ltq-adsl-mei: check status register before reading mailbox messages
The interrupt handler reads from the mailbox if no other reason for the
interrupt is known. If a spurious interrupt is received just after a
mailbox message has been sent, this means that the response to the
previous message is read again and returned by DSL_BSP_SendCMV instead
of the actual response.
To fix this, check the status register before reading from the mailbox
in the interrupt handler.
Tested on Fritzbox 7320. Without this change, there is occasionally a
kernel panic due to an out-of-bounds memory access in the ltq-adsl
driver (in DSL_DRV_DEV_G997_SnrAllocationNscGet), as a result of an
incorrect value returned by DSL_DRV_DANUBE_CmvRead. This is reproducible
by calling "dsl_cpe_pipe.sh g997dsnrg 1 1" multiple times.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://github.com/openwrt/openwrt/pull/19385
(cherry picked from commit
6889ea7b9a466b73f59fad9c6ae942728b907200)
Link: https://github.com/openwrt/openwrt/pull/19839
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
projects / thirdparty / openwrt.git / commit
