From: Dmitry Adamushko Date: Tue, 8 May 2007 07:27:31 +0000 (-0700) Subject: kernel/irq/proc.c: unprotected iteration over the IRQ action list in name_unique() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d2d9433a4c84c9e7ed78d633fdbffb35d5afda17;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git kernel/irq/proc.c: unprotected iteration over the IRQ action list in name_unique() setup_irq() releases a desc->lock before calling register_handler_proc(), so the iteration over the IRQ action list is not protected. (akpm: the check itself is still racy, but at least it probably won't oops now). Cc: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c index 2db91eb54ad..ddde0ef9ccd 100644 --- a/kernel/irq/proc.c +++ b/kernel/irq/proc.c @@ -66,12 +66,19 @@ static int name_unique(unsigned int irq, struct irqaction *new_action) { struct irq_desc *desc = irq_desc + irq; struct irqaction *action; + unsigned long flags; + int ret = 1; - for (action = desc->action ; action; action = action->next) + spin_lock_irqsave(&desc->lock, flags); + for (action = desc->action ; action; action = action->next) { if ((action != new_action) && action->name && - !strcmp(new_action->name, action->name)) - return 0; - return 1; + !strcmp(new_action->name, action->name)) { + ret = 0; + break; + } + } + spin_unlock_irqrestore(&desc->lock, flags); + return ret; } void register_handler_proc(unsigned int irq, struct irqaction *action)