Re: [PATCH 4/4] mailbox: arm_mhu: Add ARM MHU doorbell driver
From: Sudeep Holla
Date: Thu Oct 08 2020 - 04:50:04 EST
On Wed, Oct 07, 2020 at 10:43:19AM -0500, Jassi Brar wrote:
> On Wed, Oct 7, 2020 at 6:40 AM Sudeep Holla <sudeep.holla@xxxxxxx> wrote:
> >
> > On Fri, Oct 02, 2020 at 02:42:37PM -0500, Jassi Brar wrote:
> > > On Mon, Sep 28, 2020 at 6:45 AM Sudeep Holla <sudeep.holla@xxxxxxx> wrote:
> > >
> > > > +
> > > > +static void mhu_db_shutdown(struct mbox_chan *chan)
> > > > +{
> > > > + struct mhu_db_channel *chan_info = chan->con_priv;
> > > > + struct mbox_controller *mbox = &chan_info->mhu->mbox;
> > > > + int i;
> > > > +
> > > > + for (i = 0; i < mbox->num_chans; i++)
> > > > + if (chan == &mbox->chans[i])
> > > > + break;
> > > > +
> > > > + if (mbox->num_chans == i) {
> > > > + dev_warn(mbox->dev, "Request to free non-existent channel\n");
> > > > + return;
> > > > + }
> > > > +
> > > > + /* Reset channel */
> > > > + mhu_db_mbox_clear_irq(chan);
> > > > + chan->con_priv = NULL;
> > > >
> > > request->free->request will fail because of this NULL assignment.
> > > Maybe add a 'taken' flag in mhu_db_channel, which should also be
> > > checked before calling mbox_chan_received_data because the data may
> > > arrive for a now relinquished channel.
> > >
> >
> > Good point, but the new 'taken' flag will have the same race as con_priv.
> > We need a lock here and can we use chan->lock or do you prefer this
> > driver maintains it own for this purpose.
> >
> I meant the con_priv is allocated in mhu_db_mbox_xlate and simply
> assigning it NULL leaks memory, if not a crash by some other path. At
> least free it before.
>
Ah right, sorry got confused. Too much reliance on devm_* apis and I didn't
realise it was not in probe but in xlate which is mbox_startup path. Fixed
now, will post v2 with both issues addressed.
--
Regards,
Sudeep