| Message ID | 1600480955-16827-6-git-send-email-bbhatt@codeaurora.org |
|---|---|
| State | New |
| Headers | show |
| Series | Bug fixes and improvements for MHI power operations | expand |
On Fri, Sep 18, 2020 at 07:02:30PM -0700, Bhaumik Bhatt wrote: > While powering down, the device may or may not acknowledge the MHI > RESET issued by host for graceful shutdown scenario which can lead > to a rogue device sending an interrupt after the clean-up has been > done. This can result in a tasklet being scheduled after it has > been killed and access already freed memory causing a NULL pointer > exception. Avoid this corner case by disabling the interrupts as a > part of host clean up. > > Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org> > --- > drivers/bus/mhi/core/pm.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c > index 1862960..3462d82 100644 > --- a/drivers/bus/mhi/core/pm.c > +++ b/drivers/bus/mhi/core/pm.c > @@ -517,6 +517,7 @@ static void mhi_pm_disable_transition(struct mhi_controller *mhi_cntrl, > for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) { > if (mhi_event->offload_ev) > continue; > + disable_irq(mhi_cntrl->irq[mhi_event->irq]); No need to disable irq[0]? Thanks, Mani > tasklet_kill(&mhi_event->task); > } > > -- > The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, > a Linux Foundation Collaborative Project >
Hi On 9/19/2020 7:32 AM, Bhaumik Bhatt wrote: > While powering down, the device may or may not acknowledge the MHI > RESET issued by host for graceful shutdown scenario which can lead > to a rogue device sending an interrupt after the clean-up has been > done. This can result in a tasklet being scheduled after it has > been killed and access already freed memory causing a NULL pointer > exception. Avoid this corner case by disabling the interrupts as a > part of host clean up. > > Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org> > --- > drivers/bus/mhi/core/pm.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c > index 1862960..3462d82 100644 > --- a/drivers/bus/mhi/core/pm.c > +++ b/drivers/bus/mhi/core/pm.c > @@ -517,6 +517,7 @@ static void mhi_pm_disable_transition(struct mhi_controller *mhi_cntrl, > for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) { > if (mhi_event->offload_ev) > continue; > + disable_irq(mhi_cntrl->irq[mhi_event->irq]); > tasklet_kill(&mhi_event->task); > } > What about sys_err handling? IRQ may be left disabled? -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project
diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c index 1862960..3462d82 100644 --- a/drivers/bus/mhi/core/pm.c +++ b/drivers/bus/mhi/core/pm.c @@ -517,6 +517,7 @@ static void mhi_pm_disable_transition(struct mhi_controller *mhi_cntrl, for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) { if (mhi_event->offload_ev) continue; + disable_irq(mhi_cntrl->irq[mhi_event->irq]); tasklet_kill(&mhi_event->task); }
While powering down, the device may or may not acknowledge the MHI RESET issued by host for graceful shutdown scenario which can lead to a rogue device sending an interrupt after the clean-up has been done. This can result in a tasklet being scheduled after it has been killed and access already freed memory causing a NULL pointer exception. Avoid this corner case by disabling the interrupts as a part of host clean up. Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org> --- drivers/bus/mhi/core/pm.c | 1 + 1 file changed, 1 insertion(+)