cpumask: fix bug in use cpumask_var_t in irq_desc

Impact: fix bug where new irq_desc uses old cpumask pointers which are freed.

As Yinghai pointed out, init_copy_one_irq_desc() copies the old desc to
the new desc overwriting the cpumask pointers.  Since the old_desc and
the cpumask pointers are freed, then memory corruption will occur if
these old pointers are used.

Move the allocation of these pointers to after the copy.

Signed-off-by: Mike Travis <travis@sgi.com>
Cc: Yinghai Lu <yinghai@kernel.org>

1 files changed, 1 insertions, 7 deletions

diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
index b8fa1354f01c..f01c0a30cb42 100644
--- a/kernel/irq/handle.c
+++ b/kernel/irq/handle.c
@@ -85,8 +85,6 @@ void init_kstat_irqs(struct irq_desc *desc, int cpu, int nr)
 
 static void init_one_irq_desc(int irq, struct irq_desc *desc, int cpu)
 {
-        int node = cpu_to_node(cpu);
-
         memcpy(desc, &irq_desc_init, sizeof(struct irq_desc));
 
         spin_lock_init(&desc->lock);
@@ -100,7 +98,7 @@ static void init_one_irq_desc(int irq, struct irq_desc *desc, int cpu)
                 printk(KERN_ERR "can not alloc kstat_irqs\n");
                 BUG_ON(1);
         }
-        if (!init_alloc_desc_masks(desc, node, false)) {
+        if (!init_alloc_desc_masks(desc, cpu, false)) {
                 printk(KERN_ERR "can not alloc irq_desc cpumasks\n");
                 BUG_ON(1);
         }
@@ -188,10 +186,6 @@ struct irq_desc *irq_to_desc_alloc_cpu(unsigned int irq, int cpu)
                 printk(KERN_ERR "can not alloc irq_desc\n");
                 BUG_ON(1);
         }
-        if (!init_alloc_desc_masks(desc, node, false)) {
-                printk(KERN_ERR "can not alloc irq_desc cpumasks\n");
-                BUG_ON(1);
-        }
         init_one_irq_desc(irq, desc, cpu);
 
         irq_desc_ptrs[irq] = desc;