From: Stephan Gerhold stephan.gerhold@linaro.org
[ Upstream commit 54898664e1eb6b5b3e6cdd9343c6eb15da776153 ]
A remoteproc could theoretically signal handover twice. This is unexpected and would break the reference counting for the handover resources (power domains, clocks, regulators, etc), so add a check to prevent that from happening.
Reviewed-by: Dmitry Baryshkov dmitry.baryshkov@oss.qualcomm.com Signed-off-by: Stephan Gerhold stephan.gerhold@linaro.org Link: https://lore.kernel.org/r/20250820-rproc-qcom-q6v5-fixes-v2-2-910b1a3aff71@l... Signed-off-by: Bjorn Andersson andersson@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
YES - `drivers/remoteproc/qcom_q6v5.c:167-177` now refuses to run the handover path when the interrupt fires a second time, logging the anomaly but otherwise leaving the first-handled state intact; the normal single-shot handover flow remains unchanged. - Without this guard, a duplicate handover IRQ re-enters target-specific clean-up hooks that drop regulator/clock/power-domain votes (`drivers/remoteproc/qcom_q6v5_pas.c:369-379`, `drivers/remoteproc/qcom_q6v5_adsp.c:454-460`, `drivers/remoteproc/qcom_q6v5_mss.c:1748-1758`), breaking their reference counting and potentially leaving critical resources permanently disabled—something a level-triggered or misbehaving remote firmware can trigger in the field. - The fix is self-contained and low risk: `qcom_q6v5_prepare` still resets `handover_issued = false` for each boot (`drivers/remoteproc/qcom_q6v5.c:64-66`), while the fallback path that manually issues the handover when the IRQ never arrives continues to work because the flag stays false in that scenario (`drivers/remoteproc/qcom_q6v5.c:79-88`).
Next step: consider picking this into all supported stable kernels carrying the Qualcomm q6v5 remoteproc stack so duplicated handover signals can’t cascade into power/clock mismanagement.
drivers/remoteproc/qcom_q6v5.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/drivers/remoteproc/qcom_q6v5.c b/drivers/remoteproc/qcom_q6v5.c index 769c6d6d6a731..58d5b85e58cda 100644 --- a/drivers/remoteproc/qcom_q6v5.c +++ b/drivers/remoteproc/qcom_q6v5.c @@ -164,6 +164,11 @@ static irqreturn_t q6v5_handover_interrupt(int irq, void *data) { struct qcom_q6v5 *q6v5 = data;
+ if (q6v5->handover_issued) { + dev_err(q6v5->dev, "Handover signaled, but it already happened\n"); + return IRQ_HANDLED; + } + if (q6v5->handover) q6v5->handover(q6v5);