tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

gpio/msic: Fix race in installing chained IRQ handler

Fix a race where a pending interrupt could be received and the handler
called before the handler's data has been setup, by converting to
irq_set_chained_handler_and_data().

Search and conversion was done with coccinelle:

@@
expression E1, E2, E3;
@@
(
-if (irq_set_chained_handler(E1, E3) != 0)
- BUG();
|
-irq_set_chained_handler(E1, E3);
)
-irq_set_handler_data(E1, E2);
+irq_set_chained_handler_and_data(E1, E3, E2);

@@
expression E1, E2, E3;
@@
(
-if (irq_set_chained_handler(E1, E3) != 0)
- BUG();
...
|
-irq_set_chained_handler(E1, E3);
...
)
-irq_set_handler_data(E1, E2);
+irq_set_chained_handler_and_data(E1, E3, E2);

Reported-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Alexandre Courbot <gnurou@gmail.com>
Cc: linux-gpio@vger.kernel.org

Thomas Gleixner 3fb250ed 6218b88d

+1 -2
+1 -2
drivers/gpio/gpio-msic.c
··· 309 309 &msic_irqchip, 310 310 handle_simple_irq); 311 311 } 312 - irq_set_chained_handler(mg->irq, msic_gpio_irq_handler); 313 - irq_set_handler_data(mg->irq, mg); 312 + irq_set_chained_handler_and_data(mg->irq, msic_gpio_irq_handler, mg); 314 313 315 314 return 0; 316 315 err: