x86/apic/vector: Handle legacy irq data correctly

The backport of upstream commit 45d55e7bac40 ("x86/apic/vector: Fix off by
one in error path") missed to fixup the legacy interrupt data which is not
longer available upstream.

Handle legacy irq data correctly by clearing the legacy storage to prevent
use after free.

Fixes: 7fd133539289 ("x86/apic/vector: Fix off by one in error path") - 4.4.y
Fixes: c557481a9491 ("x86/apic/vector: Fix off by one in error path") - 4.9.y
Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index a41e523536a2af658d945647c7e4b4c1707b3718..592e260ba05b34a12c8ebc0ed7f6722624fa7339 100644 (file)
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -91,8 +91,12 @@ out_data:
        return NULL;
 }
 
-static void free_apic_chip_data(struct apic_chip_data *data)
+static void free_apic_chip_data(unsigned int virq, struct apic_chip_data *data)
 {
+#ifdef CONFIG_X86_IO_APIC
+       if (virq  < nr_legacy_irqs())
+               legacy_irq_data[virq] = NULL;
+#endif
        if (data) {
                free_cpumask_var(data->domain);
                free_cpumask_var(data->old_domain);
@@ -316,11 +320,7 @@ static void x86_vector_free_irqs(struct irq_domain *domain,
                        apic_data = irq_data->chip_data;
                        irq_domain_reset_irq_data(irq_data);
                        raw_spin_unlock_irqrestore(&vector_lock, flags);
-                       free_apic_chip_data(apic_data);
-#ifdef CONFIG_X86_IO_APIC
-                       if (virq + i < nr_legacy_irqs())
-                               legacy_irq_data[virq + i] = NULL;
-#endif
+                       free_apic_chip_data(virq + i, apic_data);
                }
        }
 }
@@ -361,7 +361,7 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq,
                err = assign_irq_vector_policy(virq + i, node, data, info);
                if (err) {
                        irq_data->chip_data = NULL;
-                       free_apic_chip_data(data);
+                       free_apic_chip_data(virq + i, data);
                        goto error;
                }
        }