| Message ID | 20250606152522.4123158-1-jorge.ramirez@oss.qualcomm.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [PATCHv3] media: venus: protect against spurious interrupts during probe | expand |
On 06/06/2025 16:25, Jorge Ramirez-Ortiz wrote: > Make sure the interrupt handler is initialized before the interrupt is > registered. > > If the IRQ is registered before hfi_create(), it's possible that an > interrupt fires before the handler setup is complete, leading to a NULL > dereference. > > This error condition has been observed during system boot on Rb3Gen2. > > Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") > Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com> > --- > v3: > Added Fixes tag > v2: > Fix authorship > Fix spelling mistake > > drivers/media/platform/qcom/venus/core.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c > index d305d74bb152..5bd99d0aafe4 100644 > --- a/drivers/media/platform/qcom/venus/core.c > +++ b/drivers/media/platform/qcom/venus/core.c > @@ -424,13 +424,13 @@ static int venus_probe(struct platform_device *pdev) > INIT_DELAYED_WORK(&core->work, venus_sys_error_handler); > init_waitqueue_head(&core->sys_err_done); > > - ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, > - IRQF_TRIGGER_HIGH | IRQF_ONESHOT, > - "venus", core); > + ret = hfi_create(core, &venus_core_ops); > if (ret) > goto err_core_put; > > - ret = hfi_create(core, &venus_core_ops); > + ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, > + IRQF_TRIGGER_HIGH | IRQF_ONESHOT, > + "venus", core); > if (ret) > goto err_core_put; > Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
On 06/06/2025 16:25, Jorge Ramirez-Ortiz wrote: > Make sure the interrupt handler is initialized before the interrupt is > registered. > > If the IRQ is registered before hfi_create(), it's possible that an > interrupt fires before the handler setup is complete, leading to a NULL > dereference. > > This error condition has been observed during system boot on Rb3Gen2. > > Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") > Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com> > --- > v3: > Added Fixes tag > v2: > Fix authorship > Fix spelling mistake > > drivers/media/platform/qcom/venus/core.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c > index d305d74bb152..5bd99d0aafe4 100644 > --- a/drivers/media/platform/qcom/venus/core.c > +++ b/drivers/media/platform/qcom/venus/core.c > @@ -424,13 +424,13 @@ static int venus_probe(struct platform_device *pdev) > INIT_DELAYED_WORK(&core->work, venus_sys_error_handler); > init_waitqueue_head(&core->sys_err_done); > > - ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, > - IRQF_TRIGGER_HIGH | IRQF_ONESHOT, > - "venus", core); > + ret = hfi_create(core, &venus_core_ops); > if (ret) > goto err_core_put; > > - ret = hfi_create(core, &venus_core_ops); > + ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, > + IRQF_TRIGGER_HIGH | IRQF_ONESHOT, > + "venus", core); > if (ret) > goto err_core_put; > @Dikshita @Vikash. Good/happy with this patch ? Looks right to me. --- bod
On 6/6/2025 8:55 PM, Jorge Ramirez-Ortiz wrote: > Make sure the interrupt handler is initialized before the interrupt is > registered. > > If the IRQ is registered before hfi_create(), it's possible that an > interrupt fires before the handler setup is complete, leading to a NULL > dereference. > > This error condition has been observed during system boot on Rb3Gen2. > > Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") > Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com> > --- > v3: > Added Fixes tag > v2: > Fix authorship > Fix spelling mistake > > drivers/media/platform/qcom/venus/core.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c > index d305d74bb152..5bd99d0aafe4 100644 > --- a/drivers/media/platform/qcom/venus/core.c > +++ b/drivers/media/platform/qcom/venus/core.c > @@ -424,13 +424,13 @@ static int venus_probe(struct platform_device *pdev) > INIT_DELAYED_WORK(&core->work, venus_sys_error_handler); > init_waitqueue_head(&core->sys_err_done); > > - ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, > - IRQF_TRIGGER_HIGH | IRQF_ONESHOT, > - "venus", core); > + ret = hfi_create(core, &venus_core_ops); > if (ret) > goto err_core_put; > > - ret = hfi_create(core, &venus_core_ops); > + ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, > + IRQF_TRIGGER_HIGH | IRQF_ONESHOT, > + "venus", core); > if (ret) > goto err_core_put; > Reviewed-by: Vikash Garodia <quic_vgarodia@quicinc.com>
diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c index d305d74bb152..5bd99d0aafe4 100644 --- a/drivers/media/platform/qcom/venus/core.c +++ b/drivers/media/platform/qcom/venus/core.c @@ -424,13 +424,13 @@ static int venus_probe(struct platform_device *pdev) INIT_DELAYED_WORK(&core->work, venus_sys_error_handler); init_waitqueue_head(&core->sys_err_done); - ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, - IRQF_TRIGGER_HIGH | IRQF_ONESHOT, - "venus", core); + ret = hfi_create(core, &venus_core_ops); if (ret) goto err_core_put; - ret = hfi_create(core, &venus_core_ops); + ret = devm_request_threaded_irq(dev, core->irq, hfi_isr, venus_isr_thread, + IRQF_TRIGGER_HIGH | IRQF_ONESHOT, + "venus", core); if (ret) goto err_core_put;
Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_create(), it's possible that an interrupt fires before the handler setup is complete, leading to a NULL dereference. This error condition has been observed during system boot on Rb3Gen2. Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com> --- v3: Added Fixes tag v2: Fix authorship Fix spelling mistake drivers/media/platform/qcom/venus/core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)