Re: [PATCH 4/4] mailbox: arm_mhu: Add ARM MHU doorbell driver

Jassi Brar <jassisinghbrar@xxxxxxxxx> · Wed, 7 Oct 2020 10:43:19 -0500



On Wed, Oct 7, 2020 at 6:40 AM Sudeep Holla <sudeep.holla@xxxxxxx> wrote:
>
> On Fri, Oct 02, 2020 at 02:42:37PM -0500, Jassi Brar wrote:
> > On Mon, Sep 28, 2020 at 6:45 AM Sudeep Holla <sudeep.holla@xxxxxxx> wrote:
> >
> > > +
> > > +static void mhu_db_shutdown(struct mbox_chan *chan)
> > > +{
> > > +       struct mhu_db_channel *chan_info = chan->con_priv;
> > > +       struct mbox_controller *mbox = &chan_info->mhu->mbox;
> > > +       int i;
> > > +
> > > +       for (i = 0; i < mbox->num_chans; i++)
> > > +               if (chan == &mbox->chans[i])
> > > +                       break;
> > > +
> > > +       if (mbox->num_chans == i) {
> > > +               dev_warn(mbox->dev, "Request to free non-existent channel\n");
> > > +               return;
> > > +       }
> > > +
> > > +       /* Reset channel */
> > > +       mhu_db_mbox_clear_irq(chan);
> > > +       chan->con_priv = NULL;
> > >
> > request->free->request will fail because of this NULL assignment.
> > Maybe add a 'taken' flag in mhu_db_channel, which should also be
> > checked before calling mbox_chan_received_data because the data may
> > arrive for a now relinquished channel.
> >
>
> Good point, but the new 'taken' flag will have the same race as con_priv.
> We need a lock here and can we use chan->lock or do you prefer this
> driver maintains it own for this purpose.
>
I meant the con_priv is allocated in mhu_db_mbox_xlate and simply
assigning it NULL leaks memory, if not a crash by some other path. At
least free it before.

-j