From: Thomas Gleixner Date: Tue, 23 Mar 2010 21:40:53 +0000 (+0100) Subject: genirq: Protect access to irq_desc->action in can_request_irq() X-Git-Tag: MMI-PSA29.97-13-9~24265^2~1 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cc8c3b78433222e5dbc1fdfcfdde29e1743f181a;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git genirq: Protect access to irq_desc->action in can_request_irq() can_request_irq() accesses and dereferences irq_desc->action w/o holding irq_desc->lock. So action can be freed on another CPU before it's dereferenced. Unlikely, but ... Protect it with desc->lock. Signed-off-by: Thomas Gleixner --- diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c index 69a3d7b9414c..398fda155f6e 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -382,6 +382,7 @@ int can_request_irq(unsigned int irq, unsigned long irqflags) { struct irq_desc *desc = irq_to_desc(irq); struct irqaction *action; + unsigned long flags; if (!desc) return 0; @@ -389,11 +390,14 @@ int can_request_irq(unsigned int irq, unsigned long irqflags) if (desc->status & IRQ_NOREQUEST) return 0; + raw_spin_lock_irqsave(&desc->lock, flags); action = desc->action; if (action) if (irqflags & action->flags & IRQF_SHARED) action = NULL; + raw_spin_unlock_irqrestore(&desc->lock, flags); + return !action; }