www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Thomas Tai <thomas.tai@oracle.com>
	Thu, 10 Nov 2016 20:10:17 +0000 (12:10 -0800)
committer	Allen Pais <allen.pais@oracle.com>
	Sun, 22 Jan 2017 15:37:07 +0000 (21:07 +0530)
commit	c9ebbc31544202515d53644a0a48f2cfc0df4d4c
tree	8a000fc99e9d13d9cabb09201f4ce21fc9dce9db	tree
parent	9c7c9046d76093285e620e52f9c030aa014d4348	commit \| diff

sparc64: fix sun4v_build_irq NULL pointer dereference

sun4v_build_irq assume the given irq number is valid and use
it to get the handler pointer, the pointer is dereference
without being checked and cause kernel panic.

The cause of the invalid irq is that the tx/rx irq have never
been free during device removal. irq number end up exhausted during
continuous device add/removal test.

tx/rx irq is allocated during vio_device_probe() using irq_alloc()
and cookie_assign(). To free the tx/rx irq, cookie_unassign() and
irq_free() is called when the device is removed.

Orabug: 23082240

Signed-off-by: Thomas Tai <thomas.tai@oracle.com>
Reviewed-by: Chris Hyser <chris.hyser@oracle.com>
(cherry picked from commit 80043637b8fb1eabc16ab5947019f4dcdbb8c79f)
Signed-off-by: Allen Pais <allen.pais@oracle.com>

arch/sparc/include/asm/irq_64.h		diff \| blob \| history
arch/sparc/kernel/irq_64.c		diff \| blob \| history
arch/sparc/kernel/vio.c		diff \| blob \| history