Manivannan Sadhasivam <mani@xxxxxxxxxx> writes:
> +ath11k, Kalle
>
> On Fri, Jul 22, 2022 at 11:17:18AM +0800, Qiang Yu wrote:
>> The irq handler for a shared IRQ ought to be prepared for running
>> even now it's being freed. So let's check the pointer used by
>> mhi_irq_handler to avoid null pointer access since it is probably
>> released before freeing IRQ.
>>
>> Signed-off-by: Qiang Yu <quic_qianyu@xxxxxxxxxxx>
>
> Reviewed-by: Manivannan Sadhasivam <mani@xxxxxxxxxx>
This fixes the crash and my regression tests pass now, thanks. But
please see my question below.
Tested-by: Kalle Valo <kvalo@xxxxxxxxxx>
>> + /*
>> + * If CONFIG_DEBUG_SHIRQ is set, the IRQ handler will get invoked during __free_irq()
>> + * and by that time mhi_ctxt() would've freed. So check for the existence of mhi_ctxt
>> + * before handling the IRQs.
>> + */
>> + if (!mhi_cntrl->mhi_ctxt) {
>> + dev_dbg(&mhi_cntrl->mhi_dev->dev,
>> + "mhi_ctxt has been freed\n");
>> + return IRQ_HANDLED;
>> + }
I don't see any protection accessing mhi_cntrl->mhi_ctxt, is this really
free of race conditions?
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
