| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Oct 2018 11:23:59 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Nathan Chancellor <natechancellor@...il.com>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Stephen Boyd <swboyd@...omium.org>,
Douglas Anderson <dianders@...omium.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Linus Walleij <linus.walleij@...aro.org>,
Sasha Levin <alexander.levin@...rosoft.com>
Subject: Re: [PATCH 4.4 093/113] pinctrl: msm: Really mask level interrupts
to prevent latching
On Mon, Oct 08, 2018 at 11:33:38PM -0700, Nathan Chancellor wrote:
> On Mon, Oct 08, 2018 at 08:31:34PM +0200, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Stephen Boyd <swboyd@...omium.org>
> >
> > [ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ]
> >
> > The interrupt controller hardware in this pin controller has two status
> > enable bits. The first "normal" status enable bit enables or disables
> > the summary interrupt line being raised when a gpio interrupt triggers
> > and the "raw" status enable bit allows or prevents the hardware from
> > latching an interrupt into the status register for a gpio interrupt.
> > Currently we just toggle the "normal" status enable bit in the mask and
> > unmask ops so that the summary irq interrupt going to the CPU's
> > interrupt controller doesn't trigger for the masked gpio interrupt.
> >
> > For a level triggered interrupt, the flow would be as follows: the pin
> > controller sees the interrupt, latches the status into the status
> > register, raises the summary irq to the CPU, summary irq handler runs
> > and calls handle_level_irq(), handle_level_irq() masks and acks the gpio
> > interrupt, the interrupt handler runs, and finally unmask the interrupt.
> > When the interrupt handler completes, we expect that the interrupt line
> > level will go back to the deasserted state so the genirq code can unmask
> > the interrupt without it triggering again.
> >
> > If we only mask the interrupt by clearing the "normal" status enable bit
> > then we'll ack the interrupt but it will continue to show up as pending
> > in the status register because the raw status bit is enabled, the
> > hardware hasn't deasserted the line, and thus the asserted state latches
> > into the status register again. When the hardware deasserts the
> > interrupt the pin controller still thinks there is a pending unserviced
> > level interrupt because it latched it earlier. This behavior causes
> > software to see an extra interrupt for level type interrupts each time
> > the interrupt is handled.
> >
> > Let's fix this by clearing the raw status enable bit for level type
> > interrupts so that the hardware stops latching the status of the
> > interrupt after we ack it. We don't do this for edge type interrupts
> > because it seems that toggling the raw status enable bit for edge type
> > interrupts causes spurious edge interrupts.
> >
> > Signed-off-by: Stephen Boyd <swboyd@...omium.org>
> > Reviewed-by: Douglas Anderson <dianders@...omium.org>
> > Reviewed-by: Bjorn Andersson <bjorn.andersson@...aro.org>
> > Signed-off-by: Linus Walleij <linus.walleij@...aro.org>
> > Signed-off-by: Sasha Levin <alexander.levin@...rosoft.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > ---
> > drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++++++++++++++
> > 1 file changed, 24 insertions(+)
> >
> > --- a/drivers/pinctrl/qcom/pinctrl-msm.c
> > +++ b/drivers/pinctrl/qcom/pinctrl-msm.c
> > @@ -577,6 +577,29 @@ static void msm_gpio_irq_mask(struct irq
> > spin_lock_irqsave(&pctrl->lock, flags);
> >
> > val = readl(pctrl->regs + g->intr_cfg_reg);
> > + /*
> > + * There are two bits that control interrupt forwarding to the CPU. The
> > + * RAW_STATUS_EN bit causes the level or edge sensed on the line to be
> > + * latched into the interrupt status register when the hardware detects
> > + * an irq that it's configured for (either edge for edge type or level
> > + * for level type irq). The 'non-raw' status enable bit causes the
> > + * hardware to assert the summary interrupt to the CPU if the latched
> > + * status bit is set. There's a bug though, the edge detection logic
> > + * seems to have a problem where toggling the RAW_STATUS_EN bit may
> > + * cause the status bit to latch spuriously when there isn't any edge
> > + * so we can't touch that bit for edge type irqs and we have to keep
> > + * the bit set anyway so that edges are latched while the line is masked.
> > + *
> > + * To make matters more complicated, leaving the RAW_STATUS_EN bit
> > + * enabled all the time causes level interrupts to re-latch into the
> > + * status register because the level is still present on the line after
> > + * we ack it. We clear the raw status enable bit during mask here and
> > + * set the bit on unmask so the interrupt can't latch into the hardware
> > + * while it's masked.
> > + */
> > + if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK)
> > + val &= ~BIT(g->intr_raw_status_bit);
> > +
> > val &= ~BIT(g->intr_enable_bit);
> > writel(val, pctrl->regs + g->intr_cfg_reg);
> >
> > @@ -598,6 +621,7 @@ static void msm_gpio_irq_unmask(struct i
> > spin_lock_irqsave(&pctrl->lock, flags);
> >
> > val = readl(pctrl->regs + g->intr_cfg_reg);
> > + val |= BIT(g->intr_raw_status_bit);
> > val |= BIT(g->intr_enable_bit);
> > writel(val, pctrl->regs + g->intr_cfg_reg);
> >
> >
> >
>
> Sigh, sorry, I caught this after I sent my initial all good email but
> this commit breaks NFC on my Pixel 2 XL (toggle becomes greyed out and
> apps that want to use it ask to enable it). I can't say why, I'm more
> than happy to debug but I'm assuming it's some voodoo that Qualcomm has
> done out of tree. I'll leave it up to you how to proceed given that I
> can't run mainline :(
Ugh, I hate the qualcomm changes...
Given the mess that all of the msm driver changes have, I'll go drop
this patch from the stable tree as I don't want to deal with the
fall-out for when people merge this to their device-specific trees.
thanks for testing and letting me know about this.
greg k-h
Powered by blists - more mailing lists