kernel/irq/proc.c: unprotected iteration over the IRQ action list in name_unique()

setup_irq() releases a desc->lock before calling register_handler_proc(), so
the iteration over the IRQ action list is not protected.

(akpm: the check itself is still racy, but at least it probably won't oops
now).

Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c
index 2db91eb..ddde0ef 100644 (file)
--- a/kernel/irq/proc.c
+++ b/kernel/irq/proc.c
@@ -66,12 +66,19 @@ static int name_unique(unsigned int irq, struct irqaction *new_action)
 {
        struct irq_desc *desc = irq_desc + irq;
        struct irqaction *action;
+       unsigned long flags;
+       int ret = 1;
 
-       for (action = desc->action ; action; action = action->next)
+       spin_lock_irqsave(&desc->lock, flags);
+       for (action = desc->action ; action; action = action->next) {
                if ((action != new_action) && action->name &&
-                               !strcmp(new_action->name, action->name))
-                       return 0;
-       return 1;
+                               !strcmp(new_action->name, action->name)) {
+                       ret = 0;
+                       break;
+               }
+       }
+       spin_unlock_irqrestore(&desc->lock, flags);
+       return ret;
 }
 
 void register_handler_proc(unsigned int irq, struct irqaction *action)