| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Feb 2019 07:17:07 +0000
From: Georg Ottinger <g.ottinger@...tec.at>
To: Jonathan Cameron <jic23@...nel.org>
CC: "eugen.hristev@...rochip.com" <eugen.hristev@...rochip.com>,
"Stefan Etzlstorfer" <s.etzlstorfer@...tec.at>,
Hartmut Knaack <knaack.h@....de>,
Lars-Peter Clausen <lars@...afoo.de>,
Peter Meerwald-Stadler <pmeerw@...erw.net>,
Nicolas Ferre <nicolas.ferre@...rochip.com>,
"Alexandre Belloni" <alexandre.belloni@...tlin.com>,
Ludovic Desroches <ludovic.desroches@...rochip.com>,
"David S. Miller" <davem@...emloft.net>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Kees Cook <keescook@...omium.org>,
"linux-iio@...r.kernel.org" <linux-iio@...r.kernel.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Maxime Ripard <maxime.ripard@...tlin.com>
Subject: AW: [PATCH] iio: adc: at91: disable adc channel interrupt in timeout
case
Actually this issue occurred to us with an concrete product, where we experienced a system hang at -20 °C.
It was triggered by a race condition between the Touch Trigger and the Channel Trigger of the ADC. Once triggered we got in to the situation where an ongoing Channel Conversion was lost (Timeout case).When we queried a second channel than we got a system hang. Investigating this issue we developed an error demonstrator - reading alternating two channels as fast as possible (when Touch is enabled). This also provokes this issue at room temperature.
For the error demonstrator use following commandline to compile:
$ arm-buildroot-linux-gnueabihf-gcc adc_demo_error.c -D2ND_CHANNEL -o adc_demo_error2
-------------
// adc_demo_error.c
#include <unistd.h>
#include <fcntl.h>
#define VLEN 10
int main()
{
int fd_adc,fd_adc2;
int ret;
char dummy[VLEN];
fd_adc = open ("/sys/devices/platform/ahb/ahb:apb/f8018000.adc/iio:device0/in_voltage4_raw",O_RDONLY);
#ifdef 2ND_CHANNEL
fd_adc2 = open ("/sys/devices/platform/ahb/ahb:apb/f8018000.adc/iio:device0/in_voltage5_raw",O_RDONLY);
#endif
while(1) {
lseek(fd_adc, 0, SEEK_SET);
ret = read(fd_adc, dummy, VLEN);
#ifdef 2ND_CHANNEL
lseek(fd_adc2, 0, SEEK_SET);
ret = read(fd_adc2, dummy, VLEN);
#endif
}
}
------------
Greeting, Georg
-----Ursprüngliche Nachricht-----
Von: Jonathan Cameron [mailto:jic23@...nel.org]
Gesendet: Samstag, 02. Februar 2019 11:21
An: Georg Ottinger <g.ottinger@...tec.at>
Cc: eugen.hristev@...rochip.com; Stefan Etzlstorfer <s.etzlstorfer@...tec.at>; Hartmut Knaack <knaack.h@....de>; Lars-Peter Clausen <lars@...afoo.de>; Peter Meerwald-Stadler <pmeerw@...erw.net>; Nicolas Ferre <nicolas.ferre@...rochip.com>; Alexandre Belloni <alexandre.belloni@...tlin.com>; Ludovic Desroches <ludovic.desroches@...rochip.com>; David S. Miller <davem@...emloft.net>; Ard Biesheuvel <ard.biesheuvel@...aro.org>; Kees Cook <keescook@...omium.org>; linux-iio@...r.kernel.org; linux-arm-kernel@...ts.infradead.org; linux-kernel@...r.kernel.org; Maxime Ripard <maxime.ripard@...tlin.com>
Betreff: Re: [PATCH] iio: adc: at91: disable adc channel interrupt in timeout case
On Wed, 30 Jan 2019 14:42:02 +0100
<g.ottinger@...tec.at> wrote:
> From: Georg Ottinger <g.ottinger@...tec.at>
>
> Having a brief look at at91_adc_read_raw() it is obvious that in the
> case of a timeout the setting of AT91_ADC_CHDR and AT91_ADC_IDR
> registers is omitted. If 2 different channels are queried we can end
> up with a situation where two interrupts are enabled, but only one
> interrupt is cleared in the interrupt handler. Resulting in a
> interrupt loop and a system hang.
>
> Signed-off-by: Georg Ottinger <g.ottinger@...tec.at>
Whilst I agree this looks like a correct change, I would like Maxime to take a look as he is obviously much more familiar with the driver than I am.
I suspect you can only actually get there in the event of a hardware failure as that isn't actually a timeout you should ever see.
Could be wrong though!
Thanks,
Jonathan
> ---
> drivers/iio/adc/at91_adc.c | 28 +++++++++++++++++-----------
> 1 file changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c
> index 75d2f7358..596841a3c 100644
> --- a/drivers/iio/adc/at91_adc.c
> +++ b/drivers/iio/adc/at91_adc.c
> @@ -704,23 +704,29 @@ static int at91_adc_read_raw(struct iio_dev *idev,
> ret = wait_event_interruptible_timeout(st->wq_data_avail,
> st->done,
> msecs_to_jiffies(1000));
> - if (ret == 0)
> - ret = -ETIMEDOUT;
> - if (ret < 0) {
> - mutex_unlock(&st->lock);
> - return ret;
> - }
> -
> - *val = st->last_value;
>
> + /* Disable interrupts, regardless if adc conversion was
> + * successful or not
> + */
> at91_adc_writel(st, AT91_ADC_CHDR,
> AT91_ADC_CH(chan->channel));
> at91_adc_writel(st, AT91_ADC_IDR, BIT(chan->channel));
>
> - st->last_value = 0;
> - st->done = false;
> + if (ret > 0) {
> + /* a valid conversion took place */
> + *val = st->last_value;
> + st->last_value = 0;
> + st->done = false;
> + ret = IIO_VAL_INT;
> + } else if (ret == 0) {
> + /* conversion timeout */
> + dev_err(&idev->dev, "ADC Channel %d timeout.\n",
> + chan->channel);
> + ret = -ETIMEDOUT;
> + }
> +
> mutex_unlock(&st->lock);
> - return IIO_VAL_INT;
> + return ret;
>
> case IIO_CHAN_INFO_SCALE:
> *val = st->vref_mv;
Powered by blists - more mailing lists