[PATCH] NULL struct irq_desc's member 'name' in dynamic_irq_cleanup()

From: Dean Nelson
Date: Thu Oct 16 2008 - 08:58:22 EST

If the member 'name' of the irq_desc structure happens to point to a character
string that is resident within a kernel module, problems insue if that module
is rmmod'd (at which time dynamic_irq_cleanup() is called) and then later
show_interrupts() is called by someone. It is also not a good thing if the
character string resided in kmalloc'd space that has been kfree'd (after
having called dynamic_irq_cleanup()). dynamic_irq_cleanup() fails to NULL
the 'name' member and show_interrupts() references it on a few architectures
(like h8300, sh and x86).

Signed-off-by: Dean Nelson <dcn@xxxxxxx>


kernel/irq/chip.c | 1 +
1 file changed, 1 insertion(+)

Index: linux/kernel/irq/chip.c
--- linux.orig/kernel/irq/chip.c 2008-10-15 07:44:31.000000000 -0500
+++ linux/kernel/irq/chip.c 2008-10-16 06:55:56.000000000 -0500
@@ -79,6 +79,7 @@ void dynamic_irq_cleanup(unsigned int ir
desc->chip_data = NULL;
desc->handle_irq = handle_bad_irq;
desc->chip = &no_irq_chip;
+ desc->name = NULL;
spin_unlock_irqrestore(&desc->lock, flags);

