Hello,
In mainline kernel version 4.3-rc4, the following line located in the
apic_ack_edge function definition can result in a null pointer dereference:
irq_complete_move(irqd_cfg(data));
The irqd_cfg function may return a value of NULL. If NULL is passed to the
irq_complete_move function, then the struct apic_chip_data pointer 'data' of
the __irq_complete_move function will be defined, and subsequently dereferenced,
based on this incorrect NULL value passed through the 'cfg' parameter:
data = container_of(cfg, struct apic_chip_data, cfg);
if (likely(!data->move_in_progress))
Sincerely,
William Breathitt Gray
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
