2023-08-30 19:29:38

by Sudeep Holla

[permalink] [raw]
Subject: Re: [PATCH v1] firmware: arm_scmi: Fix NULL pointer dereference in mailbox_clear_channel

On Wed, Aug 30, 2023 at 01:07:47AM +0800, Qiujun Huang wrote:
> There is a race between the failure of probe and rx_callback (due to a
> delayed response).
>
> scmi_probe
> scmi_acquire_protocal
> do_xfer
> timeout
> mailbox_chan_free
> <--- delay response
> rx_callback
> mbox_free_channel
> cinfo->transport_info = NULL
> mailbox_clear_channel
> dereference cinfo->transport_info

It is always good to provide the kernel stacktrace which you get when a
NULL pointer is dereference. It helps for review and also to document it.

--
Regards,
Sudeep