sh/intc: Fix potential race in installing chained IRQ handler
authorThomas Gleixner <tglx@linutronix.de>
Mon, 22 Jun 2015 09:31:34 +0000 (11:31 +0200)
committerThomas Gleixner <tglx@linutronix.de>
Thu, 25 Jun 2015 09:57:19 +0000 (11:57 +0200)
Fix a race where a pending interrupt could be received and the handler
called before the handler's data has been setup, by moving the call to
irq_set_chained_handler() after the function which sets up the handler
data.

Found by code inspection.

Reported-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Simon Horman <horms@verge.net.au>
Cc: Magnus Damm <magnus.damm@gmail.com>
Cc: linux-sh@vger.kernel.org
drivers/sh/intc/virq.c

index f30ac9354ff248f316fb96a26d534884faa8bf5d..f5f1b821241afc92e6854788262d13f665a0dd45 100644 (file)
@@ -243,8 +243,9 @@ restart:
                 */
                irq_set_nothread(irq);
 
-               irq_set_chained_handler(entry->pirq, intc_virq_handler);
+               /* Set handler data before installing the handler */
                add_virq_to_pirq(entry->pirq, irq);
+               irq_set_chained_handler(entry->pirq, intc_virq_handler);
 
                radix_tree_tag_clear(&d->tree, entry->enum_id,
                                     INTC_TAG_VIRQ_NEEDS_ALLOC);