On Tue, Jul 26, 2022 at 08:53:58PM +0300, Kalle Valo wrote:
> Manivannan Sadhasivam <mani@xxxxxxxxxx> writes:
>
> > +ath11k, Kalle
> >
> > On Fri, Jul 22, 2022 at 11:17:18AM +0800, Qiang Yu wrote:
> >> The irq handler for a shared IRQ ought to be prepared for running
> >> even now it's being freed. So let's check the pointer used by
> >> mhi_irq_handler to avoid null pointer access since it is probably
> >> released before freeing IRQ.
> >>
> >> Signed-off-by: Qiang Yu <quic_qianyu@xxxxxxxxxxx>
> >
> > Reviewed-by: Manivannan Sadhasivam <mani@xxxxxxxxxx>
>
> This fixes the crash and my regression tests pass now, thanks. But
> please see my question below.
>
> Tested-by: Kalle Valo <kvalo@xxxxxxxxxx>
>
Thanks Kalle!
> >> + /*
> >> + * If CONFIG_DEBUG_SHIRQ is set, the IRQ handler will get invoked during __free_irq()
> >> + * and by that time mhi_ctxt() would've freed. So check for the existence of mhi_ctxt
> >> + * before handling the IRQs.
> >> + */
> >> + if (!mhi_cntrl->mhi_ctxt) {
> >> + dev_dbg(&mhi_cntrl->mhi_dev->dev,
> >> + "mhi_ctxt has been freed\n");
> >> + return IRQ_HANDLED;
> >> + }
>
> I don't see any protection accessing mhi_cntrl->mhi_ctxt, is this really
> free of race conditions?
>
As Qiang said, it is safe to access mhi_ctxt here.
Thanks,
Mani
> --
> https://patchwork.kernel.org/project/linux-wireless/list/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
--
மணிவண்ணன் சதாசிவம்
