public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [BUG] x86: apic: Possible null pointer dereference by apic_ack_edge
@ 2015-10-10 20:54 William Breathitt Gray
  2015-10-11  8:30 ` Thomas Gleixner
  0 siblings, 1 reply; 2+ messages in thread
From: William Breathitt Gray @ 2015-10-10 20:54 UTC (permalink / raw)
  To: tglx, mingo, hpa, jiang.liu; +Cc: x86, linux-kernel

Hello,

In mainline kernel version 4.3-rc4, the following line located in the
apic_ack_edge function definition can result in a null pointer dereference:

        irq_complete_move(irqd_cfg(data));
        
The irqd_cfg function may return a value of NULL. If NULL is passed to the
irq_complete_move function, then the struct apic_chip_data pointer 'data' of
the __irq_complete_move function will be defined, and subsequently dereferenced,
based on this incorrect NULL value passed through the 'cfg' parameter:

        data = container_of(cfg, struct apic_chip_data, cfg);
        if (likely(!data->move_in_progress))
        
Sincerely,

William Breathitt Gray

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-10-11  8:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-10 20:54 [BUG] x86: apic: Possible null pointer dereference by apic_ack_edge William Breathitt Gray
2015-10-11  8:30 ` Thomas Gleixner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox