Commit 32a4f37b authored by Thomas Gleixner's avatar Thomas Gleixner Committed by Greg Kroah-Hartman

XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN...

XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information.

commit c330fb1d upstream.

handler data is meant for interrupt handlers and not for storing irq chip
specific information as some devices require handler data to store internal
per interrupt information, e.g. pinctrl/GPIO chained interrupt handlers.

This obviously creates a conflict of interests and crashes the machine
because the XEN pointer is overwritten by the driver pointer.

As the XEN data is not handler specific it should be stored in
irqdesc::irq_data::chip_data instead.

A simple sed s/irq_[sg]et_handler_data/irq_[sg]et_chip_data/ cures that.

Cc: stable@vger.kernel.org
Reported-by: default avatarRoman Shaposhnik <roman@zededa.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Tested-by: default avatarRoman Shaposhnik <roman@zededa.com>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/87lfi2yckt.fsf@nanos.tec.linutronix.deSigned-off-by: default avatarJuergen Gross <jgross@suse.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7c3d77a3
...@@ -154,7 +154,7 @@ int get_evtchn_to_irq(unsigned evtchn) ...@@ -154,7 +154,7 @@ int get_evtchn_to_irq(unsigned evtchn)
/* Get info for IRQ */ /* Get info for IRQ */
struct irq_info *info_for_irq(unsigned irq) struct irq_info *info_for_irq(unsigned irq)
{ {
return irq_get_handler_data(irq); return irq_get_chip_data(irq);
} }
/* Constructors for packed IRQ information. */ /* Constructors for packed IRQ information. */
...@@ -375,7 +375,7 @@ static void xen_irq_init(unsigned irq) ...@@ -375,7 +375,7 @@ static void xen_irq_init(unsigned irq)
info->type = IRQT_UNBOUND; info->type = IRQT_UNBOUND;
info->refcnt = -1; info->refcnt = -1;
irq_set_handler_data(irq, info); irq_set_chip_data(irq, info);
list_add_tail(&info->list, &xen_irq_list_head); list_add_tail(&info->list, &xen_irq_list_head);
} }
...@@ -424,14 +424,14 @@ static int __must_check xen_allocate_irq_gsi(unsigned gsi) ...@@ -424,14 +424,14 @@ static int __must_check xen_allocate_irq_gsi(unsigned gsi)
static void xen_free_irq(unsigned irq) static void xen_free_irq(unsigned irq)
{ {
struct irq_info *info = irq_get_handler_data(irq); struct irq_info *info = irq_get_chip_data(irq);
if (WARN_ON(!info)) if (WARN_ON(!info))
return; return;
list_del(&info->list); list_del(&info->list);
irq_set_handler_data(irq, NULL); irq_set_chip_data(irq, NULL);
WARN_ON(info->refcnt > 0); WARN_ON(info->refcnt > 0);
...@@ -601,7 +601,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); ...@@ -601,7 +601,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi);
static void __unbind_from_irq(unsigned int irq) static void __unbind_from_irq(unsigned int irq)
{ {
int evtchn = evtchn_from_irq(irq); int evtchn = evtchn_from_irq(irq);
struct irq_info *info = irq_get_handler_data(irq); struct irq_info *info = irq_get_chip_data(irq);
if (info->refcnt > 0) { if (info->refcnt > 0) {
info->refcnt--; info->refcnt--;
...@@ -1105,7 +1105,7 @@ int bind_ipi_to_irqhandler(enum ipi_vector ipi, ...@@ -1105,7 +1105,7 @@ int bind_ipi_to_irqhandler(enum ipi_vector ipi,
void unbind_from_irqhandler(unsigned int irq, void *dev_id) void unbind_from_irqhandler(unsigned int irq, void *dev_id)
{ {
struct irq_info *info = irq_get_handler_data(irq); struct irq_info *info = irq_get_chip_data(irq);
if (WARN_ON(!info)) if (WARN_ON(!info))
return; return;
...@@ -1139,7 +1139,7 @@ int evtchn_make_refcounted(unsigned int evtchn) ...@@ -1139,7 +1139,7 @@ int evtchn_make_refcounted(unsigned int evtchn)
if (irq == -1) if (irq == -1)
return -ENOENT; return -ENOENT;
info = irq_get_handler_data(irq); info = irq_get_chip_data(irq);
if (!info) if (!info)
return -ENOENT; return -ENOENT;
...@@ -1167,7 +1167,7 @@ int evtchn_get(unsigned int evtchn) ...@@ -1167,7 +1167,7 @@ int evtchn_get(unsigned int evtchn)
if (irq == -1) if (irq == -1)
goto done; goto done;
info = irq_get_handler_data(irq); info = irq_get_chip_data(irq);
if (!info) if (!info)
goto done; goto done;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment