From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: gregkh@linuxfoundation.org
Cc: hemantk@codeaurora.org, bbhatt@codeaurora.org,
linux-arm-msm@vger.kernel.org, jhugo@codeaurora.org,
linux-kernel@vger.kernel.org, loic.poulain@linaro.org,
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Subject: [PATCH 24/29] bus: mhi: core: Remove MHI event ring IRQ handlers when powering down
Date: Wed, 2 Dec 2020 15:11:54 +0530 [thread overview]
Message-ID: <20201202094159.107075-25-manivannan.sadhasivam@linaro.org> (raw)
In-Reply-To: <20201202094159.107075-1-manivannan.sadhasivam@linaro.org>
From: Bhaumik Bhatt <bbhatt@codeaurora.org>
While powering down, the device may or may not acknowledge an MHI
RESET issued by host for a graceful shutdown scenario and end up
sending an incoming data packet after tasklets have been killed.
If a rogue device sends this interrupt for a data transfer event
ring update, it can result in a tasklet getting scheduled while a
clean up is ongoing or has completed and cause access to freed
memory leading to a NULL pointer exception. Remove the interrupt
handlers for MHI event rings early on to avoid this scenario.
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
drivers/bus/mhi/core/pm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c
index ffbf6f539510..a671f585ce35 100644
--- a/drivers/bus/mhi/core/pm.c
+++ b/drivers/bus/mhi/core/pm.c
@@ -494,6 +494,7 @@ static void mhi_pm_disable_transition(struct mhi_controller *mhi_cntrl)
for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) {
if (mhi_event->offload_ev)
continue;
+ free_irq(mhi_cntrl->irq[mhi_event->irq], mhi_event);
tasklet_kill(&mhi_event->task);
}
@@ -1164,7 +1165,7 @@ void mhi_power_down(struct mhi_controller *mhi_cntrl, bool graceful)
/* Wait for shutdown to complete */
flush_work(&mhi_cntrl->st_worker);
- mhi_deinit_free_irq(mhi_cntrl);
+ free_irq(mhi_cntrl->irq[0], mhi_cntrl);
if (!mhi_cntrl->pre_init) {
/* Free all allocated resources */
--
2.25.1
next prev parent reply other threads:[~2020-12-02 9:44 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 9:41 [PATCH 00/29] MHI changes for v5.11 Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 01/29] bus: mhi: Remove auto-start option Manivannan Sadhasivam
2020-12-02 16:00 ` Kalle Valo
2020-12-02 16:27 ` Manivannan Sadhasivam
2020-12-02 16:57 ` Kalle Valo
2020-12-02 17:48 ` Greg KH
2020-12-02 9:41 ` [PATCH 02/29] net: qrtr: Start MHI channels during init Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 03/29] bus: mhi: core: fix potential operator-precedence with BHI macros Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 04/29] bus: mhi: Add MHI PCI support for WWAN modems Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 05/29] bus: mhi: core: Fix null pointer access when parsing MHI configuration Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 06/29] bus: mhi: Fix channel close issue on driver remove Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 07/29] bus: mhi: core: Remove unnecessary counter from mhi_firmware_copy() Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 08/29] bus: mhi: core: Add missing EXPORT_SYMBOL for mhi_get_mhi_state() Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 09/29] bus: mhi: core: Expose mhi_get_exec_env() API for controllers Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 10/29] bus: mhi: core: Remove unused mhi_fw_load_worker() declaration Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 11/29] bus: mhi: core: Rename RDDM download function to use proper words Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 12/29] bus: mhi: core: Skip RDDM download for unknown execution environment Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 13/29] bus: mhi: core: Use appropriate names for firmware load functions Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 14/29] bus: mhi: core: Move to using high priority workqueue Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 15/29] bus: mhi: core: Skip device wake in error or shutdown states Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 16/29] bus: mhi: core: Move to SYS_ERROR regardless of RDDM capability Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 17/29] bus: mhi: core: Prevent sending multiple RDDM entry callbacks Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 18/29] bus: mhi: core: Move to an error state on any firmware load failure Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 19/29] bus: mhi: core: Use appropriate label in firmware load handler API Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 20/29] bus: mhi: core: Move to an error state on mission mode failure Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 21/29] bus: mhi: core: Check for IRQ availability during registration Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 22/29] bus: mhi: core: Separate system error and power down handling Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 23/29] bus: mhi: core: Mark and maintain device states early on after power down Manivannan Sadhasivam
2020-12-02 9:41 ` Manivannan Sadhasivam [this message]
2020-12-02 9:41 ` [PATCH 25/29] net: qrtr: Unprepare MHI channels during remove Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 26/29] bus: mhi: core: Indexed MHI controller name Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 27/29] bus: mhi: core: Fix device hierarchy Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 28/29] bus: mhi: core: Fix error handling in mhi_register_controller() Manivannan Sadhasivam
2020-12-02 9:41 ` [PATCH 29/29] mhi: pci_generic: Fix implicit conversion warning Manivannan Sadhasivam
2020-12-02 16:29 ` [PATCH 00/29] MHI changes for v5.11 Manivannan Sadhasivam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201202094159.107075-25-manivannan.sadhasivam@linaro.org \
--to=manivannan.sadhasivam@linaro.org \
--cc=bbhatt@codeaurora.org \
--cc=gregkh@linuxfoundation.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=loic.poulain@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).