summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
authorRunyu Xiao <runyu.xiao@seu.edu.cn>2026-05-31 17:54:35 +0300
committerJohannes Berg <johannes.berg@intel.com>2026-06-03 15:11:56 +0300
commit5a9c554ff86d7f3750d95ce72ad0666e02e37b92 (patch)
tree52c6b91287bc37985326d38bd1d3b46aa3ba4080 /include/linux
parent58b14058ede0476ff746190873522ab176b9de38 (diff)
downloadlinux-5a9c554ff86d7f3750d95ce72ad0666e02e37b92.tar.xz
wifi: qtnfmac: topaz: defer IRQ enabling until IPC init
qtnf_pcie_topaz_probe() currently calls devm_request_irq() and only then disable_irq(). request_irq() installs the action in the irq core immediately, so qtnf_pcie_topaz_interrupt() can run before the Topaz private IRQ consumers are initialized, if the hardware misbehaves. This window is reachable on a running system as soon as probe has successfully registered pdev->irq but before qtnf_pcie_init_shm_ipc() sets shm_ipc_ep_in/out.irq_handler. If an interrupt is delivered in this interval, qtnf_pcie_topaz_interrupt() calls qtnf_shm_ipc_irq_handler() for shm_ipc_ep_in/out while their irq_handler callbacks are still unset, so the driver can observe an early IRQ before its IPC consumer state is ready. The issue was found on Linux v6.18.21 by our static analysis tool while scanning request_irq()/disable_irq() registration-order bugs in wireless PCIe drivers, and then manually reviewed. Request the IRQ with IRQF_NO_AUTOEN instead and keep the existing enable_irq() in qtnf_post_init_ep() as the point where interrupts become visible. This closes the early-IRQ window while preserving the intended bring-up order. Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn> Link: https://patch.msgid.link/20260531145435.701703-1-runyu.xiao@seu.edu.cn Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions