From: Bhaumik Bhatt <bbhatt@codeaurora.org>
To: manivannan.sadhasivam@linaro.org
Cc: linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
jhugo@codeaurora.org, linux-kernel@vger.kernel.org,
Bhaumik Bhatt <bbhatt@codeaurora.org>
Subject: [PATCH v4 12/12] bus: mhi: core: Remove MHI event ring IRQ handlers when powering down
Date: Mon, 9 Nov 2020 12:47:31 -0800 [thread overview]
Message-ID: <1604954851-23396-13-git-send-email-bbhatt@codeaurora.org> (raw)
In-Reply-To: <1604954851-23396-1-git-send-email-bbhatt@codeaurora.org>
While powering down, the device may or may not acknowledge an MHI
RESET issued by host for a graceful shutdown scenario and end up
sending an incoming data packet after tasklets have been killed.
If a rogue device sends this interrupt for a data transfer event
ring update, it can result in a tasklet getting scheduled while a
clean up is ongoing or has completed and cause access to freed
memory leading to a NULL pointer exception. Remove the interrupt
handlers for MHI event rings early on to avoid this scenario.
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
drivers/bus/mhi/core/pm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c
index ffbf6f5..a671f58 100644
--- a/drivers/bus/mhi/core/pm.c
+++ b/drivers/bus/mhi/core/pm.c
@@ -494,6 +494,7 @@ static void mhi_pm_disable_transition(struct mhi_controller *mhi_cntrl)
for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) {
if (mhi_event->offload_ev)
continue;
+ free_irq(mhi_cntrl->irq[mhi_event->irq], mhi_event);
tasklet_kill(&mhi_event->task);
}
@@ -1164,7 +1165,7 @@ void mhi_power_down(struct mhi_controller *mhi_cntrl, bool graceful)
/* Wait for shutdown to complete */
flush_work(&mhi_cntrl->st_worker);
- mhi_deinit_free_irq(mhi_cntrl);
+ free_irq(mhi_cntrl->irq[0], mhi_cntrl);
if (!mhi_cntrl->pre_init) {
/* Free all allocated resources */
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
next prev parent reply other threads:[~2020-11-09 20:47 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-09 20:47 [PATCH v4 00/12] Bug fixes and improvements for MHI power operations Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 01/12] bus: mhi: core: Use appropriate names for firmware load functions Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 02/12] bus: mhi: core: Move to using high priority workqueue Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 03/12] bus: mhi: core: Skip device wake in error or shutdown states Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 04/12] bus: mhi: core: Move to SYS_ERROR regardless of RDDM capability Bhaumik Bhatt
2020-11-16 6:12 ` Manivannan Sadhasivam
2020-11-09 20:47 ` [PATCH v4 05/12] bus: mhi: core: Prevent sending multiple RDDM entry callbacks Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 06/12] bus: mhi: core: Move to an error state on any firmware load failure Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 07/12] bus: mhi: core: Use appropriate label in firmware load handler API Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 08/12] bus: mhi: core: Move to an error state on mission mode failure Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 09/12] bus: mhi: core: Check for IRQ availability during registration Bhaumik Bhatt
2020-11-09 20:47 ` [PATCH v4 10/12] bus: mhi: core: Separate system error and power down handling Bhaumik Bhatt
2020-11-16 6:14 ` Manivannan Sadhasivam
2020-11-09 20:47 ` [PATCH v4 11/12] bus: mhi: core: Mark and maintain device states early on after power down Bhaumik Bhatt
2020-11-09 20:47 ` Bhaumik Bhatt [this message]
2020-11-16 6:37 ` [PATCH v4 00/12] Bug fixes and improvements for MHI power operations Manivannan Sadhasivam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1604954851-23396-13-git-send-email-bbhatt@codeaurora.org \
--to=bbhatt@codeaurora.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=manivannan.sadhasivam@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).