4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ivan Gorinov <ivan.gori...@intel.com>

[ Upstream commit 0a5169add90e43ab45ab1ba34223b8583fcaf675 ]

IRQ parameters for the SoC devices connected directly to I/O APIC lines
(without PCI IRQ routing) may be specified in the Device Tree.

Called from DT IRQ parser, irq_create_fwspec_mapping() calls
irq_domain_alloc_irqs() with a pointer to irq_fwspec structure as @arg.

But x86-specific DT IRQ allocation code casts @arg to of_phandle_args
structure pointer and crashes trying to read the IRQ parameters. The
function was not converted when the mapping descriptor was changed to
irq_fwspec in the generic irqdomain code.

Fixes: 11e4438ee330 ("irqdomain: Introduce a firmware-specific IRQ specifier 
structure")
Signed-off-by: Ivan Gorinov <ivan.gori...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: Mark Rutland <mark.rutl...@arm.com>
Cc: Rob Herring <robh...@kernel.org>
Link: 
https://lkml.kernel.org/r/a234dee27ea60ce76141872da0d6bdb378b2a9ee.1520450752.git.ivan.gori...@intel.com
Signed-off-by: Sasha Levin <alexander.le...@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
 arch/x86/kernel/devicetree.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

--- a/arch/x86/kernel/devicetree.c
+++ b/arch/x86/kernel/devicetree.c
@@ -200,19 +200,22 @@ static struct of_ioapic_type of_ioapic_t
 static int dt_irqdomain_alloc(struct irq_domain *domain, unsigned int virq,
                              unsigned int nr_irqs, void *arg)
 {
-       struct of_phandle_args *irq_data = (void *)arg;
+       struct irq_fwspec *fwspec = (struct irq_fwspec *)arg;
        struct of_ioapic_type *it;
        struct irq_alloc_info tmp;
+       int type_index;
 
-       if (WARN_ON(irq_data->args_count < 2))
+       if (WARN_ON(fwspec->param_count < 2))
                return -EINVAL;
-       if (irq_data->args[1] >= ARRAY_SIZE(of_ioapic_type))
+
+       type_index = fwspec->param[1];
+       if (type_index >= ARRAY_SIZE(of_ioapic_type))
                return -EINVAL;
 
-       it = &of_ioapic_type[irq_data->args[1]];
+       it = &of_ioapic_type[type_index];
        ioapic_set_alloc_attr(&tmp, NUMA_NO_NODE, it->trigger, it->polarity);
        tmp.ioapic_id = mpc_ioapic_id(mp_irqdomain_ioapic_idx(domain));
-       tmp.ioapic_pin = irq_data->args[0];
+       tmp.ioapic_pin = fwspec->param[0];
 
        return mp_irqdomain_alloc(domain, virq, nr_irqs, &tmp);
 }


Reply via email to