From adbf1b7e5af6916dbee91d5bb7e2d7f4a408e456 Mon Sep 17 00:00:00 2001 From: Suman Anna Date: Fri, 1 Feb 2013 20:37:06 -0600 Subject: [PATCH] mailbox: call request_irq after mbox queues are allocated The mailbox startup code is enabling the interrupt even before any of the associated mailbox queues are allocated. Any pending received mailbox message could cause a kernel panic as soon as the interrupt is enabled due to the dereferencing of non-existing mailbox queues within the ISR. Signed-off-by: Fernando Guzman Lugo Signed-off-by: Suman Anna --- drivers/mailbox/mailbox.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index c38241a8b44a..5fea5c276a61 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -377,14 +377,6 @@ static int mailbox_startup(struct mailbox *mbox) } if (!mbox->use_count++) { - ret = request_irq(mbox->irq, mbox_interrupt, - IRQF_SHARED | IRQF_NO_SUSPEND, - mbox->name, mbox); - if (unlikely(ret)) { - pr_err("failed to register mailbox interrupt:%d\n", - ret); - goto fail_request_irq; - } mq = mbox_queue_alloc(mbox, NULL, mbox_tx_tasklet); if (!mq) { ret = -ENOMEM; @@ -399,17 +391,25 @@ static int mailbox_startup(struct mailbox *mbox) } mbox->rxq = mq; mq->mbox = mbox; + ret = request_irq(mbox->irq, mbox_interrupt, + IRQF_SHARED | IRQF_NO_SUSPEND, + mbox->name, mbox); + if (unlikely(ret)) { + pr_err("failed to register mailbox interrupt:%d\n", + ret); + goto fail_request_irq; + } mailbox_enable_irq(mbox, IRQ_RX); } mutex_unlock(&mbox_configured_lock); return 0; +fail_request_irq: + mbox_queue_free(mbox->rxq); fail_alloc_rxq: mbox_queue_free(mbox->txq); fail_alloc_txq: - free_irq(mbox->irq, mbox); -fail_request_irq: if (mbox->ops->shutdown) mbox->ops->shutdown(mbox); mbox->use_count--; -- 2.39.5