drivers: rmnet_shs: Fix ep down race condition
Previously when a vnd would go down we would clear it's struct in netdev_notifier_cb context. However if rmnet_shs_wq is running it can get into a state where the struct has been cleared but has passed error checking. Resulting in a use after clear error of our own internal ep structs. This error can cause the following stack error. <6> Unable to handle kernel NULL pointer dereference at virtual address 00000328 <6> Mem abort info: <6> Exception class = DABT (current EL), IL = 32 bits <6> SET = 0, FnV = 0 <6> EA = 0, S1PTW = 0 <6> FSC = 5 <6> Data abort info: <6> ISV = 0, ISS = 0x00000005 <6> CM = 0, WnR = 0 <6> user pgtable: 4k pages, 39-bit VAs, pgd = 0000000071c11f76 <6> [0000000000000328] *pgd=0000000000000000, *pud=0000000000000000 <6> Internal error: Oops: 96000005 [#1] PREEMPT SMP <2> pc : rmnet_shs_wq_update_ep_rps_msk+0x24/0xb0 [rmnet_shs] <2> lr : rmnet_shs_wq_update_ep_rps_msk+0x1c/0xb0 [rmnet_shs] <2> Call trace: <2> rmnet_shs_wq_update_ep_rps_msk+0x24/0xb0 [rmnet_shs] <2> rmnet_shs_wq_refresh_ep_masks+0x3c/0x54 [rmnet_shs] <2> rmnet_shs_wq_process_wq+0x140/0x83c [rmnet_shs] <2> process_one_work+0x1e0/0x410 <2> worker_thread+0x27c/0x38c <2> kthread+0x12c/0x13c <2> ret_from_fork+0x10/0x18 <6> Code: b40003b3 94000900 f9400a68 f9400508 (f9419508) Change-Id: Ic1529b0e2645df08432c1ba22821db68d1c58951 Acked-by:Raul Martinez <mraul@qti.qualcomm.com> Signed-off-by:
Loading
Please register or sign in to comment