Re: null pointer dereference error in timer-sun5i.c

[Maxime Ripard]

Hi,

On Mon, Feb 16, 2015 at 04:36:06PM +0900, ëìë wrote:
> Hello. My name is Yongbae Park.
> 
> I would like to report a possible null pointer dereference error at
> sun5i_timer_interrupt() in drivers/clocksource/timer-sun5i.c (version:
> 3.19-rc5). The null pointer dereference error occurs if the interrupt
> handler sun5i_timer_interrupt() accesses evt->event_handler (line 128) when
> evt->event_handler is null and not defined by sun5i_timer_init().
> 
> sun5i_timer_init() first registers sun5i_timer_interrupt() as the interrupt
> handler at line 181, and then defines the clockevent handler at line 192.
> As a consequence, the interrupt handler can be executed before the
> clockevent handler definition when an interrupt occurs between line 181 and
> line 192. The detail error scenario is the following:

That's very true. Thanks for reporting it.

However, this shouldn't really happen in real life, since the hstimer
are never used by the bootloader (which means that we don't have a
running timer already), and that this isn't the default timer as well
(so we don't program it either).

The only case where this could happen (in the default case), would be
a spurious interrupt.

Did you encounter this bug in real life?

Would you care to make a patch for this issue, similar to the patches
you pointed at, since you're the one who found this issue?

Thanks,
Maxime

-- 
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

Attachment: signature.asc
Description: Digital signature