[tip:irq/urgent] genirq: Prevent race between free_irq() and handle_IRQ_event()
From: tip-bot for Thomas Gleixner
Date: Wed Aug 12 2009 - 11:52:28 EST
Commit-ID: 84b277af44cadb263d8d588b0c0b7d5d85f5bc2a
Gitweb: http://git.kernel.org/tip/84b277af44cadb263d8d588b0c0b7d5d85f5bc2a
Author: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
AuthorDate: Wed, 12 Aug 2009 17:22:02 +0200
Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitDate: Wed, 12 Aug 2009 17:24:16 +0200
genirq: Prevent race between free_irq() and handle_IRQ_event()
If an interrupt is freed we do not check whether the interrupt is in
progress when we remove the action from the action chain. With
threaded handlers this can race against wake_up_process(action->thread)
in handle_IRQ_event and wake_up_process() might dereference a NULL
pointer.
Check action->thread before we call wake_up_process()
LKML-Reference: <new-submission>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
kernel/irq/handle.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
index 065205b..4e7f17a 100644
--- a/kernel/irq/handle.c
+++ b/kernel/irq/handle.c
@@ -403,8 +403,16 @@ irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action)
*/
if (likely(!test_bit(IRQTF_DIED,
&action->thread_flags))) {
+ struct task_struct *tsk = action->thread;
+
set_bit(IRQTF_RUNTHREAD, &action->thread_flags);
- wake_up_process(action->thread);
+ /*
+ * Check tsk as we might race against
+ * free_irq which sets action->thread
+ * to NULL
+ */
+ if (tsk)
+ wake_up_process(tsk);
}
/* Fall through to add to randomness */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/