[PATCH] Fix crash with irqpoll due to the IRQF_IRQPOLL flag

Bernhard Walle Tue, 22 May 2007 01:40:54 -0700

o System crashes if booted with irqpoll command line option.

o Problem happens because Inside note_interrupt() we are accessing
  desc->action->flag without taking the desc->lock. While accessing it
  somebody goes ahead and unregisters the irq handler hence desc->action
  is NULL. By the time note_interrupt() checks it, it crashes.


o In that system it is irq 4 seriving to serial driver.

o Take the desc->lock before accessing desc->action->flag.

Signed-off-by: Bernhard Walle <[EMAIL PROTECTED]>
Signed-off-by: Vivek Goyal <[EMAIL PROTECTED]>
---

 linux-2.6.21-git12-root/kernel/irq/spurious.c |   23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff -puN kernel/irq/spurious.c~fix-irqpoll-crash kernel/irq/spurious.c
--- linux-2.6.21-git12/kernel/irq/spurious.c~fix-irqpoll-crash  2007-05-17 
17:36:50.000000000 +0530
+++ linux-2.6.21-git12-root/kernel/irq/spurious.c       2007-05-17 
17:53:52.000000000 +0530
@@ -138,6 +138,8 @@ report_bad_irq(unsigned int irq, struct 
 void note_interrupt(unsigned int irq, struct irq_desc *desc,
                    irqreturn_t action_ret)
 {
+       int call_misrouted_irq = 0;
+
        if (unlikely(action_ret != IRQ_HANDLED)) {
                desc->irqs_unhandled++;
                if (unlikely(action_ret != IRQ_NONE))
@@ -146,9 +148,24 @@ void note_interrupt(unsigned int irq, st
 
        if (unlikely(irqfixup)) {
                /* Don't punish working computers */
-               if ((irqfixup == 2 && ((irq == 0) ||
-                               (desc->action->flags & IRQF_IRQPOLL))) ||
-                               action_ret == IRQ_NONE) {
+               if (action_ret == IRQ_NONE)
+                       /* Nobody handled irq. Possibly a misrouted one. */
+                       call_misrouted_irq = 1;
+               else if (irqfixup == 2) {
+                       /* irqpoll is enabled. Is this the irq driving
+                        * polling.
+                        */
+                       if (irq == 0)
+                               call_misrouted_irq = 1;
+                       else {
+                               spin_lock(&desc->lock);
+                               if (desc->action &&
+                                       (desc->action->flags & IRQF_IRQPOLL))
+                                       call_misrouted_irq = 1;
+                               spin_unlock(&desc->lock);
+                       }
+               }
+               if (call_misrouted_irq) {
                        int ok = misrouted_irq(irq);
                        if (action_ret == IRQ_NONE)
                                desc->irqs_unhandled -= ok;
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] Fix crash with irqpoll due to the IRQF_IRQPOLL flag

Reply via email to