[PATCH 4/9] xen/events: Check that IRQ value passed in is valid.

From: Konrad Rzeszutek Wilk
Date: Tue Apr 16 2013 - 16:11:12 EST

Next message: Konrad Rzeszutek Wilk: "[PATCH] fixes for v3.10 in the CPU hotplug patch (v1)."
Previous message: Konrad Rzeszutek Wilk: "[PATCH 1/9] xen/smp: Fix leakage of timer interrupt line for every CPU online/offline."
In reply to: Konrad Rzeszutek Wilk: "[PATCH 1/9] xen/smp: Fix leakage of timer interrupt line for every CPU online/offline."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We naively assume that the IRQ value passed in is correct.
If it is not, then any dereference operation for the 'info'
structure will result in crash - so might as well guard ourselves
and sprinkle copious amounts of WARN_ON.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
---
drivers/xen/events.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/drivers/xen/events.c b/drivers/xen/events.c
index bb65f75..94daed1 100644
--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -515,6 +515,9 @@ static void xen_free_irq(unsigned irq)
{
struct irq_info *info = irq_get_handler_data(irq);

+ if (WARN_ON(!info))
+ return;
+
list_del(&info->list);

irq_set_handler_data(irq, NULL);
@@ -1003,6 +1006,9 @@ static void unbind_from_irq(unsigned int irq)
int evtchn = evtchn_from_irq(irq);
struct irq_info *info = irq_get_handler_data(irq);

+ if (WARN_ON(!info))
+ return;
+
mutex_lock(&irq_mapping_update_lock);

if (info->refcnt > 0) {
@@ -1130,6 +1136,10 @@ int bind_ipi_to_irqhandler(enum ipi_vector ipi,

void unbind_from_irqhandler(unsigned int irq, void *dev_id)
{
+ struct irq_info *info = irq_get_handler_data(irq);
+
+ if (WARN_ON(!info))
+ return;
free_irq(irq, dev_id);
unbind_from_irq(irq);
}
@@ -1441,6 +1451,9 @@ void rebind_evtchn_irq(int evtchn, int irq)
{
struct irq_info *info = info_for_irq(irq);

+ if (WARN_ON(!info))
+ return;
+
/* Make sure the irq is masked, since the new event channel
will also be masked. */
disable_irq(irq);
@@ -1714,7 +1727,12 @@ void xen_poll_irq(int irq)
int xen_test_irq_shared(int irq)
{
struct irq_info *info = info_for_irq(irq);
- struct physdev_irq_status_query irq_status = { .irq = info->u.pirq.pirq };
+ struct physdev_irq_status_query irq_status;
+
+ if (WARN_ON(!info))
+ return -ENOENT;
+
+ irq_status.irq = info->u.pirq.pirq;

if (HYPERVISOR_physdev_op(PHYSDEVOP_irq_status_query, &irq_status))
return 0;
--
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Konrad Rzeszutek Wilk: "[PATCH] fixes for v3.10 in the CPU hotplug patch (v1)."
Previous message: Konrad Rzeszutek Wilk: "[PATCH 1/9] xen/smp: Fix leakage of timer interrupt line for every CPU online/offline."
In reply to: Konrad Rzeszutek Wilk: "[PATCH 1/9] xen/smp: Fix leakage of timer interrupt line for every CPU online/offline."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]