From: Maxime Ripard <maxime.ripard@free-electrons.com>
To: 박용배 <yongbae2@gmail.com>
Cc: daniel.lezcano@linaro.org, tglx@linutronix.de,
linux-kernel@vger.kernel.org
Subject: Re: null pointer dereference error in timer-sun5i.c
Date: Tue, 17 Feb 2015 15:16:48 +0100 [thread overview]
Message-ID: <20150217141648.GN25269@lukather> (raw)
In-Reply-To: <CAMaOmv7Vco04aOs4aCuS2nEQrwpx4ais3KDSBCatpSBVXZ9enw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1535 bytes --]
Hi,
On Mon, Feb 16, 2015 at 04:36:06PM +0900, 박용배 wrote:
> Hello. My name is Yongbae Park.
>
> I would like to report a possible null pointer dereference error at
> sun5i_timer_interrupt() in drivers/clocksource/timer-sun5i.c (version:
> 3.19-rc5). The null pointer dereference error occurs if the interrupt
> handler sun5i_timer_interrupt() accesses evt->event_handler (line 128) when
> evt->event_handler is null and not defined by sun5i_timer_init().
>
> sun5i_timer_init() first registers sun5i_timer_interrupt() as the interrupt
> handler at line 181, and then defines the clockevent handler at line 192.
> As a consequence, the interrupt handler can be executed before the
> clockevent handler definition when an interrupt occurs between line 181 and
> line 192. The detail error scenario is the following:
That's very true. Thanks for reporting it.
However, this shouldn't really happen in real life, since the hstimer
are never used by the bootloader (which means that we don't have a
running timer already), and that this isn't the default timer as well
(so we don't program it either).
The only case where this could happen (in the default case), would be
a spurious interrupt.
Did you encounter this bug in real life?
Would you care to make a patch for this issue, similar to the patches
you pointed at, since you're the one who found this issue?
Thanks,
Maxime
--
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next parent reply other threads:[~2015-02-17 14:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAMaOmv7Vco04aOs4aCuS2nEQrwpx4ais3KDSBCatpSBVXZ9enw@mail.gmail.com>
2015-02-17 14:16 ` Maxime Ripard [this message]
2015-02-16 8:20 null pointer dereference error in timer-sun5i.c 박용배
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150217141648.GN25269@lukather \
--to=maxime.ripard@free-electrons.com \
--cc=daniel.lezcano@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=yongbae2@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).