[PATCH 2/3] mailbox: Avoid NULL dereference in mbox_chan_received_data
Jassi Brar
jassisinghbrar at gmail.com
Thu Mar 1 05:32:34 PST 2018
On Wed, Feb 28, 2018 at 7:57 AM, Samuel Holland <samuel at sholland.org> wrote:
> If a reception IRQ is pending when a mailbox channel is shut down (for
> example, if the controller uses threaded interrupts), it is possible for
> mbox_chan_received_data to be called while chan->cl is NULL.
>
We can add a check in mailbox.c, but that is like shoving it under the carpet.
How does your code look like? mbox_chan_received_data() is meant to
be called from interrupt context as its documentation says.
Also the controller driver is responsible for ceasing any transient
xfer before returning from shutdown() callback.
Cheers!
More information about the linux-arm-kernel
mailing list