| Message ID | 1414699267-17970-1-git-send-email-abrestic@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 31 October 2014 01:31, Andrew Bresticker <abrestic@chromium.org> wrote: > If a message has been received on a channel, but no client has yet bound > to it, mbox_chan_received_data() will dereference a NULL client pointer. > Check for the presence of a client first. > Let me quote from the documentation of the API .... /** .... * After startup and before shutdown any data received on the chan * is passed on to the API via atomic mbox_chan_received_data(). * The controller should ACK the RX only after this call returns. */ Please note "after startup and before shutdown". We can sure suppress the crash by returning from mbox_chan_received_data() but would that be neat? Because the real problem lies with the controller driver that pushes data even from a mailbox that nobody has 'enabled'. I can see your virtual-channel implementation needs to maintain a field for each such channel, but for physically discreet channels it would usually be a simple matter of setting/clearing a bit (IRQ Enable/Disable). However, I think even for your case, you could simply set/clear the 'con_priv' instead of 'vchan_allocated' and use that hint whether to push RX data up to the core or not. Thanks Jassi
diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index afcb430..5008028 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -142,7 +142,7 @@ static void poll_txdone(unsigned long data) void mbox_chan_received_data(struct mbox_chan *chan, void *mssg) { /* No buffering the received data */ - if (chan->cl->rx_callback) + if (chan->cl && chan->cl->rx_callback) chan->cl->rx_callback(chan->cl, mssg); } EXPORT_SYMBOL_GPL(mbox_chan_received_data);
If a message has been received on a channel, but no client has yet bound to it, mbox_chan_received_data() will dereference a NULL client pointer. Check for the presence of a client first. Signed-off-by: Andrew Bresticker <abrestic@chromium.org> --- drivers/mailbox/mailbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)