提交 b6f3b780 编写于 作者: D Dean Nelson 提交者: Ingo Molnar

genirq: NULL struct irq_desc's member 'name' in dynamic_irq_cleanup()

If the member 'name' of the irq_desc structure happens to point to a
character string that is resident within a kernel module, problems ensue
if that module is rmmod'd (at which time dynamic_irq_cleanup() is called)
and then later show_interrupts() is called by someone.

It is also not a good thing if the character string resided in kmalloc'd
space that has been kfree'd (after having called dynamic_irq_cleanup()).
dynamic_irq_cleanup() fails to NULL the 'name' member and
show_interrupts() references it on a few architectures (like h8300, sh and
x86).
Signed-off-by: NDean Nelson <dcn@sgi.com>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
上级 e9f95e63
...@@ -76,6 +76,7 @@ void dynamic_irq_cleanup(unsigned int irq) ...@@ -76,6 +76,7 @@ void dynamic_irq_cleanup(unsigned int irq)
desc->chip_data = NULL; desc->chip_data = NULL;
desc->handle_irq = handle_bad_irq; desc->handle_irq = handle_bad_irq;
desc->chip = &no_irq_chip; desc->chip = &no_irq_chip;
desc->name = NULL;
spin_unlock_irqrestore(&desc->lock, flags); spin_unlock_irqrestore(&desc->lock, flags);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册