cpumask: fix bug in use cpumask_var_t in irq_desc
Impact: fix bug where new irq_desc uses old cpumask pointers which are freed.
As Yinghai pointed out, init_copy_one_irq_desc() copies the old desc to
the new desc overwriting the cpumask pointers. Since the old_desc and
the cpumask pointers are freed, then memory corruption will occur if
these old pointers are used.
Move the allocation of these pointers to after the copy.
Signed-off-by: Mike Travis <travis@sgi.com>
Cc: Yinghai Lu <yinghai@kernel.org>
diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
index b8fa135..f01c0a3 100644
--- a/kernel/irq/handle.c
+++ b/kernel/irq/handle.c
@@ -85,8 +85,6 @@
static void init_one_irq_desc(int irq, struct irq_desc *desc, int cpu)
{
- int node = cpu_to_node(cpu);
-
memcpy(desc, &irq_desc_init, sizeof(struct irq_desc));
spin_lock_init(&desc->lock);
@@ -100,7 +98,7 @@
printk(KERN_ERR "can not alloc kstat_irqs\n");
BUG_ON(1);
}
- if (!init_alloc_desc_masks(desc, node, false)) {
+ if (!init_alloc_desc_masks(desc, cpu, false)) {
printk(KERN_ERR "can not alloc irq_desc cpumasks\n");
BUG_ON(1);
}
@@ -188,10 +186,6 @@
printk(KERN_ERR "can not alloc irq_desc\n");
BUG_ON(1);
}
- if (!init_alloc_desc_masks(desc, node, false)) {
- printk(KERN_ERR "can not alloc irq_desc cpumasks\n");
- BUG_ON(1);
- }
init_one_irq_desc(irq, desc, cpu);
irq_desc_ptrs[irq] = desc;