IRQ parameters for the SoC devices connected directly to I/O APIC lines
(without PCI IRQ routing) may be specified in the Device Tree.
Called from DT IRQ parser, irq_create_fwspec_mapping() calls
irq_domain_alloc_irqs() with a pointer to irq_fwspec structure as @arg.
But x86-specific DT IRQ allocation code casts @arg to of_phandle_args
structure pointer and crashes trying to read the IRQ parameters.

Signed-off-by: Ivan Gorinov <ivan.gori...@intel.com>
---
 arch/x86/kernel/devicetree.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/devicetree.c b/arch/x86/kernel/devicetree.c
index 63d2ebc..5cd387f 100644
--- a/arch/x86/kernel/devicetree.c
+++ b/arch/x86/kernel/devicetree.c
@@ -195,19 +195,22 @@ static struct of_ioapic_type of_ioapic_type[] =
 static int dt_irqdomain_alloc(struct irq_domain *domain, unsigned int virq,
                              unsigned int nr_irqs, void *arg)
 {
-       struct of_phandle_args *irq_data = (void *)arg;
+       struct irq_fwspec *fwspec = (struct irq_fwspec *)arg;
        struct of_ioapic_type *it;
        struct irq_alloc_info tmp;
+       int type_index;
 
-       if (WARN_ON(irq_data->args_count < 2))
+       if (WARN_ON(fwspec->param_count < 2))
                return -EINVAL;
-       if (irq_data->args[1] >= ARRAY_SIZE(of_ioapic_type))
+
+       type_index = fwspec->param[1];
+       if (type_index >= ARRAY_SIZE(of_ioapic_type))
                return -EINVAL;
 
-       it = &of_ioapic_type[irq_data->args[1]];
+       it = &of_ioapic_type[type_index];
        ioapic_set_alloc_attr(&tmp, NUMA_NO_NODE, it->trigger, it->polarity);
        tmp.ioapic_id = mpc_ioapic_id(mp_irqdomain_ioapic_idx(domain));
-       tmp.ioapic_pin = irq_data->args[0];
+       tmp.ioapic_pin = fwspec->param[0];
 
        return mp_irqdomain_alloc(domain, virq, nr_irqs, &tmp);
 }
-- 
2.7.4

Reply via email to