When an interrupt occurs before st95hf_in_send_cmd() was called, the ISR
will currently dereference a NULL pointer. Fix this by checking whether
`cb_arg->complete_cb' is set, and bail out early if that's not the case.
Again spurious interrupts are likely to occur with EMI noise through the
antenna, and need to be handled gracefully.
Signed-off-by: Daniel Mack <daniel@xxxxxxxxxx>
---
drivers/nfc/st95hf/core.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/drivers/nfc/st95hf/core.c b/drivers/nfc/st95hf/core.c
index 99f84ddfdfef..7fdad67b1a4d 100644
--- a/drivers/nfc/st95hf/core.c
+++ b/drivers/nfc/st95hf/core.c
@@ -796,6 +796,13 @@ static irqreturn_t st95hf_irq_thread_handler(int irq, void *st95hfcontext)
goto end;
}
+ /*
+ * If the completion callback is not set, no command is currently
+ * active. Ignore the spurious interrupt.
+ */
+ if (unlikely(!cb_arg->complete_cb))
+ goto end;
+
/* if stcontext->ddev is %NULL, it means remove already ran */
if (!stcontext->ddev) {
result = -ENODEV;
@@ -844,8 +851,16 @@ static irqreturn_t st95hf_irq_thread_handler(int irq, void *st95hfcontext)
wtx = false;
cb_arg->rats = false;
skb_resp = ERR_PTR(result);
- /* call of callback with error */
- cb_arg->complete_cb(stcontext->ddev, cb_arg->cb_usrarg, skb_resp);
+
+ /*
+ * Report an error to the core. If cb_arg->complete_cb is unset,
+ * we're handling a spurious interrupt that can be ignored.
+ */
+ if (cb_arg->complete_cb)
+ cb_arg->complete_cb(stcontext->ddev,
+ cb_arg->cb_usrarg,
+ skb_resp);
+
mutex_unlock(&stcontext->rm_lock);
return IRQ_HANDLED;
}
--
2.17.1
