lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Dec 2019 18:28:53 +0100
From:   Nicolas Saenz Julienne <nsaenzjulienne@...e.de>
To:     Guillaume La Roque <glaroque@...libre.com>, marcel@...tmann.org,
        johan.hedberg@...il.com, linux-bluetooth@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, khilman@...libre.com,
        linux-rpi-kernel <linux-rpi-kernel@...ts.infradead.org>
Subject: Re: [PATCH v3] bluetooth: hci_bcm: enable IRQ capability from node

On Wed, 2019-12-11 at 10:49 +0100, Guillaume La Roque wrote:
> Actually IRQ can be found from GPIO but all platforms don't support
> gpiod_to_irq, it's the case on amlogic chip.
> so to have possibility to use interrupt mode we need to add interrupts
> field in node and support it in driver.
> 
> Signed-off-by: Guillaume La Roque <glaroque@...libre.com>
> ---
>  drivers/bluetooth/hci_bcm.c | 3 +++
>  1 file changed, 3 insertions(+)

This triggers the following panic on Raspberry Pi 4:

[    6.634507] Unable to handle kernel NULL pointer dereference at virtual
address 0000000000000018
[    6.643486] Mem abort info:
[    6.646350]   ESR = 0x96000004
[    6.649466]   EC = 0x25: DABT (current EL), IL = 32 bits
[    6.654873]   SET = 0, FnV = 0
[    6.657977]   EA = 0, S1PTW = 0
[    6.661201] Data abort info:
[    6.664135]   ISV = 0, ISS = 0x00000004
[    6.668042]   CM = 0, WnR = 0
[    6.671061] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000f3c83000
[    6.677627] [0000000000000018] pgd=0000000000000000
[    6.682595] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[    6.688255] Modules linked in: hci_uart brcmutil btqca btbcm cfg80211
bluetooth raspberrypi_cpufreq ecdh_generic ecc rfkill clk_raspberrypi
raspberrypi_hwmon pwm_bcm2835 crct10dif_ce bcm2835_dma i2c_bcm2835 pcie_brcmstb
ip_tables x_tables ipv6 nf_defrag_ipv6
[    6.711519] CPU: 3 PID: 39 Comm: kworker/u8:1 Not tainted 5.5.0-rc1-next-
20191212-00009-geb500fec1e34-dirty #26
[    6.721771] Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
[    6.727709] Workqueue: events_unbound async_run_entry_fn
[    6.733105] pstate: a0000005 (NzCv daif -PAN -UAO)
[    6.737971] pc : platform_get_irq_optional+0xa4/0x260
[    6.743099] lr : platform_get_irq_optional+0x6c/0x260
[    6.748226] sp : ffff8000101b3c20
[    6.751586] x29: ffff8000101b3c20 x28: ffffd4bd4a957000
[    6.756980] x27: ffff0000f6c0c070 x26: ffff0000f6c0c020
[    6.762373] x25: 0000000000000000 x24: 0000000000000000
[    6.767767] x23: ffff0000f6238c00 x22: ffffd4bd4a241a38
[    6.773159] x21: ffffd4bd49e95838 x20: ffff0000f6238bf0
[    6.778552] x19: 0000000000000000 x18: 0000000000000010
[    6.783944] x17: 0000000000000000 x16: ffffd4bd497117a8
[    6.789337] x15: ffff0000f6fc0470 x14: 0720072007200720
[    6.794730] x13: 0720072007200720 x12: 0720072007200720
[    6.800123] x11: 0720072007200720 x10: 0720072007200720
[    6.805516] x9 : 0720072007200720 x8 : 0720072007200720
[    6.810913] x7 : ffffd4bd496ad210 x6 : 000000000000017d
[    6.810922] x5 : 0000000000000000 x4 : ffff0000fb7fa1b0
[    6.821713] x3 : 00000000f6238800 x2 : 0000000000000000
[    6.821716] x1 : 0000000000000000 x0 : 0000000000000000
[    6.821720] Call trace:
[    6.821730]  platform_get_irq_optional+0xa4/0x260
[    6.839768]  platform_get_irq+0x1c/0x58
[    6.839792]  bcm_serdev_probe+0x40/0x138 [hci_uart]
[    6.839805]  serdev_drv_probe+0x34/0x70
[    6.852544]  really_probe+0xd8/0x428
[    6.852546]  driver_probe_device+0xdc/0x130
[    6.852549]  __driver_attach_async_helper+0xa8/0xb0
[    6.852558]  async_run_entry_fn+0x40/0x1a0
[    6.869534]  process_one_work+0x19c/0x320
[    6.869537]  worker_thread+0x48/0x420
[    6.877319]  kthread+0xf0/0x120
[    6.877324]  ret_from_fork+0x10/0x18
[    6.877330] Code: 17ffffef f9419293 937a7c02 8b020273 (f9400e62)
[    6.890329] ---[ end trace 3ebb39e57973e0b7 ]---

> 
> diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
> index f8f5c593a05c..9f52d57c56de 100644
> --- a/drivers/bluetooth/hci_bcm.c
> +++ b/drivers/bluetooth/hci_bcm.c
> @@ -1409,6 +1409,7 @@ static int bcm_serdev_probe(struct serdev_device
> *serdev)
>  {
>  	struct bcm_device *bcmdev;
>  	const struct bcm_device_data *data;
> +	struct platform_device *pdev;
>  	int err;
>  
>  	bcmdev = devm_kzalloc(&serdev->dev, sizeof(*bcmdev), GFP_KERNEL);
> @@ -1421,6 +1422,8 @@ static int bcm_serdev_probe(struct serdev_device
> *serdev)
>  #endif
>  	bcmdev->serdev_hu.serdev = serdev;
>  	serdev_device_set_drvdata(serdev, bcmdev);
> +	pdev = to_platform_device(bcmdev->dev);

Ultimately bcmdev->dev here comes from a serdev device not a platform device,
right?

> +	bcmdev->irq = platform_get_irq(pdev, 0);
>  
>  	/* Initialize routing field to an unused value */
>  	bcmdev->pcm_int_params[0] = 0xff;

Regards,
Nicolas


Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ