4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Kozub <z...@linux.fjfi.cvut.cz>

commit eb39a7c0355393c5a8d930f342ad7a6231b552c4 upstream.

The interrupt handler mfgpt_tick() is not robust versus spurious interrupts
which happen before the clock event device is registered and fully
initialized.

The reason is that the safe guard against spurious interrupts solely checks
for the clockevents shutdown state, but lacks a check for detached
state. If the interrupt hits while the device is in detached state it
passes the safe guard and dereferences the event handler call back which is
NULL.

Add the missing state check.

Fixes: 8f9327cbb6e8 ("clockevents/drivers/cs5535: Migrate to new 'set-state' 
interface")
Suggested-by: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: David Kozub <z...@linux.fjfi.cvut.cz>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: Daniel Lezcano <daniel.lezc...@linaro.org>
Link: https://lkml.kernel.org/r/20171020093103.3317f60...@linux.fjfi.cvut.cz
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 drivers/clocksource/cs5535-clockevt.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/clocksource/cs5535-clockevt.c
+++ b/drivers/clocksource/cs5535-clockevt.c
@@ -117,7 +117,8 @@ static irqreturn_t mfgpt_tick(int irq, v
        /* Turn off the clock (and clear the event) */
        disable_timer(cs5535_event_clock);
 
-       if (clockevent_state_shutdown(&cs5535_clockevent))
+       if (clockevent_state_detached(&cs5535_clockevent) ||
+           clockevent_state_shutdown(&cs5535_clockevent))
                return IRQ_HANDLED;
 
        /* Clear the counter */


Reply via email to