Patch "media: allegro: ignore interrupt if mailbox is not initialized" has been added to the 5.14-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 14 Nov 2021 22:13:03 -0500

This is a note to let you know that I've just added the patch titled

    media: allegro: ignore interrupt if mailbox is not initialized

to the 5.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     media-allegro-ignore-interrupt-if-mailbox-is-not-ini.patch
and it can be found in the queue-5.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 24dc10efcc93e9adf228342cca13c936815c9c7d
Author: Michael Tretter <m.tretter@xxxxxxxxxxxxxx>
Date:   Wed Sep 8 14:03:10 2021 +0100

    media: allegro: ignore interrupt if mailbox is not initialized
    
    [ Upstream commit 1ecda6393db4be44aba27a243e648dc98c9b92e3 ]
    
    The mailbox is initialized after the interrupt handler is installed. As
    the firmware is loaded and started even later, it should not happen that
    the interrupt occurs without the mailbox being initialized.
    
    As the Linux Driver Verification project (linuxtesting.org) keeps
    reporting this as an error, add a check to ignore interrupts before the
    mailbox is initialized to fix this potential null pointer dereference.
    
    Reported-by: Yuri Savinykh <s02190703@xxxxxxxxxxxxx>
    Reported-by: Nadezda Lutovinova <lutovinova@xxxxxxxxx>
    Signed-off-by: Michael Tretter <m.tretter@xxxxxxxxxxxxxx>
    Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
    Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/media/platform/allegro-dvt/allegro-core.c b/drivers/media/platform/allegro-dvt/allegro-core.c
index 887b492e4ad1c..14a119b43bca0 100644
--- a/drivers/media/platform/allegro-dvt/allegro-core.c
+++ b/drivers/media/platform/allegro-dvt/allegro-core.c
@@ -2185,6 +2185,15 @@ static irqreturn_t allegro_irq_thread(int irq, void *data)
 {
 	struct allegro_dev *dev = data;
 
+	/*
+	 * The firmware is initialized after the mailbox is setup. We further
+	 * check the AL5_ITC_CPU_IRQ_STA register, if the firmware actually
+	 * triggered the interrupt. Although this should not happen, make sure
+	 * that we ignore interrupts, if the mailbox is not initialized.
+	 */
+	if (!dev->mbox_status)
+		return IRQ_NONE;
+
 	allegro_mbox_notify(dev->mbox_status);
 
 	return IRQ_HANDLED;






