dmaengine: dw-edma: Check MSI descriptor before copying

Modify dw_edma_irq_request() to check if a struct msi_desc entry exists
before copying the contents of its struct msi_msg pointer.

Without this sanity check, __get_cached_msi_msg() crashes when invoked by
dw_edma_irq_request() running on a Linux-based PCIe endpoint device. MSI
interrupt are not received by PCIe endpoint devices. If irq_get_msi_desc()
returns null, then there is no cached struct msi_msg to be copied.

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Alan Mikhak <alan.mikhak@sifive.com>
Acked-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
Link: https://lore.kernel.org/r/1587607101-31914-1-git-send-email-alan.mikhak@sifive.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>

diff --git a/drivers/dma/dw-edma/dw-edma-core.c b/drivers/dma/dw-edma/dw-edma-core.c
index db401eb..306ab50 100644 (file)
--- a/drivers/dma/dw-edma/dw-edma-core.c
+++ b/drivers/dma/dw-edma/dw-edma-core.c
@@ -13,6 +13,7 @@
 #include <linux/dmaengine.h>
 #include <linux/err.h>
 #include <linux/interrupt.h>
+#include <linux/irq.h>
 #include <linux/dma/edma.h>
 #include <linux/dma-mapping.h>
 
@@ -773,6 +774,7 @@ static int dw_edma_irq_request(struct dw_edma_chip *chip,
        u32 rd_mask = 1;
        int i, err = 0;
        u32 ch_cnt;
+       int irq;
 
        ch_cnt = dw->wr_ch_cnt + dw->rd_ch_cnt;
 
@@ -781,16 +783,16 @@ static int dw_edma_irq_request(struct dw_edma_chip *chip,
 
        if (dw->nr_irqs == 1) {
                /* Common IRQ shared among all channels */
-               err = request_irq(dw->ops->irq_vector(dev, 0),
-                                 dw_edma_interrupt_common,
+               irq = dw->ops->irq_vector(dev, 0);
+               err = request_irq(irq, dw_edma_interrupt_common,
                                  IRQF_SHARED, dw->name, &dw->irq[0]);
                if (err) {
                        dw->nr_irqs = 0;
                        return err;
                }
 
-               get_cached_msi_msg(dw->ops->irq_vector(dev, 0),
-                                  &dw->irq[0].msi);
+               if (irq_get_msi_desc(irq))
+                       get_cached_msi_msg(irq, &dw->irq[0].msi);
        } else {
                /* Distribute IRQs equally among all channels */
                int tmp = dw->nr_irqs;
@@ -804,7 +806,8 @@ static int dw_edma_irq_request(struct dw_edma_chip *chip,
                dw_edma_add_irq_mask(&rd_mask, *rd_alloc, dw->rd_ch_cnt);
 
                for (i = 0; i < (*wr_alloc + *rd_alloc); i++) {
-                       err = request_irq(dw->ops->irq_vector(dev, i),
+                       irq = dw->ops->irq_vector(dev, i);
+                       err = request_irq(irq,
                                          i < *wr_alloc ?
                                                dw_edma_interrupt_write :
                                                dw_edma_interrupt_read,
@@ -815,8 +818,8 @@ static int dw_edma_irq_request(struct dw_edma_chip *chip,
                                return err;
                        }
 
-                       get_cached_msi_msg(dw->ops->irq_vector(dev, i),
-                                          &dw->irq[i].msi);
+                       if (irq_get_msi_desc(irq))
+                               get_cached_msi_msg(irq, &dw->irq[i].msi);
                }
 
                dw->nr_irqs = i;