[BUG] x86: apic: Possible null pointer dereference by apic_ack_edge

[BUG] x86: apic: Possible null pointer dereference by apic_ack_edge

[William Breathitt Gray]

Hello,

In mainline kernel version 4.3-rc4, the following line located in the
apic_ack_edge function definition can result in a null pointer dereference:

        irq_complete_move(irqd_cfg(data));
        
The irqd_cfg function may return a value of NULL. If NULL is passed to the
irq_complete_move function, then the struct apic_chip_data pointer 'data' of
the __irq_complete_move function will be defined, and subsequently dereferenced,
based on this incorrect NULL value passed through the 'cfg' parameter:

        data = container_of(cfg, struct apic_chip_data, cfg);
        if (likely(!data->move_in_progress))
        
Sincerely,

William Breathitt Gray

Re: [BUG] x86: apic: Possible null pointer dereference by apic_ack_edge

[Thomas Gleixner]

On Sat, 10 Oct 2015, William Breathitt Gray wrote:
> In mainline kernel version 4.3-rc4, the following line located in the
> apic_ack_edge function definition can result in a null pointer dereference:
> 
>         irq_complete_move(irqd_cfg(data));
>         
> The irqd_cfg function may return a value of NULL.

data is never NULL when apic_ack_edge() is called.

Thanks,

	tglx