On 8/9/23 03:40, Greg Kroah-Hartman wrote:
From: Cristian Marussi cristian.marussi@arm.com
[ Upstream commit d1ff11d7ad8704f8d615f6446041c221b2d2ec4d ]
SCMI transport based on SMC can optionally use an additional IRQ to signal message completion. The associated interrupt handler is currently allocated using devres but on shutdown the core SCMI stack will call .chan_free() well before any managed cleanup is invoked by devres. As a consequence, the arrival of a late reply to an in-flight pending transaction could still trigger the interrupt handler well after the SCMI core has cleaned up the channels, with unpleasant results.
Inhibit further message processing on the IRQ path by explicitly freeing the IRQ inside .chan_free() callback itself.
Fixes: dd820ee21d5e ("firmware: arm_scmi: Augment SMC/HVC to allow optional interrupt") Reported-by: Bjorn Andersson andersson@kernel.org Signed-off-by: Cristian Marussi cristian.marussi@arm.com Link: https://lore.kernel.org/r/20230719173533.2739319-1-cristian.marussi@arm.com Signed-off-by: Sudeep Holla sudeep.holla@arm.com Signed-off-by: Sasha Levin sashal@kernel.org
drivers/firmware/arm_scmi/smc.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/firmware/arm_scmi/smc.c b/drivers/firmware/arm_scmi/smc.c index 4effecc3bb463..f529004f1922e 100644 --- a/drivers/firmware/arm_scmi/smc.c +++ b/drivers/firmware/arm_scmi/smc.c @@ -21,6 +21,7 @@ /**
- struct scmi_smc - Structure representing a SCMI smc transport
- @irq: An optional IRQ for completion
- @cinfo: SCMI channel info
- @shmem: Transmit/Receive shared memory area
- @shmem_lock: Lock to protect access to Tx/Rx shared memory area
@@ -30,6 +31,7 @@ */ struct scmi_smc {
- int irq;
For this backport to apply as-is and not define a duplicate "int irq" field we need to take in f716cbd33f038af87824c30e165b3b70e4c6be1e ("firmware: arm_scmi: Make smc transport use common completions") which did remove the "int irq" from struct scmi_smc.
Alternatively, we can just omit this hunk adding the "int irq" member from the back port.
This is a 5.15 stable kernel problem only because f716cbd33f038af87824c30e165b3b70e4c6be1e is in v5.18 and newer.