Issue:
While servicing interrupt, trying to access variable rng_op_done,
which is not yet initalized hence causing kernel to crash
while booting.
Fix:
Moving initialization of rng_op_done before request_irq.
Fixes: 1d5449445bd0 (hwrng: mx-rngc - add a driver for Freescale RNGC)
Signed-off-by: Kshitiz Varshney <[email protected]>
---
drivers/char/hw_random/imx-rngc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/char/hw_random/imx-rngc.c b/drivers/char/hw_random/imx-rngc.c
index b05d676ca814..53e571c4f283 100644
--- a/drivers/char/hw_random/imx-rngc.c
+++ b/drivers/char/hw_random/imx-rngc.c
@@ -270,6 +270,8 @@ static int imx_rngc_probe(struct platform_device *pdev)
goto err;
}
+ init_completion(&rngc->rng_op_done);
+
ret = devm_request_irq(&pdev->dev,
irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
if (ret) {
@@ -277,7 +279,6 @@ static int imx_rngc_probe(struct platform_device *pdev)
goto err;
}
- init_completion(&rngc->rng_op_done);
rngc->rng.name = pdev->name;
rngc->rng.init = imx_rngc_init;
--
2.25.1
Hello Kshitiz,
On 29.07.22 12:02, Kshitiz Varshney wrote:
> Issue:
> While servicing interrupt, trying to access variable rng_op_done,
> which is not yet initalized hence causing kernel to crash
> while booting.
>
> Fix:
> Moving initialization of rng_op_done before request_irq.
>
> Fixes: 1d5449445bd0 (hwrng: mx-rngc - add a driver for Freescale RNGC)
> Signed-off-by: Kshitiz Varshney <[email protected]>
Thanks for your patch.
> + init_completion(&rngc->rng_op_done);
> +
> ret = devm_request_irq(&pdev->dev,
> irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
This should probably be moved below imx_rngc_irq_mask_clear(rngc).
init_completion can stay where it is. That way:
- You initialize rngc fully before registering the IRQ handler
- You don't handle pending IRQs that you want to dismiss anyway
- If the IRQ happens to be because of a SEED_DONE due to a previous
boot stage, you don't end up completing the completion prematurely.
Cheers,
Ahmad
> if (ret) {
> @@ -277,7 +279,6 @@ static int imx_rngc_probe(struct platform_device *pdev)
> goto err;
> }
>
> - init_completion(&rngc->rng_op_done);
>
> rngc->rng.name = pdev->name;
> rngc->rng.init = imx_rngc_init;
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Hello Kshitiz & Ahmad,
Thus wrote Ahmad Fatoum ([email protected]):
> > + init_completion(&rngc->rng_op_done);
> > +
> > ret = devm_request_irq(&pdev->dev,
> > irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
> This should probably be moved below imx_rngc_irq_mask_clear(rngc).
> init_completion can stay where it is. That way:
I agree with Ahmad that this is the better approach.
We should clear pending irqs and disable interrupt sources on the
hardware level before we install our irq handler.
Best regards,
Martin
> - You initialize rngc fully before registering the IRQ handler
> - You don't handle pending IRQs that you want to dismiss anyway
> - If the IRQ happens to be because of a SEED_DONE due to a previous
> boot stage, you don't end up completing the completion prematurely.