lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Apr 2020 13:37:36 -0700
From:   Bhaumik Vasav Bhatt <bbhatt@...eaurora.org>
To:     Jeffrey Hugo <jhugo@...eaurora.org>,
        Hemant Kumar <hemantk@...eaurora.org>,
        manivannan.sadhasivam@...aro.org
Cc:     "linux-arm-msm@...r.kernel.org; bbhatt"@codeaurora.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/5] bus: mhi: core: Handle syserr during power_up

Hi Jeff,

We will always have the mhi_intvec_handler registered and trigger your 
wake_up state event when you write MHI RESET. BHI INTVEC IRQ using 
mhi_cntrl->irq[0] is _not_ unregistered once you enter AMSS EE.

So, your below assumption is not true:
 >>>So, if we are in the PBL EE, we would expect to see the BHI 
interrupt, but if we are in the AMSS EE, we would expect to see a MHI 
interrupt.

At the start of mhi_async_power_up(), you've already registered for the 
BHI interrupt as we do setup for IRQ and it is only unregistered from 
power down if power up on the same cycle was a success.

On 4/10/20 8:03 AM, Jeffrey Hugo wrote:
> On 4/9/2020 6:55 PM, Hemant Kumar wrote:
>>
>> On 4/7/20 9:50 AM, Jeffrey Hugo wrote:
>>> The MHI device may be in the syserr state when we attempt to init it in
>>> power_up().  Since we have no local state, the handling is simple -
>>> reset the device and wait for it to transition out of the reset state.
>>>
>>> Signed-off-by: Jeffrey Hugo <jhugo@...eaurora.org>
>>> ---
>>>   drivers/bus/mhi/core/pm.c | 20 ++++++++++++++++++++
>>>   1 file changed, 20 insertions(+)
>>>
>>> diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c
>>> index 52690cb..3285c9e 100644
>>> --- a/drivers/bus/mhi/core/pm.c
>>> +++ b/drivers/bus/mhi/core/pm.c
>>> @@ -9,6 +9,7 @@
>>>   #include <linux/dma-direction.h>
>>>   #include <linux/dma-mapping.h>
>>>   #include <linux/interrupt.h>
>>> +#include <linux/iopoll.h>
>>>   #include <linux/list.h>
>>>   #include <linux/mhi.h>
>>>   #include <linux/module.h>
>>> @@ -760,6 +761,7 @@ static void mhi_deassert_dev_wake(struct 
>>> mhi_controller *mhi_cntrl,
>>>   int mhi_async_power_up(struct mhi_controller *mhi_cntrl)
>>>   {
>>> +    enum mhi_state state;
>>>       enum mhi_ee_type current_ee;
>>>       enum dev_st_transition next_state;
>>>       struct device *dev = &mhi_cntrl->mhi_dev->dev;
>>> @@ -829,6 +831,24 @@ int mhi_async_power_up(struct mhi_controller 
>>> *mhi_cntrl)
>>>           goto error_bhi_offset;
>>>       }
>>> +    state = mhi_get_mhi_state(mhi_cntrl);
>>> +    if (state == MHI_STATE_SYS_ERR) {
>>> +        mhi_set_mhi_state(mhi_cntrl, MHI_STATE_RESET);
>>> +        ret = readl_poll_timeout(mhi_cntrl->regs + MHICTRL, val,
>>> +                     !(val & MHICTRL_RESET_MASK), 1000,
>>> +                     mhi_cntrl->timeout_ms * 1000);
>> can we use this instead of polling because MSI is configures and 
>> int_vec handler is registered
>>
>>      wait_event_timeout(mhi_cntrl->state_event,
>>                 MHI_PM_IN_FATAL_STATE(mhi_cntrl->pm_state) ||
>>                mhi_read_reg_field(mhi_cntrl, base, MHICTRL,
>>                            MHICTRL_RESET_MASK,
>>                            MHICTRL_RESET_SHIFT, &reset) || !reset ,
>>                 msecs_to_jiffies(mhi_cntrl->timeout_ms));
>>
>> 1) In case of MHI_PM_IN_FATAL_STATE we would not be accessing MHI reg
>> 2) Consistent with current MHI driver code.
>
> I'm not sure this works in the way you intend.
>
> state_event is linked to the intvec, which is the BHI interrupt. I 
> don't see that the state_event is triggered in the MHI interrupt path 
> (mhi_irq_handler).  So, if we are in the PBL EE, we would expect to 
> see the BHI interrupt, but if we are in the AMSS EE, we would expect 
> to see a MHI interrupt.
>
> Now, for my concerned usecase, those two interrupts happen to be the 
> same interrupt, so both will get triggered, but I don't expect that to 
> be the same for all usecases.
>
> So, with the solution I propose, we exit the wait (poll loop) as soon 
> as we see the register change values.
>
> With the solution you propose, if we only get the MHI interrupt, we'll 
> have to wait out the entire timeout value, and then check the 
> register. In this scenario, we are almost guaranteed to wait for 
> longer than necessary.
>
> Did I miss something?
>
>>> +        if (ret) {
>>> +            dev_info(dev, "Failed to reset MHI due to syserr 
>>> state\n");
>>> +            goto error_bhi_offset;
>>> +        }
>>> +
>>> +        /*
>>> +         * device cleares INTVEC as part of RESET processing,
>>> +         * re-program it
>>> +         */
>>> +        mhi_write_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_INTVEC, 0);
>>> +    }
>>> +
>>>       /* Transition to next state */
>>>       next_state = MHI_IN_PBL(current_ee) ?
>>>           DEV_ST_TRANSITION_PBL : DEV_ST_TRANSITION_READY;
>>
>
>
-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ