diff options
| author | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2013-04-16 10:55:18 -0400 |
|---|---|---|
| committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2013-04-16 16:05:13 -0400 |
| commit | 94032c506720e26402db64987e08168565b57990 (patch) | |
| tree | d546dec5591a34940ccc7cebdf5362f4ec8fe0db /drivers/xen | |
| parent | 7918c92ae9638eb8a6ec18e2b4a0de84557cccc8 (diff) | |
xen/events: Check that IRQ value passed in is valid.
We naively assume that the IRQ value passed in is correct.
If it is not, then any dereference operation for the 'info'
structure will result in crash - so might as well guard ourselves
and sprinkle copious amounts of WARN_ON.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen')
| -rw-r--r-- | drivers/xen/events.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/drivers/xen/events.c b/drivers/xen/events.c index bb65f75e40a5..94daed14d474 100644 --- a/drivers/xen/events.c +++ b/drivers/xen/events.c | |||
| @@ -515,6 +515,9 @@ static void xen_free_irq(unsigned irq) | |||
| 515 | { | 515 | { |
| 516 | struct irq_info *info = irq_get_handler_data(irq); | 516 | struct irq_info *info = irq_get_handler_data(irq); |
| 517 | 517 | ||
| 518 | if (WARN_ON(!info)) | ||
| 519 | return; | ||
| 520 | |||
| 518 | list_del(&info->list); | 521 | list_del(&info->list); |
| 519 | 522 | ||
| 520 | irq_set_handler_data(irq, NULL); | 523 | irq_set_handler_data(irq, NULL); |
| @@ -1003,6 +1006,9 @@ static void unbind_from_irq(unsigned int irq) | |||
| 1003 | int evtchn = evtchn_from_irq(irq); | 1006 | int evtchn = evtchn_from_irq(irq); |
| 1004 | struct irq_info *info = irq_get_handler_data(irq); | 1007 | struct irq_info *info = irq_get_handler_data(irq); |
| 1005 | 1008 | ||
| 1009 | if (WARN_ON(!info)) | ||
| 1010 | return; | ||
| 1011 | |||
| 1006 | mutex_lock(&irq_mapping_update_lock); | 1012 | mutex_lock(&irq_mapping_update_lock); |
| 1007 | 1013 | ||
| 1008 | if (info->refcnt > 0) { | 1014 | if (info->refcnt > 0) { |
| @@ -1130,6 +1136,10 @@ int bind_ipi_to_irqhandler(enum ipi_vector ipi, | |||
| 1130 | 1136 | ||
| 1131 | void unbind_from_irqhandler(unsigned int irq, void *dev_id) | 1137 | void unbind_from_irqhandler(unsigned int irq, void *dev_id) |
| 1132 | { | 1138 | { |
| 1139 | struct irq_info *info = irq_get_handler_data(irq); | ||
| 1140 | |||
| 1141 | if (WARN_ON(!info)) | ||
| 1142 | return; | ||
| 1133 | free_irq(irq, dev_id); | 1143 | free_irq(irq, dev_id); |
| 1134 | unbind_from_irq(irq); | 1144 | unbind_from_irq(irq); |
| 1135 | } | 1145 | } |
| @@ -1441,6 +1451,9 @@ void rebind_evtchn_irq(int evtchn, int irq) | |||
| 1441 | { | 1451 | { |
| 1442 | struct irq_info *info = info_for_irq(irq); | 1452 | struct irq_info *info = info_for_irq(irq); |
| 1443 | 1453 | ||
| 1454 | if (WARN_ON(!info)) | ||
| 1455 | return; | ||
| 1456 | |||
| 1444 | /* Make sure the irq is masked, since the new event channel | 1457 | /* Make sure the irq is masked, since the new event channel |
| 1445 | will also be masked. */ | 1458 | will also be masked. */ |
| 1446 | disable_irq(irq); | 1459 | disable_irq(irq); |
| @@ -1714,7 +1727,12 @@ void xen_poll_irq(int irq) | |||
| 1714 | int xen_test_irq_shared(int irq) | 1727 | int xen_test_irq_shared(int irq) |
| 1715 | { | 1728 | { |
| 1716 | struct irq_info *info = info_for_irq(irq); | 1729 | struct irq_info *info = info_for_irq(irq); |
| 1717 | struct physdev_irq_status_query irq_status = { .irq = info->u.pirq.pirq }; | 1730 | struct physdev_irq_status_query irq_status; |
| 1731 | |||
| 1732 | if (WARN_ON(!info)) | ||
| 1733 | return -ENOENT; | ||
| 1734 | |||
| 1735 | irq_status.irq = info->u.pirq.pirq; | ||
| 1718 | 1736 | ||
| 1719 | if (HYPERVISOR_physdev_op(PHYSDEVOP_irq_status_query, &irq_status)) | 1737 | if (HYPERVISOR_physdev_op(PHYSDEVOP_irq_status_query, &irq_status)) |
| 1720 | return 0; | 1738 | return 0; |