The driver currently sets the handler data and the chained handler in two separate steps. This creates a theoretical race window where an interrupt could fire after the handler is set but before the data is assigned, leading to a NULL pointer dereference.
Replace the two calls with irq_set_chained_handler_and_data() to set both the handler and its data atomically under the irq_desc->lock. Signed-off-by: Chen Ni <[email protected]> --- drivers/soc/fsl/qe/qe_ports_ic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/soc/fsl/qe/qe_ports_ic.c b/drivers/soc/fsl/qe/qe_ports_ic.c index 61dd09fec6f6..8e2107e2cde5 100644 --- a/drivers/soc/fsl/qe/qe_ports_ic.c +++ b/drivers/soc/fsl/qe/qe_ports_ic.c @@ -114,8 +114,7 @@ static int qepic_probe(struct platform_device *pdev) if (!data->host) return -ENODEV; - irq_set_handler_data(irq, data); - irq_set_chained_handler(irq, qepic_cascade); + irq_set_chained_handler_and_data(irq, qepic_cascade, data); return 0; } -- 2.25.1
