From: Manivannan Sadhasivam <mani@kernel.org>
To: Kalle Valo <kvalo@kernel.org>
Cc: Qiang Yu <quic_qianyu@quicinc.com>,
quic_hemantk@quicinc.com, loic.poulain@linaro.org,
quic_jhugo@quicinc.com, mhi@lists.linux.dev,
linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
quic_cang@quicinc.com, ath11k@lists.infradead.org
Subject: Re: [PATCH v3 1/1] bus: mhi: host: Fix up null pointer access in mhi_irq_handler
Date: Fri, 29 Jul 2022 19:52:21 +0530 [thread overview]
Message-ID: <20220729142221.GA9937@thinkpad> (raw)
In-Reply-To: <87czdrrc95.fsf@kernel.org>
On Tue, Jul 26, 2022 at 08:53:58PM +0300, Kalle Valo wrote:
> Manivannan Sadhasivam <mani@kernel.org> writes:
>
> > +ath11k, Kalle
> >
> > On Fri, Jul 22, 2022 at 11:17:18AM +0800, Qiang Yu wrote:
> >> The irq handler for a shared IRQ ought to be prepared for running
> >> even now it's being freed. So let's check the pointer used by
> >> mhi_irq_handler to avoid null pointer access since it is probably
> >> released before freeing IRQ.
> >>
> >> Signed-off-by: Qiang Yu <quic_qianyu@quicinc.com>
> >
> > Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
>
> This fixes the crash and my regression tests pass now, thanks. But
> please see my question below.
>
> Tested-by: Kalle Valo <kvalo@kernel.org>
>
Thanks Kalle!
> >> + /*
> >> + * If CONFIG_DEBUG_SHIRQ is set, the IRQ handler will get invoked during __free_irq()
> >> + * and by that time mhi_ctxt() would've freed. So check for the existence of mhi_ctxt
> >> + * before handling the IRQs.
> >> + */
> >> + if (!mhi_cntrl->mhi_ctxt) {
> >> + dev_dbg(&mhi_cntrl->mhi_dev->dev,
> >> + "mhi_ctxt has been freed\n");
> >> + return IRQ_HANDLED;
> >> + }
>
> I don't see any protection accessing mhi_cntrl->mhi_ctxt, is this really
> free of race conditions?
>
As Qiang said, it is safe to access mhi_ctxt here.
Thanks,
Mani
> --
> https://patchwork.kernel.org/project/linux-wireless/list/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
--
மணிவண்ணன் சதாசிவம்
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
WARNING: multiple messages have this Message-ID (diff)
From: Manivannan Sadhasivam <mani@kernel.org>
To: Kalle Valo <kvalo@kernel.org>
Cc: Qiang Yu <quic_qianyu@quicinc.com>,
quic_hemantk@quicinc.com, loic.poulain@linaro.org,
quic_jhugo@quicinc.com, mhi@lists.linux.dev,
linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
quic_cang@quicinc.com, ath11k@lists.infradead.org
Subject: Re: [PATCH v3 1/1] bus: mhi: host: Fix up null pointer access in mhi_irq_handler
Date: Fri, 29 Jul 2022 19:52:21 +0530 [thread overview]
Message-ID: <20220729142221.GA9937@thinkpad> (raw)
In-Reply-To: <87czdrrc95.fsf@kernel.org>
On Tue, Jul 26, 2022 at 08:53:58PM +0300, Kalle Valo wrote:
> Manivannan Sadhasivam <mani@kernel.org> writes:
>
> > +ath11k, Kalle
> >
> > On Fri, Jul 22, 2022 at 11:17:18AM +0800, Qiang Yu wrote:
> >> The irq handler for a shared IRQ ought to be prepared for running
> >> even now it's being freed. So let's check the pointer used by
> >> mhi_irq_handler to avoid null pointer access since it is probably
> >> released before freeing IRQ.
> >>
> >> Signed-off-by: Qiang Yu <quic_qianyu@quicinc.com>
> >
> > Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
>
> This fixes the crash and my regression tests pass now, thanks. But
> please see my question below.
>
> Tested-by: Kalle Valo <kvalo@kernel.org>
>
Thanks Kalle!
> >> + /*
> >> + * If CONFIG_DEBUG_SHIRQ is set, the IRQ handler will get invoked during __free_irq()
> >> + * and by that time mhi_ctxt() would've freed. So check for the existence of mhi_ctxt
> >> + * before handling the IRQs.
> >> + */
> >> + if (!mhi_cntrl->mhi_ctxt) {
> >> + dev_dbg(&mhi_cntrl->mhi_dev->dev,
> >> + "mhi_ctxt has been freed\n");
> >> + return IRQ_HANDLED;
> >> + }
>
> I don't see any protection accessing mhi_cntrl->mhi_ctxt, is this really
> free of race conditions?
>
As Qiang said, it is safe to access mhi_ctxt here.
Thanks,
Mani
> --
> https://patchwork.kernel.org/project/linux-wireless/list/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
--
மணிவண்ணன் சதாசிவம்
next prev parent reply other threads:[~2022-07-29 14:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 3:17 [PATCH v3 1/1] bus: mhi: host: Fix up null pointer access in mhi_irq_handler Qiang Yu
2022-07-26 8:05 ` Manivannan Sadhasivam
2022-07-26 8:06 ` Manivannan Sadhasivam
2022-07-26 8:06 ` Manivannan Sadhasivam
2022-07-26 17:53 ` Kalle Valo
2022-07-26 17:53 ` Kalle Valo
2022-07-29 14:22 ` Manivannan Sadhasivam [this message]
2022-07-29 14:22 ` Manivannan Sadhasivam
2022-08-29 16:20 ` Kalle Valo
2022-08-29 16:20 ` Kalle Valo
2022-08-29 17:26 ` Manivannan Sadhasivam
2022-08-29 17:26 ` Manivannan Sadhasivam
2022-08-30 5:25 ` Kalle Valo
2022-08-30 5:25 ` Kalle Valo
2022-07-29 14:26 ` Manivannan Sadhasivam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220729142221.GA9937@thinkpad \
--to=mani@kernel.org \
--cc=ath11k@lists.infradead.org \
--cc=kvalo@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=loic.poulain@linaro.org \
--cc=mhi@lists.linux.dev \
--cc=quic_cang@quicinc.com \
--cc=quic_hemantk@quicinc.com \
--cc=quic_jhugo@quicinc.com \
--cc=quic_qianyu@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.