lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181009092359.GD19241@kroah.com>
Date:   Tue, 9 Oct 2018 11:23:59 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Nathan Chancellor <natechancellor@...il.com>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Stephen Boyd <swboyd@...omium.org>,
        Douglas Anderson <dianders@...omium.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        Sasha Levin <alexander.levin@...rosoft.com>
Subject: Re: [PATCH 4.4 093/113] pinctrl: msm: Really mask level interrupts
 to prevent latching

On Mon, Oct 08, 2018 at 11:33:38PM -0700, Nathan Chancellor wrote:
> On Mon, Oct 08, 2018 at 08:31:34PM +0200, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > 
> > ------------------
> > 
> > From: Stephen Boyd <swboyd@...omium.org>
> > 
> > [ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ]
> > 
> > The interrupt controller hardware in this pin controller has two status
> > enable bits. The first "normal" status enable bit enables or disables
> > the summary interrupt line being raised when a gpio interrupt triggers
> > and the "raw" status enable bit allows or prevents the hardware from
> > latching an interrupt into the status register for a gpio interrupt.
> > Currently we just toggle the "normal" status enable bit in the mask and
> > unmask ops so that the summary irq interrupt going to the CPU's
> > interrupt controller doesn't trigger for the masked gpio interrupt.
> > 
> > For a level triggered interrupt, the flow would be as follows: the pin
> > controller sees the interrupt, latches the status into the status
> > register, raises the summary irq to the CPU, summary irq handler runs
> > and calls handle_level_irq(), handle_level_irq() masks and acks the gpio
> > interrupt, the interrupt handler runs, and finally unmask the interrupt.
> > When the interrupt handler completes, we expect that the interrupt line
> > level will go back to the deasserted state so the genirq code can unmask
> > the interrupt without it triggering again.
> > 
> > If we only mask the interrupt by clearing the "normal" status enable bit
> > then we'll ack the interrupt but it will continue to show up as pending
> > in the status register because the raw status bit is enabled, the
> > hardware hasn't deasserted the line, and thus the asserted state latches
> > into the status register again. When the hardware deasserts the
> > interrupt the pin controller still thinks there is a pending unserviced
> > level interrupt because it latched it earlier. This behavior causes
> > software to see an extra interrupt for level type interrupts each time
> > the interrupt is handled.
> > 
> > Let's fix this by clearing the raw status enable bit for level type
> > interrupts so that the hardware stops latching the status of the
> > interrupt after we ack it. We don't do this for edge type interrupts
> > because it seems that toggling the raw status enable bit for edge type
> > interrupts causes spurious edge interrupts.
> > 
> > Signed-off-by: Stephen Boyd <swboyd@...omium.org>
> > Reviewed-by: Douglas Anderson <dianders@...omium.org>
> > Reviewed-by: Bjorn Andersson <bjorn.andersson@...aro.org>
> > Signed-off-by: Linus Walleij <linus.walleij@...aro.org>
> > Signed-off-by: Sasha Levin <alexander.levin@...rosoft.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > ---
> >  drivers/pinctrl/qcom/pinctrl-msm.c |   24 ++++++++++++++++++++++++
> >  1 file changed, 24 insertions(+)
> > 
> > --- a/drivers/pinctrl/qcom/pinctrl-msm.c
> > +++ b/drivers/pinctrl/qcom/pinctrl-msm.c
> > @@ -577,6 +577,29 @@ static void msm_gpio_irq_mask(struct irq
> >  	spin_lock_irqsave(&pctrl->lock, flags);
> >  
> >  	val = readl(pctrl->regs + g->intr_cfg_reg);
> > +	/*
> > +	 * There are two bits that control interrupt forwarding to the CPU. The
> > +	 * RAW_STATUS_EN bit causes the level or edge sensed on the line to be
> > +	 * latched into the interrupt status register when the hardware detects
> > +	 * an irq that it's configured for (either edge for edge type or level
> > +	 * for level type irq). The 'non-raw' status enable bit causes the
> > +	 * hardware to assert the summary interrupt to the CPU if the latched
> > +	 * status bit is set. There's a bug though, the edge detection logic
> > +	 * seems to have a problem where toggling the RAW_STATUS_EN bit may
> > +	 * cause the status bit to latch spuriously when there isn't any edge
> > +	 * so we can't touch that bit for edge type irqs and we have to keep
> > +	 * the bit set anyway so that edges are latched while the line is masked.
> > +	 *
> > +	 * To make matters more complicated, leaving the RAW_STATUS_EN bit
> > +	 * enabled all the time causes level interrupts to re-latch into the
> > +	 * status register because the level is still present on the line after
> > +	 * we ack it. We clear the raw status enable bit during mask here and
> > +	 * set the bit on unmask so the interrupt can't latch into the hardware
> > +	 * while it's masked.
> > +	 */
> > +	if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK)
> > +		val &= ~BIT(g->intr_raw_status_bit);
> > +
> >  	val &= ~BIT(g->intr_enable_bit);
> >  	writel(val, pctrl->regs + g->intr_cfg_reg);
> >  
> > @@ -598,6 +621,7 @@ static void msm_gpio_irq_unmask(struct i
> >  	spin_lock_irqsave(&pctrl->lock, flags);
> >  
> >  	val = readl(pctrl->regs + g->intr_cfg_reg);
> > +	val |= BIT(g->intr_raw_status_bit);
> >  	val |= BIT(g->intr_enable_bit);
> >  	writel(val, pctrl->regs + g->intr_cfg_reg);
> >  
> > 
> > 
> 
> Sigh, sorry, I caught this after I sent my initial all good email but
> this commit breaks NFC on my Pixel 2 XL (toggle becomes greyed out and
> apps that want to use it ask to enable it). I can't say why, I'm more
> than happy to debug but I'm assuming it's some voodoo that Qualcomm has
> done out of tree. I'll leave it up to you how to proceed given that I
> can't run mainline :(

Ugh, I hate the qualcomm changes...

Given the mess that all of the msm driver changes have, I'll go drop
this patch from the stable tree as I don't want to deal with the
fall-out for when people merge this to their device-specific trees.

thanks for testing and letting me know about this.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ