lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <81eea2d6-1ad7-66ad-c63d-481eed106e2c@arm.com>
Date:   Wed, 8 Nov 2017 13:55:44 +0000
From:   Marc Zyngier <marc.zyngier@....com>
To:     Petr Cvek <petrcvekcz@...il.com>, hdegoede@...hat.com,
        tglx@...utronix.de
Cc:     linux-kernel@...r.kernel.org, philipp.zabel@...il.com
Subject: Re: regression in irq sharing caused by genirq: Use
 irqd_get_trigger_type to compare the trigger type for shared IRQs

On 08/11/17 13:35, Petr Cvek wrote:
> 
> 
> Dne 8.11.2017 v 14:11 Marc Zyngier napsal(a):
>> On 08/11/17 13:09, Marc Zyngier wrote:
>>> On 07/11/17 23:41, Petr Cvek wrote:
>>>> Hello,
>>>>
>>>> Commit 382bd4de61827 ("genirq: Use irqd_get_trigger_type to compare the
>>>> trigger type for shared IRQs") causes a regression for pda-power driver
>>>> and Magician machine (mach-pxa/magician.c).
>>>>
>>>>     unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data);
>>>>
>>>>     ... assert:
>>>> 	oldtype == 0	//new code
>>>> 	old->flags == 0x83	//old code
>>>> 	new->flags & IRQF_TRIGGER_MASK == 3
>>>>
>>>>     if (!((old->flags & new->flags) & IRQF_SHARED) ||
>>>> 	(oldtype != (new->flags & IRQF_TRIGGER_MASK)) ||
>>>> 	((old->flags ^ new->flags) & IRQF_ONESHOT))
>>>> 		goto mismatch;
>>>>
>>>> The assert shows the new code will trigger the jump for "mismatch" error
>>>> the old variant of code works fine.
>>>>
>>>> The case for Magician machine is specific as the same interrupt line is
>>>> requested twice from the same driver (pda-power). But it still could
>>>> point to some hidden problem in the IRQ setup code.
>>>>
>>>> I wasn't able to trace the code when desc->irq_data is getting set. The
>>>> flags values should be (as with old->flags):
>>>>
>>>> 	IRQF_SHARED | IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING
>>>>
>>>> It could be a problem with a weird IRQ sharing in magician code, but
>>>> it's still failing the driver and the start of the charging system.
>>>>
>>>> IRQ definition in arch/arm/mach-pxa/magician.c looks like this:
>>>>
>>>> static struct resource power_supply_resources[] = {
>>>> 	[0] = {
>>>> 		.name	= "ac",
>>>> 		.flags	= IORESOURCE_IRQ | IORESOURCE_IRQ_HIGHEDGE |
>>>> 			IORESOURCE_IRQ_LOWEDGE,
>>>> 		.start	= IRQ_MAGICIAN_VBUS,
>>>> 		.end	= IRQ_MAGICIAN_VBUS,
>>>> 	},
>>>> 	[1] = {
>>>> 		.name	= "usb",
>>>> 		.flags	= IORESOURCE_IRQ | IORESOURCE_IRQ_HIGHEDGE |
>>>> 			IORESOURCE_IRQ_LOWEDGE,
>>>> 		.start	= IRQ_MAGICIAN_VBUS,
>>>> 		.end	= IRQ_MAGICIAN_VBUS,
>>>> 	},
>>>> };
>>>>
>>>> and IRQ requests from drivers/power/supply/pda_power.c look like this:
>>>>
>>>> if (ac_irq) {
>>>> 	ret = request_irq(ac_irq->start, power_changed_isr,
>>>> 			  get_irq_flags(ac_irq), ac_irq->name,
>>>> 			  pda_psy_ac);
>>>> ...
>>>> if (usb_irq) {
>>>> 	ret = request_irq(usb_irq->start, power_changed_isr,
>>>> 			  get_irq_flags(usb_irq),
>>>> 			  usb_irq->name, pda_psy_usb);
>>>>
>>>> I could rewrite the part in the magician code so it would use only one
>>>> interrupt, but it doesn't solve why oldtype == 0 problem.
>>>
>>> Yeah, this is a pretty ugly corner case that crops up because we more
>>> and more assume things like DT, which is going to configure the expected
>>> trigger type ahead of the interrupt being requested... Of course, PXA is
>>> not converted to DT, and unlikely to ever be.
>>>
>>> Could you please give the following hack a go and let us know if it
>>> solves your problem? If it does, I'll think of a more generic solution.
> 
> Hi,
> yeah it works now and the assert is oldtype == 3 and old->flags == 3 so 
> neither versions of condition won't trigger goto mismatch.
Thanks for having tested it. Now we need to teach the core code that the
lack of a trigger means that we need to blindly trust the requester. But
it'd be good if we could do it only in the legacy case...

Head scratching time...

	M.
-- 
Jazz is not dead. It just smells funny...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ