Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp686398pxb; Thu, 19 Aug 2021 08:52:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyP8B/uV5KJDrtQmf2eMFVIFbrb6hdUmjZNp9fJ6nJ9HYpjJ2lhg4HBF2JvXo69JReI/kKG X-Received: by 2002:a17:906:584b:: with SMTP id h11mr16612076ejs.209.1629388336641; Thu, 19 Aug 2021 08:52:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629388336; cv=none; d=google.com; s=arc-20160816; b=Jk5jNOwlgYlFNACMuPmcAYvf5Urt0XwLgkUhfLNDjJUOTcGNqAVufb84ZgEYIJQwUh kMV17XsBPTnMNaqF/hRCaiW13HH6+XEMCK7wWXJaVHjaquLMrrdri1jZWGMnCX52ZFeX qOFFnfsjwKBRBxdQiq/7IRk5NKP/HL3ZCNx8SJoCd1Rxd5XNScyDg0c/ULZQ1YbKGbh0 VrpSJsvGaGL9A6fNqSDJT8sDFY2wpY+nV2YmcLMnyfFxB39ddSmmK9UMK+dO4W4c96sN Jp07wWHnzQ8oyhg8YKnGz6OIQUXq72cpWKu+VLLq4CGwIP1WEs35YvnIVnRb26aRpmca ytww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=TzQGvxxdAZWYOswRySiJENYVY+FV4PnLH3BAkbTZxSg=; b=vWr3TXQdtmm+Ks7BxuhpwuKrP2s6PCvlqAiSWHNvvi9Buikgt8aWBTbmXOqoHHCa1d X8cVwDYYrPiJqKpPpOvzahVDTK62RebiTrt1dbqoHyIh76mnppg9RrM/NnQ6RCgSxHbo zbSKzP9s28frq2ZiEzp4IWQiyz0w2ONWhNtAkAbF18FB14CW+VfDuSkvqInzKYSm3DTr JE1QFCOn21cCIZcW5tKS5/NmINqGtNb6WkeOQE9Ir6g8YRdE8VYTG0yJffMrxSrKHMdo da07cB+3sLWzHxXZ/saXsWqZjB0rMH+z2eqlApXYm+sfsTIKD/2zFsL+69mubs0kk1Gn 55sw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j14si3601486edw.120.2021.08.19.08.51.51; Thu, 19 Aug 2021 08:52:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240689AbhHSPuT (ORCPT + 99 others); Thu, 19 Aug 2021 11:50:19 -0400 Received: from mail.ispras.ru ([83.149.199.84]:47272 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238776AbhHSPuS (ORCPT ); Thu, 19 Aug 2021 11:50:18 -0400 Received: from kleverstation.intra.ispras.ru (unknown [10.10.2.220]) by mail.ispras.ru (Postfix) with ESMTPS id 0E9424076273; Thu, 19 Aug 2021 15:49:41 +0000 (UTC) From: Nadezda Lutovinova To: Michael Tretter Cc: Nadezda Lutovinova , Pengutronix Kernel Team , Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org Subject: [PATCH] media: allegro: request irq after initializing mbox_status Date: Thu, 19 Aug 2021 18:49:35 +0300 Message-Id: <20210819154935.19826-1-lutovinova@ispras.ru> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If IRQ occurs between calling devm_request_threaded_irq() and allegro_firmware_request_nowait(), then null pointer dereference occurs since dev->mbox_status wasn't initialized yet but used in allegro_mbox_notify(). The patch puts registration of the interrupt handler after initializing of neccesery data. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Nadezda Lutovinova --- .../media/platform/allegro-dvt/allegro-core.c | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/media/platform/allegro-dvt/allegro-core.c b/drivers/media/platform/allegro-dvt/allegro-core.c index 887b492e4ad1..9c1997ff74e8 100644 --- a/drivers/media/platform/allegro-dvt/allegro-core.c +++ b/drivers/media/platform/allegro-dvt/allegro-core.c @@ -3707,18 +3707,6 @@ static int allegro_probe(struct platform_device *pdev) return PTR_ERR(dev->sram); } - irq = platform_get_irq(pdev, 0); - if (irq < 0) - return irq; - ret = devm_request_threaded_irq(&pdev->dev, irq, - allegro_hardirq, - allegro_irq_thread, - IRQF_SHARED, dev_name(&pdev->dev), dev); - if (ret < 0) { - dev_err(&pdev->dev, "failed to request irq: %d\n", ret); - return ret; - } - ret = v4l2_device_register(&pdev->dev, &dev->v4l2_dev); if (ret) return ret; @@ -3732,6 +3720,18 @@ static int allegro_probe(struct platform_device *pdev) return ret; } + irq = platform_get_irq(pdev, 0); + if (irq < 0) + return irq; + ret = devm_request_threaded_irq(&pdev->dev, irq, + allegro_hardirq, + allegro_irq_thread, + IRQF_SHARED, dev_name(&pdev->dev), dev); + if (ret < 0) { + dev_err(&pdev->dev, "failed to request irq: %d\n", ret); + return ret; + } + return 0; } -- 2.17.1