From: Thomas Gleixner <tglx@xxxxxxxxxxxxx> commit c1a9eeb938b5433947e5ea22f89baff3182e7075 upstream. When a disfunctional timer, e.g. dummy timer, is installed, the tick core tries to setup the broadcast timer. If no broadcast device is installed, the kernel crashes with a NULL pointer dereference in tick_broadcast_setup_oneshot() because the function has no sanity check. Reported-by: Mason <slash.tmp@xxxxxxx> Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Mark Rutland <mark.rutland@xxxxxxx> Cc: Anna-Maria Gleixner <anna-maria@xxxxxxxxxxxxx> Cc: Richard Cochran <rcochran@xxxxxxxxxxxxx> Cc: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> Cc: Daniel Lezcano <daniel.lezcano@xxxxxxxxxx> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Cc: Sebastian Frias <sf84@xxxxxxxxxxx> Cc: Thibaud Cornic <thibaud_cornic@xxxxxxxxxxxxxxxx> Cc: Robin Murphy <robin.murphy@xxxxxxx> Link: http://lkml.kernel.org/r/1147ef90-7877-e4d2-bb2b-5c4fa8d3144b@xxxxxxx Signed-off-by: Jiri Slaby <jslaby@xxxxxxx> Signed-off-by: Willy Tarreau <w@xxxxxx> --- kernel/time/tick-broadcast.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c index 19ee339..6f27814 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c @@ -775,6 +775,9 @@ void tick_broadcast_setup_oneshot(struct clock_event_device *bc) { int cpu = smp_processor_id(); + if (!bc) + return; + /* Set it up only once ! */ if (bc->event_handler != tick_handle_oneshot_broadcast) { int was_periodic = bc->mode == CLOCK_EVT_MODE_PERIODIC; -- 2.8.0.rc2.1.gbe9624a