Received: by 2002:a05:7412:1703:b0:e2:908c:2ebd with SMTP id dm3csp4008999rdb;
        Wed, 30 Aug 2023 12:29:38 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHxA84uyKbX3JLBe/ntkaXVJnXaFKgwaV/6GolZRPJRLXMjU0rlffxwfKIovRI83xjuE5eV
X-Received: by 2002:a05:6a20:9147:b0:126:9081:2156 with SMTP id x7-20020a056a20914700b0012690812156mr3445142pzc.4.1693423777983;
        Wed, 30 Aug 2023 12:29:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1693423777; cv=none;
        d=google.com; s=arc-20160816;
        b=HaUAzhK3VQb/wCCx3i1Bl+el/8fJvy88PB/vbfKD9MbuDd7LBYnXsBHkQM/nFl0J9+
         Bgqz3uuRl0XEphAftuxVUmIw1daOV/eIIAa/BBuxGQNStJ82LwpXszdSOOghHpeT0guU
         TThANn8G13SpFRjUbgNhygjynoDyQjp7+3DcwLZJiXPCO7vOutzmFvRE7fQiciVGcRSy
         KrrgYTtHw5r1nan58I6HVDJT20zZ419T5hexEmEGaVXCtxY+ZxT/HIqYV7rBaK2SY1Dy
         p+u5gZpYJ0UEXwaEqQxiv5m5bpqJknNElpV4di4PjsW31SkNtWqGMv0RcvEzw4aCe0e+
         eoxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=+tPHCB95S1y7AXQ8ihJMJ46js6ACc/dVykdHlrtCma4=;
        fh=lhLFUhRSSS8AoPvcaMgzrJpNwHrg2n8vFW/zDYrYmmM=;
        b=XNqls3yKF4qoVhoEeQ+pyokQg1oSNVyEod0QqWdqLU7wc/3zB3F2gBxaDGWA8IDSk2
         859VIigYmMKah4JIGwyP7SroELSCuCQVWG66wkalpH0bVRJcgfVoqzAC0aTUs409Sag9
         YHJkzjjV1CYQsCvjEusQ3lKCmJvi85fz8znoZVZZVo2iistV8JxRlCff9+y5cIY7S7JW
         ynkerqJeZfXU8ty/ye4oWeXXzuO9UPYEOwlylJnefcHwBp948ATR2zXlpZ/+y9WXmTHL
         ZXTu4FrnWWwfZMOTUAftmoU7ryAwLySk7PVyfXbcysfOBiGxhT3AUZnDcCw5fBo5xL/m
         GMYA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id f7-20020a056a0022c700b0068843d0b3c7si2978402pfj.209.2023.08.30.12.29.25;
        Wed, 30 Aug 2023 12:29:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S245325AbjH3TWL (ORCPT <rfc822;wujunke19920621@gmail.com>
        + 99 others); Wed, 30 Aug 2023 15:22:11 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48848 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242793AbjH3JkE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Aug 2023 05:40:04 -0400
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5DEC3137
        for <linux-kernel@vger.kernel.org>; Wed, 30 Aug 2023 02:40:01 -0700 (PDT)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8B2F52F4;
        Wed, 30 Aug 2023 02:40:40 -0700 (PDT)
Received: from bogus (unknown [10.57.36.157])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C39DF3F64C;
        Wed, 30 Aug 2023 02:39:59 -0700 (PDT)
Date:   Wed, 30 Aug 2023 10:39:02 +0100
From:   Sudeep Holla <sudeep.holla@arm.com>
To:     Qiujun Huang <hqjagain@gmail.com>
Cc:     cristian.marussi@arm.com, linux-arm-kernel@lists.infradead.org,
        Sudeep Holla <sudeep.holla@arm.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1] firmware: arm_scmi: Fix NULL pointer dereference in
 mailbox_clear_channel
Message-ID: <20230830093902.duvvjimgwddh7qbt@bogus>
References: <ED5DC8DB-AE81-4380-8AE5-588F370CD4B0@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ED5DC8DB-AE81-4380-8AE5-588F370CD4B0@gmail.com>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 30, 2023 at 01:07:47AM +0800, Qiujun Huang wrote:
> There is a race between the failure of probe and rx_callback (due to a
> delayed response).
> 
> scmi_probe
> scmi_acquire_protocal
> do_xfer
>  timeout
> mailbox_chan_free
>                                                     <--- delay response
>                                                            rx_callback
> mbox_free_channel
> cinfo->transport_info = NULL
>                                                           mailbox_clear_channel
>                                                          dereference cinfo->transport_info

It is always good to provide the kernel stacktrace which you get when a
NULL pointer is dereference. It helps for review and also to document it.

-- 
Regards,
Sudeep