c1ee626428
Lars-Peter Clausen pointed out: I stumbled upon this while looking through the existing archs using SPARSE_IRQ. Even with SPARSE_IRQ the NR_IRQS is still the upper limit for the number of IRQs. Both PXA and MMP set NR_IRQS to IRQ_BOARD_START, with IRQ_BOARD_START being the number of IRQs used by the core. In various machine files the nr_irqs field of the ARM machine defintion struct is then set to "IRQ_BOARD_START + NR_BOARD_IRQS". As a result "nr_irqs" will greater then NR_IRQS which then again causes the "allocated_irqs" bitmap in the core irq code to be accessed beyond its size overwriting unrelated data. The core code really misses a sanity check there. This went unnoticed so far as by chance the compiler/linker places data behind that bitmap which gets initialized later on those affected platforms. So the obvious fix would be to add a sanity check in early_irq_init() and break all affected platforms. Though that check wants to be backported to stable as well, which will require to fix all known problematic platforms and probably some more yet not known ones as well. Lots of churn. A way simpler solution is to allocate a slightly larger bitmap and avoid the whole churn w/o breaking anything. Add a few warnings when an arch returns utter crap. Reported-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@kernel.org # .37 Cc: Haojian Zhuang <haojian.zhuang@marvell.com> Cc: Eric Miao <eric.y.miao@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org>
83 lines
2.0 KiB
C
83 lines
2.0 KiB
C
/*
|
|
* linux/kernel/irq/resend.c
|
|
*
|
|
* Copyright (C) 1992, 1998-2006 Linus Torvalds, Ingo Molnar
|
|
* Copyright (C) 2005-2006, Thomas Gleixner
|
|
*
|
|
* This file contains the IRQ-resend code
|
|
*
|
|
* If the interrupt is waiting to be processed, we try to re-run it.
|
|
* We can't directly run it from here since the caller might be in an
|
|
* interrupt-protected region. Not all irq controller chips can
|
|
* retrigger interrupts at the hardware level, so in those cases
|
|
* we allow the resending of IRQs via a tasklet.
|
|
*/
|
|
|
|
#include <linux/irq.h>
|
|
#include <linux/module.h>
|
|
#include <linux/random.h>
|
|
#include <linux/interrupt.h>
|
|
|
|
#include "internals.h"
|
|
|
|
#ifdef CONFIG_HARDIRQS_SW_RESEND
|
|
|
|
/* Bitmap to handle software resend of interrupts: */
|
|
static DECLARE_BITMAP(irqs_resend, IRQ_BITMAP_BITS);
|
|
|
|
/*
|
|
* Run software resends of IRQ's
|
|
*/
|
|
static void resend_irqs(unsigned long arg)
|
|
{
|
|
struct irq_desc *desc;
|
|
int irq;
|
|
|
|
while (!bitmap_empty(irqs_resend, nr_irqs)) {
|
|
irq = find_first_bit(irqs_resend, nr_irqs);
|
|
clear_bit(irq, irqs_resend);
|
|
desc = irq_to_desc(irq);
|
|
local_irq_disable();
|
|
desc->handle_irq(irq, desc);
|
|
local_irq_enable();
|
|
}
|
|
}
|
|
|
|
/* Tasklet to handle resend: */
|
|
static DECLARE_TASKLET(resend_tasklet, resend_irqs, 0);
|
|
|
|
#endif
|
|
|
|
/*
|
|
* IRQ resend
|
|
*
|
|
* Is called with interrupts disabled and desc->lock held.
|
|
*/
|
|
void check_irq_resend(struct irq_desc *desc, unsigned int irq)
|
|
{
|
|
unsigned int status = desc->status;
|
|
|
|
/*
|
|
* Make sure the interrupt is enabled, before resending it:
|
|
*/
|
|
desc->irq_data.chip->irq_enable(&desc->irq_data);
|
|
|
|
/*
|
|
* We do not resend level type interrupts. Level type
|
|
* interrupts are resent by hardware when they are still
|
|
* active.
|
|
*/
|
|
if ((status & (IRQ_LEVEL | IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
|
|
desc->status = (status & ~IRQ_PENDING) | IRQ_REPLAY;
|
|
|
|
if (!desc->irq_data.chip->irq_retrigger ||
|
|
!desc->irq_data.chip->irq_retrigger(&desc->irq_data)) {
|
|
#ifdef CONFIG_HARDIRQS_SW_RESEND
|
|
/* Set it pending and activate the softirq: */
|
|
set_bit(irq, irqs_resend);
|
|
tasklet_schedule(&resend_tasklet);
|
|
#endif
|
|
}
|
|
}
|
|
}
|