diff options
author | Dean Nelson <dcn@sgi.com> | 2008-10-18 16:06:56 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-02-12 09:31:24 -0800 |
commit | 3b0ff5e98a8a987c657cb21ba206ffe8c359866b (patch) | |
tree | 2672d27c9e03fed5ab39a47c3449d91841e3f286 | |
parent | 55ffc07a92e9ecc7f67ed85b0fac5abfb0d075b0 (diff) | |
download | lwn-3b0ff5e98a8a987c657cb21ba206ffe8c359866b.tar.gz lwn-3b0ff5e98a8a987c657cb21ba206ffe8c359866b.zip |
genirq: NULL struct irq_desc's member 'name' in dynamic_irq_cleanup()
commit b6f3b7803a9231eddc36d0a2a6d2d8105ef89344 upstream.
If the member 'name' of the irq_desc structure happens to point to a
character string that is resident within a kernel module, problems ensue
if that module is rmmod'd (at which time dynamic_irq_cleanup() is called)
and then later show_interrupts() is called by someone.
It is also not a good thing if the character string resided in kmalloc'd
space that has been kfree'd (after having called dynamic_irq_cleanup()).
dynamic_irq_cleanup() fails to NULL the 'name' member and
show_interrupts() references it on a few architectures (like h8300, sh and
x86).
Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | kernel/irq/chip.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c index 3cd441ebf5d2..48c58fed6985 100644 --- a/kernel/irq/chip.c +++ b/kernel/irq/chip.c @@ -78,6 +78,7 @@ void dynamic_irq_cleanup(unsigned int irq) desc->chip_data = NULL; desc->handle_irq = handle_bad_irq; desc->chip = &no_irq_chip; + desc->name = NULL; spin_unlock_irqrestore(&desc->lock, flags); } |