lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <176829475523.510.14507156182002572447.tip-bot2@tip-bot2>
Date: Tue, 13 Jan 2026 08:59:15 -0000
From: "tip-bot2 for Luo Haiyang" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Luo Haiyang <luo.haiyang@....com.cn>, Thomas Gleixner <tglx@...nel.org>,
 x86@...nel.org, linux-kernel@...r.kernel.org, maz@...nel.org
Subject: [tip: irq/urgent] irqchip/riscv-imsic: Revert "Remove redundant
 irq_data lookups"

The following commit has been merged into the irq/urgent branch of tip:

Commit-ID:     f2edf797dab185cce439e5bc5185fe20dd536300
Gitweb:        https://git.kernel.org/tip/f2edf797dab185cce439e5bc5185fe20dd536300
Author:        Luo Haiyang <luo.haiyang@....com.cn>
AuthorDate:    Tue, 13 Jan 2026 11:19:30 +08:00
Committer:     Thomas Gleixner <tglx@...nel.org>
CommitterDate: Tue, 13 Jan 2026 09:51:46 +01:00

irqchip/riscv-imsic: Revert "Remove redundant irq_data lookups"

Commit c475c0b71314("irqchip/riscv-imsic: Remove redundant irq_data
lookups") leads to a NULL pointer deference in imsic_msi_update_msg():

 virtio_blk virtio1: 8/0/0 default/read/poll queues
 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
 Current kworker/u32:2 pgtable: 4K pagesize, 48-bit VAs, pgdp=0x0000000081c33000
 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
 CPU: 5 UID: 0 PID: 75 Comm: kworker/u32:2 Not tainted 6.19.0-rc4-next-20260109 #1 NONE
 epc : 0x0
  ra : imsic_irq_set_affinity+0x110/0x130

The irq_data argument of imsic_irq_set_affinity() is associated with the
imsic domain and not with the top-level MSI domain. As a consequence the
code dereferences the wrong interrupt chip, which has the
irq_write_msi_msg() callback not populated.

Signed-off-by: Luo Haiyang <luo.haiyang@....com.cn>
Signed-off-by: Thomas Gleixner <tglx@...nel.org>
Link: https://patch.msgid.link/20260113111930821RrC26avITHWSFCN0bYbgI@zte.com.cn
---
 drivers/irqchip/irq-riscv-imsic-platform.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/irqchip/irq-riscv-imsic-platform.c b/drivers/irqchip/irq-riscv-imsic-platform.c
index 7228a33..643c8e4 100644
--- a/drivers/irqchip/irq-riscv-imsic-platform.c
+++ b/drivers/irqchip/irq-riscv-imsic-platform.c
@@ -158,11 +158,11 @@ static int imsic_irq_set_affinity(struct irq_data *d, const struct cpumask *mask
 		tmp_vec.local_id = new_vec->local_id;
 
 		/* Point device to the temporary vector */
-		imsic_msi_update_msg(d, &tmp_vec);
+		imsic_msi_update_msg(irq_get_irq_data(d->irq), &tmp_vec);
 	}
 
 	/* Point device to the new vector */
-	imsic_msi_update_msg(d, new_vec);
+	imsic_msi_update_msg(irq_get_irq_data(d->irq), new_vec);
 
 	/* Update irq descriptors with the new vector */
 	d->chip_data = new_vec;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ