lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Oct 2018 09:57:59 -0700
From:   Bjorn Andersson <bjorn.andersson@...aro.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Nathan Chancellor <natechancellor@...il.com>,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Stephen Boyd <swboyd@...omium.org>,
        Douglas Anderson <dianders@...omium.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        Sasha Levin <alexander.levin@...rosoft.com>
Subject: Re: [PATCH 4.4 093/113] pinctrl: msm: Really mask level interrupts
 to prevent latching

On Tue 09 Oct 02:23 PDT 2018, Greg Kroah-Hartman wrote:

> On Mon, Oct 08, 2018 at 11:33:38PM -0700, Nathan Chancellor wrote:
> > On Mon, Oct 08, 2018 at 08:31:34PM +0200, Greg Kroah-Hartman wrote:
> > > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > > 
> > > ------------------
> > > 
> > > From: Stephen Boyd <swboyd@...omium.org>
> > > 
> > > [ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ]
> > > 
> > > The interrupt controller hardware in this pin controller has two status
> > > enable bits. The first "normal" status enable bit enables or disables
> > > the summary interrupt line being raised when a gpio interrupt triggers
> > > and the "raw" status enable bit allows or prevents the hardware from
> > > latching an interrupt into the status register for a gpio interrupt.
> > > Currently we just toggle the "normal" status enable bit in the mask and
> > > unmask ops so that the summary irq interrupt going to the CPU's
> > > interrupt controller doesn't trigger for the masked gpio interrupt.
> > > 
> > > For a level triggered interrupt, the flow would be as follows: the pin
> > > controller sees the interrupt, latches the status into the status
> > > register, raises the summary irq to the CPU, summary irq handler runs
> > > and calls handle_level_irq(), handle_level_irq() masks and acks the gpio
> > > interrupt, the interrupt handler runs, and finally unmask the interrupt.
> > > When the interrupt handler completes, we expect that the interrupt line
> > > level will go back to the deasserted state so the genirq code can unmask
> > > the interrupt without it triggering again.
> > > 
> > > If we only mask the interrupt by clearing the "normal" status enable bit
> > > then we'll ack the interrupt but it will continue to show up as pending
> > > in the status register because the raw status bit is enabled, the
> > > hardware hasn't deasserted the line, and thus the asserted state latches
> > > into the status register again. When the hardware deasserts the
> > > interrupt the pin controller still thinks there is a pending unserviced
> > > level interrupt because it latched it earlier. This behavior causes
> > > software to see an extra interrupt for level type interrupts each time
> > > the interrupt is handled.
> > > 
> > > Let's fix this by clearing the raw status enable bit for level type
> > > interrupts so that the hardware stops latching the status of the
> > > interrupt after we ack it. We don't do this for edge type interrupts
> > > because it seems that toggling the raw status enable bit for edge type
> > > interrupts causes spurious edge interrupts.
> > > 
> > > Signed-off-by: Stephen Boyd <swboyd@...omium.org>
> > > Reviewed-by: Douglas Anderson <dianders@...omium.org>
> > > Reviewed-by: Bjorn Andersson <bjorn.andersson@...aro.org>
> > > Signed-off-by: Linus Walleij <linus.walleij@...aro.org>
> > > Signed-off-by: Sasha Levin <alexander.levin@...rosoft.com>
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > ---
> > >  drivers/pinctrl/qcom/pinctrl-msm.c |   24 ++++++++++++++++++++++++
> > >  1 file changed, 24 insertions(+)
> > > 
> > > --- a/drivers/pinctrl/qcom/pinctrl-msm.c
> > > +++ b/drivers/pinctrl/qcom/pinctrl-msm.c
> > > @@ -577,6 +577,29 @@ static void msm_gpio_irq_mask(struct irq
> > >  	spin_lock_irqsave(&pctrl->lock, flags);
> > >  
> > >  	val = readl(pctrl->regs + g->intr_cfg_reg);
> > > +	/*
> > > +	 * There are two bits that control interrupt forwarding to the CPU. The
> > > +	 * RAW_STATUS_EN bit causes the level or edge sensed on the line to be
> > > +	 * latched into the interrupt status register when the hardware detects
> > > +	 * an irq that it's configured for (either edge for edge type or level
> > > +	 * for level type irq). The 'non-raw' status enable bit causes the
> > > +	 * hardware to assert the summary interrupt to the CPU if the latched
> > > +	 * status bit is set. There's a bug though, the edge detection logic
> > > +	 * seems to have a problem where toggling the RAW_STATUS_EN bit may
> > > +	 * cause the status bit to latch spuriously when there isn't any edge
> > > +	 * so we can't touch that bit for edge type irqs and we have to keep
> > > +	 * the bit set anyway so that edges are latched while the line is masked.
> > > +	 *
> > > +	 * To make matters more complicated, leaving the RAW_STATUS_EN bit
> > > +	 * enabled all the time causes level interrupts to re-latch into the
> > > +	 * status register because the level is still present on the line after
> > > +	 * we ack it. We clear the raw status enable bit during mask here and
> > > +	 * set the bit on unmask so the interrupt can't latch into the hardware
> > > +	 * while it's masked.
> > > +	 */
> > > +	if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK)
> > > +		val &= ~BIT(g->intr_raw_status_bit);
> > > +
> > >  	val &= ~BIT(g->intr_enable_bit);
> > >  	writel(val, pctrl->regs + g->intr_cfg_reg);
> > >  
> > > @@ -598,6 +621,7 @@ static void msm_gpio_irq_unmask(struct i
> > >  	spin_lock_irqsave(&pctrl->lock, flags);
> > >  
> > >  	val = readl(pctrl->regs + g->intr_cfg_reg);
> > > +	val |= BIT(g->intr_raw_status_bit);
> > >  	val |= BIT(g->intr_enable_bit);
> > >  	writel(val, pctrl->regs + g->intr_cfg_reg);
> > >  
> > > 
> > > 
> > 
> > Sigh, sorry, I caught this after I sent my initial all good email but
> > this commit breaks NFC on my Pixel 2 XL (toggle becomes greyed out and
> > apps that want to use it ask to enable it). I can't say why, I'm more
> > than happy to debug but I'm assuming it's some voodoo that Qualcomm has
> > done out of tree. I'll leave it up to you how to proceed given that I
> > can't run mainline :(

The patch corrects an issue that all level interrupts where delivered
twice, so if that breaks NFC then there's something quite broken in that
driver - or more likely something else broke.

Can you please do some level of investigation to see where in the stack
this broke, even if you can't run mainline.

> 
> Ugh, I hate the qualcomm changes...
> 

Noted...

Regards,
Bjorn

> Given the mess that all of the msm driver changes have, I'll go drop
> this patch from the stable tree as I don't want to deal with the
> fall-out for when people merge this to their device-specific trees.
> 
> thanks for testing and letting me know about this.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ