, Jamie Iles wrote:
> On Thu, Nov 10, 2011 at 10:53:03AM +0000, Jamie Iles wrote:
>> It is optional for an irqdomain to have a to_irq() method, and for
>> simple domains they often don't require any operations at all - just
>> hwirq to Linux irq translation.  Check we have valid ops before
>> dereferencing them.
>>
>> Patch originally by Rob Herring.
>>
>> Suggested-by: Rob Herring <robherring2@gmail.com>
> 
> Naturally git send-email doesn't know how to convert this into a CC, so 
> Rob is now CC'd!
> 
> Jamie
> 
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Cc: Grant Likely <grant.likely@secretlab.ca>
>> Signed-off-by: Jamie Iles <jamie@jamieiles.com>
>> ---
>>
>> Rob, I can't see that you've already posted this but I didn't want to
>> hold Marc's GIC patches up.

Thanks. I didn't get around to it yesterday.

Acked-by: Rob Herring <rob.herring@calxeda.com>

Rob

>>
>>  include/linux/irqdomain.h |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
>> index 99834e58..78a1e66 100644
>> --- a/include/linux/irqdomain.h
>> +++ b/include/linux/irqdomain.h
>> @@ -74,7 +74,7 @@ struct irq_domain {
>>  static inline unsigned int irq_domain_to_irq(struct irq_domain *d,
>>  					     unsigned long hwirq)
>>  {
>> -	if (d->ops->to_irq)
>> +	if (d->ops && d->ops->to_irq)
>>  		return d->ops->to_irq(d, hwirq);
>>  	if (WARN_ON(hwirq < d->hwirq_base))
>>  		return 0;
>> -- 
>> 1.7.4.1
>>

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Jamie Iles]

On Thu, Nov 10, 2011 at 10:53:03AM +0000, Jamie Iles wrote:
> It is optional for an irqdomain to have a to_irq() method, and for
> simple domains they often don't require any operations at all - just
> hwirq to Linux irq translation.  Check we have valid ops before
> dereferencing them.
> 
> Patch originally by Rob Herring.
> 
> Suggested-by: Rob Herring <robherring2@gmail.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Grant Likely <grant.likely@secretlab.ca>
> Signed-off-by: Jamie Iles <jamie@jamieiles.com>
> ---
> 
> Rob, I can't see that you've already posted this but I didn't want to
> hold Marc's GIC patches up.
> 
>  include/linux/irqdomain.h |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
> index 99834e58..78a1e66 100644
> --- a/include/linux/irqdomain.h
> +++ b/include/linux/irqdomain.h
> @@ -74,7 +74,7 @@ struct irq_domain {
>  static inline unsigned int irq_domain_to_irq(struct irq_domain *d,
>  					     unsigned long hwirq)
>  {
> -	if (d->ops->to_irq)
> +	if (d->ops && d->ops->to_irq)
>  		return d->ops->to_irq(d, hwirq);
>  	if (WARN_ON(hwirq < d->hwirq_base))
>  		return 0;
> -- 

ping?  Marc has sent a pull request for the VIC/GIC consolidation 
patches and these really need this one.

Thanks,

Jamie

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Jamie Iles]

Hi Rob,

On Thu, Nov 10, 2011 at 07:37:32AM -0600, Rob Herring wrote:
> On 11/10/2011 05:14 AM, Jamie Iles wrote:
> > On Thu, Nov 10, 2011 at 10:53:03AM +0000, Jamie Iles wrote:
> >> It is optional for an irqdomain to have a to_irq() method, and for
> >> simple domains they often don't require any operations at all - just
> >> hwirq to Linux irq translation.  Check we have valid ops before
> >> dereferencing them.
> >>
> >> Patch originally by Rob Herring.
> >>
> >> Suggested-by: Rob Herring <robherring2@gmail.com>
> > 
> > Naturally git send-email doesn't know how to convert this into a CC, so 
> > Rob is now CC'd!
> > 
> > Jamie
> > 
> >> Cc: Thomas Gleixner <tglx@linutronix.de>
> >> Cc: Grant Likely <grant.likely@secretlab.ca>
> >> Signed-off-by: Jamie Iles <jamie@jamieiles.com>
> >> ---
> >>
> >> Rob, I can't see that you've already posted this but I didn't want to
> >> hold Marc's GIC patches up.
> 
> Thanks. I didn't get around to it yesterday.
> 
> Acked-by: Rob Herring <rob.herring@calxeda.com>

I've just noticed in kernel/irq/irqdomain.c, that the kerneldoc for 
irq_domain_add() says that a valid ops structure is required, so perhaps 
this fix isn't right and we should just have an empty ops structure for 
simple controllers...

Jamie

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Jamie Iles]

Hi Rob,

On Wed, Nov 23, 2011 at 12:23:08PM +0000, Jamie Iles wrote:
> On Thu, Nov 10, 2011 at 07:37:32AM -0600, Rob Herring wrote:
> > On 11/10/2011 05:14 AM, Jamie Iles wrote:
> > > On Thu, Nov 10, 2011 at 10:53:03AM +0000, Jamie Iles wrote:
> > >> It is optional for an irqdomain to have a to_irq() method, and for
> > >> simple domains they often don't require any operations at all - just
> > >> hwirq to Linux irq translation.  Check we have valid ops before
> > >> dereferencing them.
> > >>
> > >> Patch originally by Rob Herring.
> > >>
> > >> Suggested-by: Rob Herring <robherring2@gmail.com>
> > > 
> > > Naturally git send-email doesn't know how to convert this into a CC, so 
> > > Rob is now CC'd!
> > > 
> > > Jamie
> > > 
> > >> Cc: Thomas Gleixner <tglx@linutronix.de>
> > >> Cc: Grant Likely <grant.likely@secretlab.ca>
> > >> Signed-off-by: Jamie Iles <jamie@jamieiles.com>
> > >> ---
> > >>
> > >> Rob, I can't see that you've already posted this but I didn't want to
> > >> hold Marc's GIC patches up.
> > 
> > Thanks. I didn't get around to it yesterday.
> > 
> > Acked-by: Rob Herring <rob.herring@calxeda.com>
> 
> I've just noticed in kernel/irq/irqdomain.c, that the kerneldoc for 
> irq_domain_add() says that a valid ops structure is required, so perhaps 
> this fix isn't right and we should just have an empty ops structure for 
> simple controllers...

I wonder if this might make more sense instead.  I'll post a proper 
patch if you think so.

Regards,

Jamie

diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
index 200ce83..92c3484 100644
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -143,11 +143,6 @@ int irq_domain_simple_dt_translate(struct irq_domain *d,
 	return 0;
 }
 
-struct irq_domain_ops irq_domain_simple_ops = {
-	.dt_translate = irq_domain_simple_dt_translate,
-};
-EXPORT_SYMBOL_GPL(irq_domain_simple_ops);
-
 /**
  * irq_domain_create_simple() - Set up a 'simple' translation range
  */
@@ -181,4 +176,11 @@ void irq_domain_generate_simple(const struct of_device_id *match,
 		pr_info("no node found\n");
 }
 EXPORT_SYMBOL_GPL(irq_domain_generate_simple);
+#else /* CONFIG_OF_IRQ */
+#define irq_domain_simple_dt_translate NULL
 #endif /* CONFIG_OF_IRQ */
+
+struct irq_domain_ops irq_domain_simple_ops = {
+	.dt_translate = irq_domain_simple_dt_translate,
+};
+EXPORT_SYMBOL_GPL(irq_domain_simple_ops);

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Rob Herring]

Jamie,

On 11/25/2011 09:35 AM, Jamie Iles wrote:
> Hi Rob,
> 
> On Wed, Nov 23, 2011 at 12:23:08PM +0000, Jamie Iles wrote:
>> On Thu, Nov 10, 2011 at 07:37:32AM -0600, Rob Herring wrote:
>>> On 11/10/2011 05:14 AM, Jamie Iles wrote:
>>>> On Thu, Nov 10, 2011 at 10:53:03AM +0000, Jamie Iles wrote:
>>>>> It is optional for an irqdomain to have a to_irq() method, and for
>>>>> simple domains they often don't require any operations at all - just
>>>>> hwirq to Linux irq translation.  Check we have valid ops before
>>>>> dereferencing them.
>>>>>
>>>>> Patch originally by Rob Herring.
>>>>>
>>>>> Suggested-by: Rob Herring <robherring2@gmail.com>
>>>>
>>>> Naturally git send-email doesn't know how to convert this into a CC, so 
>>>> Rob is now CC'd!
>>>>
>>>> Jamie
>>>>
>>>>> Cc: Thomas Gleixner <tglx@linutronix.de>
>>>>> Cc: Grant Likely <grant.likely@secretlab.ca>
>>>>> Signed-off-by: Jamie Iles <jamie@jamieiles.com>
>>>>> ---
>>>>>
>>>>> Rob, I can't see that you've already posted this but I didn't want to
>>>>> hold Marc's GIC patches up.
>>>
>>> Thanks. I didn't get around to it yesterday.
>>>
>>> Acked-by: Rob Herring <rob.herring@calxeda.com>
>>
>> I've just noticed in kernel/irq/irqdomain.c, that the kerneldoc for 
>> irq_domain_add() says that a valid ops structure is required, so perhaps 
>> this fix isn't right and we should just have an empty ops structure for 
>> simple controllers...
> 
> I wonder if this might make more sense instead.  I'll post a proper 
> patch if you think so.
> 
> Regards,
> 
> Jamie
> 
> diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
> index 200ce83..92c3484 100644
> --- a/kernel/irq/irqdomain.c
> +++ b/kernel/irq/irqdomain.c
> @@ -143,11 +143,6 @@ int irq_domain_simple_dt_translate(struct irq_domain *d,
>  	return 0;
>  }
>  
> -struct irq_domain_ops irq_domain_simple_ops = {
> -	.dt_translate = irq_domain_simple_dt_translate,
> -};
> -EXPORT_SYMBOL_GPL(irq_domain_simple_ops);
> -
>  /**
>   * irq_domain_create_simple() - Set up a 'simple' translation range
>   */
> @@ -181,4 +176,11 @@ void irq_domain_generate_simple(const struct of_device_id *match,
>  		pr_info("no node found\n");
>  }
>  EXPORT_SYMBOL_GPL(irq_domain_generate_simple);
> +#else /* CONFIG_OF_IRQ */
> +#define irq_domain_simple_dt_translate NULL
>  #endif /* CONFIG_OF_IRQ */
> +
> +struct irq_domain_ops irq_domain_simple_ops = {
> +	.dt_translate = irq_domain_simple_dt_translate,

.dt_translate is surrounded by CONFIG_OF, so it will break on !CONFIG_OF.

> +};
> +EXPORT_SYMBOL_GPL(irq_domain_simple_ops);

The extern declaration in irqdomain.h is surrounded by CONFIG_OF_IRQ, so
it needs to be moved out of that as well.

On Sparc, CONFIG_OF is true, but CONFIG_OF_IRQ is false. So that
combination needs to be handled as well.

Rob

Re: [PATCH] irq: fix possible null-pointer deref irq_domain_to_irq

[Jamie Iles]

Hi Rob,

On Sun, Nov 27, 2011 at 09:11:01AM -0600, Rob Herring wrote:
> On 11/25/2011 09:35 AM, Jamie Iles wrote:
> > I wonder if this might make more sense instead.  I'll post a proper 
> > patch if you think so.
> > 
> > Regards,
> > 
> > Jamie
> > 
> > diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
> > index 200ce83..92c3484 100644
> > --- a/kernel/irq/irqdomain.c
> > +++ b/kernel/irq/irqdomain.c
> > @@ -143,11 +143,6 @@ int irq_domain_simple_dt_translate(struct irq_domain *d,
> >  	return 0;
> >  }
> >  
> > -struct irq_domain_ops irq_domain_simple_ops = {
> > -	.dt_translate = irq_domain_simple_dt_translate,
> > -};
> > -EXPORT_SYMBOL_GPL(irq_domain_simple_ops);
> > -
> >  /**
> >   * irq_domain_create_simple() - Set up a 'simple' translation range
> >   */
> > @@ -181,4 +176,11 @@ void irq_domain_generate_simple(const struct of_device_id *match,
> >  		pr_info("no node found\n");
> >  }
> >  EXPORT_SYMBOL_GPL(irq_domain_generate_simple);
> > +#else /* CONFIG_OF_IRQ */
> > +#define irq_domain_simple_dt_translate NULL
> >  #endif /* CONFIG_OF_IRQ */
> > +
> > +struct irq_domain_ops irq_domain_simple_ops = {
> > +	.dt_translate = irq_domain_simple_dt_translate,
> 
> .dt_translate is surrounded by CONFIG_OF, so it will break on !CONFIG_OF.

Ahh, good spot!

> > +};
> > +EXPORT_SYMBOL_GPL(irq_domain_simple_ops);
> 
> The extern declaration in irqdomain.h is surrounded by CONFIG_OF_IRQ, so
> it needs to be moved out of that as well.
> 
> On Sparc, CONFIG_OF is true, but CONFIG_OF_IRQ is false. So that
> combination needs to be handled as well.

OK, I'm travelling for a couple of days now, but I'll respin something 
when I'm back.  I guess it's a case of always exporting the simple ops 
when CONFIG_IRQDOMAIN=y, and only setting the .dt_translate when 
CONFIG_OF_IRQ=y though.

Jamie