Re: [PATCH] NULL struct irq_desc's member 'name' indynamic_irq_cleanup()

[Andrew Morton]

On Thu, 16 Oct 2008 07:58:08 -0500
Dean Nelson <dcn@xxxxxxx> wrote:

> If the member 'name' of the irq_desc structure happens to point to a character
> string that is resident within a kernel module, problems insue if that module
> is rmmod'd (at which time dynamic_irq_cleanup() is called) and then later
> show_interrupts() is called by someone.

It would be nice to spell out what the "problems" are.

> It is also not a good thing if the
> character string resided in kmalloc'd space that has been kfree'd (after
> having called dynamic_irq_cleanup()). dynamic_irq_cleanup() fails to NULL
> the 'name' member and show_interrupts() references it on a few architectures
> (like h8300, sh and x86).
> 
> Signed-off-by: Dean Nelson <dcn@xxxxxxx>
> 
> ---
> 
>  kernel/irq/chip.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> Index: linux/kernel/irq/chip.c
> ===================================================================
> --- linux.orig/kernel/irq/chip.c	2008-10-15 07:44:31.000000000 -0500
> +++ linux/kernel/irq/chip.c	2008-10-16 06:55:56.000000000 -0500
> @@ -79,6 +79,7 @@ void dynamic_irq_cleanup(unsigned int ir
>  	desc->chip_data = NULL;
>  	desc->handle_irq = handle_bad_irq;
>  	desc->chip = &no_irq_chip;
> +	desc->name = NULL;
>  	spin_unlock_irqrestore(&desc->lock, flags);
>  }
>  

Because we should work out whether this should be backported into
-stable.  And if so, how far back it should go.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/