lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 Oct 2023 17:03:35 +0200
From:   Herve Codina <herve.codina@...tlin.com>
To:     Thomas Gleixner <tglx@...utronix.de>, Marc Zyngier <maz@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        Allan Nielsen <allan.nielsen@...rochip.com>,
        Horatiu Vultur <horatiu.vultur@...rochip.com>,
        Steen Hegelund <steen.hegelund@...rochip.com>,
        Thomas Petazzoni <thomas.petazzoni@...tlin.com>,
        Herve Codina <herve.codina@...tlin.com>, stable@...r.kernel.org
Subject: [PATCH 1/1] genirq/generic_chip: Fix irq_remove_generic_chip() when an irq domain is used

irq_remove_generic_chip() can call (depending on the msk parameter
value) several operations on irqs based on gc->irq_base such as
irq_set_handler(irq, NULL) to remove an handler.

When the generic chip is present in an irq domain (created with a call
to irq_alloc_domain_generic_chips()), gc->irq_base is the base hardware
irq for this chip. It is set to 0 for the first chip in the domain,
0 + n for the next chip (with n the number of hardware irqs per chip)
and so on.
In that case, the operations done on irqs based on gc->irq_base touch
some irqs not related to the chip nor the domain breaking some unrelated
components in the system.

In order to avoid touching these "outside" irqs, take care of the domain
irq mapping and translate the chip hardware irq to an irq number
suitable for the several operations done.

Fixes: cfefd21e693d ("genirq: Add chip suspend and resume callbacks")
Cc: stable@...r.kernel.org
Signed-off-by: Herve Codina <herve.codina@...tlin.com>
---
 kernel/irq/generic-chip.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/kernel/irq/generic-chip.c b/kernel/irq/generic-chip.c
index c653cd31548d..494584e25ef4 100644
--- a/kernel/irq/generic-chip.c
+++ b/kernel/irq/generic-chip.c
@@ -544,21 +544,28 @@ EXPORT_SYMBOL_GPL(irq_setup_alt_chip);
 void irq_remove_generic_chip(struct irq_chip_generic *gc, u32 msk,
 			     unsigned int clr, unsigned int set)
 {
-	unsigned int i = gc->irq_base;
+	unsigned int irq;
+	unsigned int i;
 
 	raw_spin_lock(&gc_lock);
 	list_del(&gc->list);
 	raw_spin_unlock(&gc_lock);
 
-	for (; msk; msk >>= 1, i++) {
+	for (i = 0; msk; msk >>= 1, i++) {
 		if (!(msk & 0x01))
 			continue;
 
+		irq = gc->domain ?
+			irq_find_mapping(gc->domain, gc->irq_base + i) :
+			gc->irq_base + i;
+		if (!irq)
+			continue;
+
 		/* Remove handler first. That will mask the irq line */
-		irq_set_handler(i, NULL);
-		irq_set_chip(i, &no_irq_chip);
-		irq_set_chip_data(i, NULL);
-		irq_modify_status(i, clr, set);
+		irq_set_handler(irq, NULL);
+		irq_set_chip(irq, &no_irq_chip);
+		irq_set_chip_data(irq, NULL);
+		irq_modify_status(irq, clr, set);
 	}
 }
 EXPORT_SYMBOL_GPL(irq_remove_generic_chip);
-- 
2.41.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ