[PATCH v2 13/13] mailbox: call request_irq after mbox queues are allocated

From: Suman Anna
Date: Tue Feb 12 2013 - 00:03:24 EST

Next message: Suman Anna: "[PATCH v2 09/13] mailbox: add no_irq send message"
Previous message: Suman Anna: "[PATCH v2 00/13] drivers: mailbox: framework creation"
In reply to: Suman Anna: "[PATCH v2 00/13] drivers: mailbox: framework creation"
Next in thread: Suman Anna: "[PATCH v2 09/13] mailbox: add no_irq send message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The mailbox startup code is enabling the interrupt even before
any of the associated mailbox queues are allocated. Any pending
received mailbox message could cause a kernel panic as soon as
the interrupt is enabled due to the dereferencing of non-existing
mailbox queues within the ISR.

Signed-off-by: Fernando Guzman Lugo <lugo.fernando@xxxxxxxxx>
Signed-off-by: Suman Anna <s-anna@xxxxxx>
---
drivers/mailbox/mailbox.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c
index c38241a..5fea5c2 100644
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -377,14 +377,6 @@ static int mailbox_startup(struct mailbox *mbox)
}

if (!mbox->use_count++) {
- ret = request_irq(mbox->irq, mbox_interrupt,
- IRQF_SHARED | IRQF_NO_SUSPEND,
- mbox->name, mbox);
- if (unlikely(ret)) {
- pr_err("failed to register mailbox interrupt:%d\n",
- ret);
- goto fail_request_irq;
- }
mq = mbox_queue_alloc(mbox, NULL, mbox_tx_tasklet);
if (!mq) {
ret = -ENOMEM;
@@ -399,17 +391,25 @@ static int mailbox_startup(struct mailbox *mbox)
}
mbox->rxq = mq;
mq->mbox = mbox;
+ ret = request_irq(mbox->irq, mbox_interrupt,
+ IRQF_SHARED | IRQF_NO_SUSPEND,
+ mbox->name, mbox);
+ if (unlikely(ret)) {
+ pr_err("failed to register mailbox interrupt:%d\n",
+ ret);
+ goto fail_request_irq;
+ }

mailbox_enable_irq(mbox, IRQ_RX);
}
mutex_unlock(&mbox_configured_lock);
return 0;

+fail_request_irq:
+ mbox_queue_free(mbox->rxq);
fail_alloc_rxq:
mbox_queue_free(mbox->txq);
fail_alloc_txq:
- free_irq(mbox->irq, mbox);
-fail_request_irq:
if (mbox->ops->shutdown)
mbox->ops->shutdown(mbox);
mbox->use_count--;
--
1.8.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Suman Anna: "[PATCH v2 09/13] mailbox: add no_irq send message"
Previous message: Suman Anna: "[PATCH v2 00/13] drivers: mailbox: framework creation"
In reply to: Suman Anna: "[PATCH v2 00/13] drivers: mailbox: framework creation"
Next in thread: Suman Anna: "[PATCH v2 09/13] mailbox: add no_irq send message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]