genirq: Validate action before dereferencing it in handle_irq_event_percpu()
[linux/fpc-iii.git] / kernel / irq / handle.c
blob57bff7857e879bf2301a92723ade0a968870e637
1 /*
2 * linux/kernel/irq/handle.c
4 * Copyright (C) 1992, 1998-2006 Linus Torvalds, Ingo Molnar
5 * Copyright (C) 2005-2006, Thomas Gleixner, Russell King
7 * This file contains the core interrupt handling code.
9 * Detailed information is available in Documentation/DocBook/genericirq
13 #include <linux/irq.h>
14 #include <linux/random.h>
15 #include <linux/sched.h>
16 #include <linux/interrupt.h>
17 #include <linux/kernel_stat.h>
19 #include <trace/events/irq.h>
21 #include "internals.h"
23 /**
24 * handle_bad_irq - handle spurious and unhandled irqs
25 * @desc: description of the interrupt
27 * Handles spurious and unhandled IRQ's. It also prints a debugmessage.
29 void handle_bad_irq(struct irq_desc *desc)
31 unsigned int irq = irq_desc_get_irq(desc);
33 print_irq_desc(irq, desc);
34 kstat_incr_irqs_this_cpu(desc);
35 ack_bad_irq(irq);
37 EXPORT_SYMBOL_GPL(handle_bad_irq);
40 * Special, empty irq handler:
42 irqreturn_t no_action(int cpl, void *dev_id)
44 return IRQ_NONE;
46 EXPORT_SYMBOL_GPL(no_action);
48 static void warn_no_thread(unsigned int irq, struct irqaction *action)
50 if (test_and_set_bit(IRQTF_WARNED, &action->thread_flags))
51 return;
53 printk(KERN_WARNING "IRQ %d device %s returned IRQ_WAKE_THREAD "
54 "but no thread function available.", irq, action->name);
57 void __irq_wake_thread(struct irq_desc *desc, struct irqaction *action)
60 * In case the thread crashed and was killed we just pretend that
61 * we handled the interrupt. The hardirq handler has disabled the
62 * device interrupt, so no irq storm is lurking.
64 if (action->thread->flags & PF_EXITING)
65 return;
68 * Wake up the handler thread for this action. If the
69 * RUNTHREAD bit is already set, nothing to do.
71 if (test_and_set_bit(IRQTF_RUNTHREAD, &action->thread_flags))
72 return;
75 * It's safe to OR the mask lockless here. We have only two
76 * places which write to threads_oneshot: This code and the
77 * irq thread.
79 * This code is the hard irq context and can never run on two
80 * cpus in parallel. If it ever does we have more serious
81 * problems than this bitmask.
83 * The irq threads of this irq which clear their "running" bit
84 * in threads_oneshot are serialized via desc->lock against
85 * each other and they are serialized against this code by
86 * IRQS_INPROGRESS.
88 * Hard irq handler:
90 * spin_lock(desc->lock);
91 * desc->state |= IRQS_INPROGRESS;
92 * spin_unlock(desc->lock);
93 * set_bit(IRQTF_RUNTHREAD, &action->thread_flags);
94 * desc->threads_oneshot |= mask;
95 * spin_lock(desc->lock);
96 * desc->state &= ~IRQS_INPROGRESS;
97 * spin_unlock(desc->lock);
99 * irq thread:
101 * again:
102 * spin_lock(desc->lock);
103 * if (desc->state & IRQS_INPROGRESS) {
104 * spin_unlock(desc->lock);
105 * while(desc->state & IRQS_INPROGRESS)
106 * cpu_relax();
107 * goto again;
109 * if (!test_bit(IRQTF_RUNTHREAD, &action->thread_flags))
110 * desc->threads_oneshot &= ~mask;
111 * spin_unlock(desc->lock);
113 * So either the thread waits for us to clear IRQS_INPROGRESS
114 * or we are waiting in the flow handler for desc->lock to be
115 * released before we reach this point. The thread also checks
116 * IRQTF_RUNTHREAD under desc->lock. If set it leaves
117 * threads_oneshot untouched and runs the thread another time.
119 desc->threads_oneshot |= action->thread_mask;
122 * We increment the threads_active counter in case we wake up
123 * the irq thread. The irq thread decrements the counter when
124 * it returns from the handler or in the exit path and wakes
125 * up waiters which are stuck in synchronize_irq() when the
126 * active count becomes zero. synchronize_irq() is serialized
127 * against this code (hard irq handler) via IRQS_INPROGRESS
128 * like the finalize_oneshot() code. See comment above.
130 atomic_inc(&desc->threads_active);
132 wake_up_process(action->thread);
135 irqreturn_t handle_irq_event_percpu(struct irq_desc *desc)
137 irqreturn_t retval = IRQ_NONE;
138 unsigned int flags = 0, irq = desc->irq_data.irq;
139 struct irqaction *action = desc->action;
141 /* action might have become NULL since we dropped the lock */
142 while (action) {
143 irqreturn_t res;
145 trace_irq_handler_entry(irq, action);
146 res = action->handler(irq, action->dev_id);
147 trace_irq_handler_exit(irq, action, res);
149 if (WARN_ONCE(!irqs_disabled(),"irq %u handler %pF enabled interrupts\n",
150 irq, action->handler))
151 local_irq_disable();
153 switch (res) {
154 case IRQ_WAKE_THREAD:
156 * Catch drivers which return WAKE_THREAD but
157 * did not set up a thread function
159 if (unlikely(!action->thread_fn)) {
160 warn_no_thread(irq, action);
161 break;
164 __irq_wake_thread(desc, action);
166 /* Fall through to add to randomness */
167 case IRQ_HANDLED:
168 flags |= action->flags;
169 break;
171 default:
172 break;
175 retval |= res;
176 action = action->next;
179 add_interrupt_randomness(irq, flags);
181 if (!noirqdebug)
182 note_interrupt(desc, retval);
183 return retval;
186 irqreturn_t handle_irq_event(struct irq_desc *desc)
188 irqreturn_t ret;
190 desc->istate &= ~IRQS_PENDING;
191 irqd_set(&desc->irq_data, IRQD_IRQ_INPROGRESS);
192 raw_spin_unlock(&desc->lock);
194 ret = handle_irq_event_percpu(desc);
196 raw_spin_lock(&desc->lock);
197 irqd_clear(&desc->irq_data, IRQD_IRQ_INPROGRESS);
198 return ret;