From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756745AbbBQOU0 (ORCPT ); Tue, 17 Feb 2015 09:20:26 -0500 Received: from down.free-electrons.com ([37.187.137.238]:34582 "EHLO mail.free-electrons.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756728AbbBQOUZ (ORCPT ); Tue, 17 Feb 2015 09:20:25 -0500 Date: Tue, 17 Feb 2015 15:16:48 +0100 From: Maxime Ripard To: =?utf-8?B?67CV7Jqp67Cw?= Cc: daniel.lezcano@linaro.org, tglx@linutronix.de, linux-kernel@vger.kernel.org Subject: Re: null pointer dereference error in timer-sun5i.c Message-ID: <20150217141648.GN25269@lukather> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UExESr5xZTMxdOWv" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --UExESr5xZTMxdOWv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Mon, Feb 16, 2015 at 04:36:06PM +0900, =EB=B0=95=EC=9A=A9=EB=B0=B0 wrote: > Hello. My name is Yongbae Park. >=20 > I would like to report a possible null pointer dereference error at > sun5i_timer_interrupt() in drivers/clocksource/timer-sun5i.c (version: > 3.19-rc5). The null pointer dereference error occurs if the interrupt > handler sun5i_timer_interrupt() accesses evt->event_handler (line 128) wh= en > evt->event_handler is null and not defined by sun5i_timer_init(). >=20 > sun5i_timer_init() first registers sun5i_timer_interrupt() as the interru= pt > handler at line 181, and then defines the clockevent handler at line 192. > As a consequence, the interrupt handler can be executed before the > clockevent handler definition when an interrupt occurs between line 181 a= nd > line 192. The detail error scenario is the following: That's very true. Thanks for reporting it. However, this shouldn't really happen in real life, since the hstimer are never used by the bootloader (which means that we don't have a running timer already), and that this isn't the default timer as well (so we don't program it either). The only case where this could happen (in the default case), would be a spurious interrupt. Did you encounter this bug in real life? Would you care to make a patch for this issue, similar to the patches you pointed at, since you're the one who found this issue? Thanks, Maxime --=20 Maxime Ripard, Free Electrons Embedded Linux, Kernel and Android engineering http://free-electrons.com --UExESr5xZTMxdOWv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU401QAAoJEBx+YmzsjxAgpu4P/RaOuld6u/Du1KrN4Ibpxe1N husqnB6c6tX/bj/+sPZkZwQCRHW4CsYZ3M8kPRQCWZN74/xSvEPe8WiMIBxqTMXL lTGUY5BPzuK3IdXMeMdaTYbEGR8XXIU3HAF5d4qYz9SrDpEgGnaujeTRrLvFmpgC D/7lZI11H4AbW6f+hm9cCjpLWYrqiem2TJSEuF7OF9ee/peXi8hNyCkOny9yamln yTmsTn2QFw2Px3f7C/SpMRu8r6sxbiA/FHjT4LD1GkBZF9NfZ158B3BfjZwNABq+ OiupeTMqQmM+4zxePqc6d7fcKB4sBu2XUcPViNKViaABXqymqyEDthB5OFRXVFdO JgeQK8bcqLrOdThwKfKBZvRCEqvxryXSQOSKlwZo7izQ1QGGDQN0qlJplRaKEgCu Yv/sKexUzo3O+UIpHFMW+3/pghlC0fweLQV/MHWa7d5f//JmZICF4wwXmnUHPKKa SjHA4J5Qb4Ry9utZsMTwI/HAoLFgFTHR3BDC5RnWPXjjdVngtDiInv1N1E+60AGl 6eI/laOvh9ru+wmClEt8KEOK8U8Nwac6pBWOsJ6YWpk6Rnea6yYIxhcqCgUiaD1L AAP56mJce/L6ERbC0sodYz2twlXE3T/IB1pZxJf1czDMqB6BeB8G+9c5kQvbglMv MvxXUPqs7TeNZcando+I =DdL3 -----END PGP SIGNATURE----- --UExESr5xZTMxdOWv--