[BUG] x86: apic: Possible null pointer dereference by apic_ack_edge

From: William Breathitt Gray
Date: Sat Oct 10 2015 - 16:55:37 EST

Next message: Dan Williams: "Re: [PATCH v2 11/20] kvm: rename pfn_t to kvm_pfn_t"
Previous message: Matt Fleming: "Re: [PATCH 2/2] x86, efi: Add "efi_fake_mem" boot option"
Next in thread: Thomas Gleixner: "Re: [BUG] x86: apic: Possible null pointer dereference by apic_ack_edge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

In mainline kernel version 4.3-rc4, the following line located in the
apic_ack_edge function definition can result in a null pointer dereference:

irq_complete_move(irqd_cfg(data));

The irqd_cfg function may return a value of NULL. If NULL is passed to the
irq_complete_move function, then the struct apic_chip_data pointer 'data' of
the __irq_complete_move function will be defined, and subsequently dereferenced,
based on this incorrect NULL value passed through the 'cfg' parameter:

data = container_of(cfg, struct apic_chip_data, cfg);
if (likely(!data->move_in_progress))

Sincerely,

William Breathitt Gray
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Williams: "Re: [PATCH v2 11/20] kvm: rename pfn_t to kvm_pfn_t"
Previous message: Matt Fleming: "Re: [PATCH 2/2] x86, efi: Add "efi_fake_mem" boot option"
Next in thread: Thomas Gleixner: "Re: [BUG] x86: apic: Possible null pointer dereference by apic_ack_edge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]