Re: [PATCH] irqchip: ti-sci-inta: Fix kernel crash if irq_create_fwspec_mapping fail

From: Marc Zyngier
Date: Tue Jun 04 2019 - 06:36:41 EST


On 04/06/2019 11:17, Peter Ujfalusi wrote:
> irq_create_fwspec_mapping() can fail, returning 0 as parent_virq. In this
> case vint_desc is going to be NULL in ti_sci_inta_alloc_irq() which will
> cause NULL pointer dereference.
>
> Also note that irq_create_fwspec_mapping() returns 'unsigned int' so the
> check '<=' was wrong.
>
> Use -EINVAL if irq_create_fwspec_mapping() returned with 0.
>
> Signed-off-by: Peter Ujfalusi <peter.ujfalusi@xxxxxx>
> ---
> drivers/irqchip/irq-ti-sci-inta.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/irqchip/irq-ti-sci-inta.c b/drivers/irqchip/irq-ti-sci-inta.c
> index 011b60a49e3f..ef4d625d2d80 100644
> --- a/drivers/irqchip/irq-ti-sci-inta.c
> +++ b/drivers/irqchip/irq-ti-sci-inta.c
> @@ -159,9 +159,9 @@ static struct ti_sci_inta_vint_desc *ti_sci_inta_alloc_parent_irq(struct irq_dom
> parent_fwspec.param[1] = vint_desc->vint_id;
>
> parent_virq = irq_create_fwspec_mapping(&parent_fwspec);
> - if (parent_virq <= 0) {
> + if (parent_virq == 0) {
> kfree(vint_desc);
> - return ERR_PTR(parent_virq);
> + return ERR_PTR(-EINVAL);
> }
> vint_desc->parent_virq = parent_virq;
>
>

Nice one. I've queued it as part of the stuff I need to send to Thomas
at the end of the week.

Thanks,

M.
--
Jazz is not dead. It just smells funny...