From beab99fe835be1d9ef1112dabdae3aa417126430 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Mon, 22 Jun 2015 11:31:34 +0200 Subject: sh/intc: Fix potential race in installing chained IRQ handler Fix a race where a pending interrupt could be received and the handler called before the handler's data has been setup, by moving the call to irq_set_chained_handler() after the function which sets up the handler data. Found by code inspection. Reported-by: Russell King Signed-off-by: Thomas Gleixner Cc: Simon Horman Cc: Magnus Damm Cc: linux-sh@vger.kernel.org --- drivers/sh/intc/virq.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/sh') diff --git a/drivers/sh/intc/virq.c b/drivers/sh/intc/virq.c index f30ac9354ff2..f5f1b821241a 100644 --- a/drivers/sh/intc/virq.c +++ b/drivers/sh/intc/virq.c @@ -243,8 +243,9 @@ restart: */ irq_set_nothread(irq); - irq_set_chained_handler(entry->pirq, intc_virq_handler); + /* Set handler data before installing the handler */ add_virq_to_pirq(entry->pirq, irq); + irq_set_chained_handler(entry->pirq, intc_virq_handler); radix_tree_tag_clear(&d->tree, entry->enum_id, INTC_TAG_VIRQ_NEEDS_ALLOC); -- cgit v1.2.3 From 51b971b1b93ab5d1d2e9205c9752c8ffbbcfe303 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Sun, 21 Jun 2015 20:16:21 +0200 Subject: sh/intc: Fix race in installing chained IRQ handler Fix a race where a pending interrupt could be received and the handler called before the handler's data has been setup, by converting to irq_set_chained_handler_and_data(). Search and conversion was done with coccinelle: @@ expression E1, E2, E3; @@ ( -if (irq_set_chained_handler(E1, E3) != 0) - BUG(); | -irq_set_chained_handler(E1, E3); ) -irq_set_handler_data(E1, E2); +irq_set_chained_handler_and_data(E1, E3, E2); @@ expression E1, E2, E3; @@ ( -if (irq_set_chained_handler(E1, E3) != 0) - BUG(); ... | -irq_set_chained_handler(E1, E3); ... ) -irq_set_handler_data(E1, E2); +irq_set_chained_handler_and_data(E1, E3, E2); Reported-by: Russell King Signed-off-by: Thomas Gleixner Cc: Julia Lawall Cc: Simon Horman Cc: Magnus Damm Cc: linux-sh@vger.kernel.org --- drivers/sh/intc/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'drivers/sh') diff --git a/drivers/sh/intc/core.c b/drivers/sh/intc/core.c index 81f22980b2de..156b790072b4 100644 --- a/drivers/sh/intc/core.c +++ b/drivers/sh/intc/core.c @@ -366,8 +366,9 @@ int __init register_intc_controller(struct intc_desc *desc) /* redirect this interrupts to the first one */ irq_set_chip(irq2, &dummy_irq_chip); - irq_set_chained_handler(irq2, intc_redirect_irq); - irq_set_handler_data(irq2, (void *)irq); + irq_set_chained_handler_and_data(irq2, + intc_redirect_irq, + (void *)irq); } } -- cgit v1.2.3