Hello,
There seems to be a bug in lis_free_irq().
lis_spin_lock_irqsave(&lis_incr_lock, &psw) ;
for (; dv != NULL; dv = dv->link)
{
if (dv->dev_id == dev_id)
{
dv->handler = NULL ; <-------------- handler removed (A1)
dv->dev_id = NULL ;
dv->irq = 0 ;
lis_spin_unlock_irqrestore(&lis_incr_lock, &psw) ;
free_irq(irq, dv) ; <------------------------------- irq freed (A2)
return ;
}
}
lis_spin_unlock_irqrestore(&lis_incr_lock, &psw) ;
whereas:
static irqreturn_t lis_khandler(int irq, void *dev_id, struct pt_regs *regs) {
lis_devid_t *dv = (lis_devid_t *) dev_id ;
return(dv->handler(irq, dv->dev_id, regs)) ; <---------- handler can be called here (B1)
}
The problem is that if irq kicks in before it is released at (A2) but after handler is NULLed at (A1)
and lis_khandler() is called, it will fail at (B1) since dv->handler is NULL already.
Also, the dv structure that is allocated and linked to the list in lis_request_irq()
is not unlinked and freed in lis_free_irq().
I'm thinking how to fix this.
Any suggestions ?
thanks,
--
Eugene
Try the New Netscape Mail Today!
Virtually Spam-Free | More Storage | Import Your Contact List
http://mail.netscape.com
