diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2017-05-11 13:54:11 +0200 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2017-05-16 15:03:26 +0200 |
| commit | 2c4569ca26986d18243f282dd727da27e9adae4c (patch) | |
| tree | 652e30a6fcebe62430b643891f8a1cd2b31396eb /kernel | |
| parent | 9459a04b6a5a09967eec94a1b66f0a74312819d9 (diff) | |
| download | linux-0-day-2c4569ca26986d18243f282dd727da27e9adae4c.tar.gz linux-0-day-2c4569ca26986d18243f282dd727da27e9adae4c.tar.xz | |
genirq: Fix chained interrupt data ordering
irq_set_chained_handler_and_data() sets up the chained interrupt and then
stores the handler data.
That's racy against an immediate interrupt which gets handled before the
store of the handler data happened. The handler will dereference a NULL
pointer and crash.
Cure it by storing handler data before installing the chained handler.
Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/irq/chip.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c index 686be4b730188..c94da688ee9b3 100644 --- a/kernel/irq/chip.c +++ b/kernel/irq/chip.c @@ -880,8 +880,8 @@ irq_set_chained_handler_and_data(unsigned int irq, irq_flow_handler_t handle, if (!desc) return; - __irq_do_set_handler(desc, handle, 1, NULL); desc->irq_common_data.handler_data = data; + __irq_do_set_handler(desc, handle, 1, NULL); irq_put_desc_busunlock(desc, flags); } |