From: Bhaumik Bhatt <bbhatt@codeaurora.org>
To: manivannan.sadhasivam@linaro.org
Cc: linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
jhugo@codeaurora.org, linux-kernel@vger.kernel.org,
Bhaumik Bhatt <bbhatt@codeaurora.org>
Subject: [PATCH v3 12/12] bus: mhi: core: Remove MHI event ring IRQ handlers when powering down
Date: Thu, 29 Oct 2020 21:10:57 -0700 [thread overview]
Message-ID: <1604031057-32820-13-git-send-email-bbhatt@codeaurora.org> (raw)
In-Reply-To: <1604031057-32820-1-git-send-email-bbhatt@codeaurora.org>
While powering down, the device may or may not acknowledge an MHI
RESET issued by host for a graceful shutdown scenario and end up
sending an incoming data packet after tasklets have been killed.
If a rogue device sends this interrupt for a data transfer event
ring update, it can result in a tasklet getting scheduled while a
clean up is ongoing or has completed and cause access to freed
memory leading to a NULL pointer exception. Remove the interrupt
handlers for MHI event rings early on to avoid this scenario.
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
---
drivers/bus/mhi/core/pm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c
index ffbf6f5..a671f58 100644
--- a/drivers/bus/mhi/core/pm.c
+++ b/drivers/bus/mhi/core/pm.c
@@ -494,6 +494,7 @@ static void mhi_pm_disable_transition(struct mhi_controller *mhi_cntrl)
for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) {
if (mhi_event->offload_ev)
continue;
+ free_irq(mhi_cntrl->irq[mhi_event->irq], mhi_event);
tasklet_kill(&mhi_event->task);
}
@@ -1164,7 +1165,7 @@ void mhi_power_down(struct mhi_controller *mhi_cntrl, bool graceful)
/* Wait for shutdown to complete */
flush_work(&mhi_cntrl->st_worker);
- mhi_deinit_free_irq(mhi_cntrl);
+ free_irq(mhi_cntrl->irq[0], mhi_cntrl);
if (!mhi_cntrl->pre_init) {
/* Free all allocated resources */
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
next prev parent reply other threads:[~2020-10-30 4:11 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-30 4:10 [PATCH v3 00/12] Bug fixes and improvements for MHI power operations Bhaumik Bhatt
2020-10-30 4:10 ` [PATCH v3 01/12] bus: mhi: core: Use appropriate names for firmware load functions Bhaumik Bhatt
2020-10-30 13:29 ` Manivannan Sadhasivam
2020-10-30 4:10 ` [PATCH v3 02/12] bus: mhi: core: Move to using high priority workqueue Bhaumik Bhatt
2020-10-30 13:35 ` Manivannan Sadhasivam
2020-10-30 4:10 ` [PATCH v3 03/12] bus: mhi: core: Skip device wake in error or shutdown states Bhaumik Bhatt
2020-10-30 4:10 ` [PATCH v3 04/12] bus: mhi: core: Move to SYS_ERROR regardless of RDDM capability Bhaumik Bhatt
2020-10-30 13:52 ` Manivannan Sadhasivam
2020-10-30 19:29 ` Bhaumik Bhatt
2020-10-30 4:10 ` [PATCH v3 05/12] bus: mhi: core: Prevent sending multiple RDDM entry callbacks Bhaumik Bhatt
2020-10-30 13:56 ` Manivannan Sadhasivam
2020-10-30 4:10 ` [PATCH v3 06/12] bus: mhi: core: Move to an error state on any firmware load failure Bhaumik Bhatt
2020-10-30 14:00 ` Manivannan Sadhasivam
2020-10-30 4:10 ` [PATCH v3 07/12] bus: mhi: core: Use appropriate label in firmware load handler API Bhaumik Bhatt
2020-10-30 14:00 ` Manivannan Sadhasivam
2020-10-30 4:10 ` [PATCH v3 08/12] bus: mhi: core: Move to an error state on mission mode failure Bhaumik Bhatt
2020-10-30 4:10 ` [PATCH v3 09/12] bus: mhi: core: Check for IRQ availability during registration Bhaumik Bhatt
2020-10-30 14:02 ` Manivannan Sadhasivam
2020-10-30 4:10 ` [PATCH v3 10/12] bus: mhi: core: Separate system error and power down handling Bhaumik Bhatt
2020-10-30 14:06 ` Manivannan Sadhasivam
2020-10-30 19:34 ` Bhaumik Bhatt
2020-10-31 6:54 ` Manivannan Sadhasivam
2020-11-02 16:52 ` Bhaumik Bhatt
2020-10-30 4:10 ` [PATCH v3 11/12] bus: mhi: core: Mark and maintain device states early on after power down Bhaumik Bhatt
2020-10-30 14:10 ` Manivannan Sadhasivam
2020-10-30 4:10 ` Bhaumik Bhatt [this message]
2020-10-30 14:11 ` [PATCH v3 12/12] bus: mhi: core: Remove MHI event ring IRQ handlers when powering down Manivannan Sadhasivam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1604031057-32820-13-git-send-email-bbhatt@codeaurora.org \
--to=bbhatt@codeaurora.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=manivannan.sadhasivam@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.