@@ -796,6 +796,13 @@ static irqreturn_t st95hf_irq_thread_handler(int irq, void *st95hfcontext)
goto end;
}
+ /*
+ * If the completion callback is not set, no command is currently
+ * active. Ignore the spurious interrupt.
+ */
+ if (unlikely(!cb_arg->complete_cb))
+ goto end;
+
/* if stcontext->ddev is %NULL, it means remove already ran */
if (!stcontext->ddev) {
result = -ENODEV;
@@ -844,8 +851,16 @@ static irqreturn_t st95hf_irq_thread_handler(int irq, void *st95hfcontext)
wtx = false;
cb_arg->rats = false;
skb_resp = ERR_PTR(result);
- /* call of callback with error */
- cb_arg->complete_cb(stcontext->ddev, cb_arg->cb_usrarg, skb_resp);
+
+ /*
+ * Report an error to the core. If cb_arg->complete_cb is unset,
+ * we're handling a spurious interrupt that can be ignored.
+ */
+ if (cb_arg->complete_cb)
+ cb_arg->complete_cb(stcontext->ddev,
+ cb_arg->cb_usrarg,
+ skb_resp);
+
mutex_unlock(&stcontext->rm_lock);
return IRQ_HANDLED;
}
When an interrupt occurs before st95hf_in_send_cmd() was called, the ISR will currently dereference a NULL pointer. Fix this by checking whether `cb_arg->complete_cb' is set, and bail out early if that's not the case. Again spurious interrupts are likely to occur with EMI noise through the antenna, and need to be handled gracefully. Signed-off-by: Daniel Mack <daniel@zonque.org> --- drivers/nfc/st95hf/core.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-)