lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1607250094-21571-1-git-send-email-sparth1292@gmail.com>
Date:   Sun,  6 Dec 2020 15:51:34 +0530
From:   Parth Y Shah <sparth1292@...il.com>
To:     agross@...nel.org, bjorn.andersson@...aro.org
Cc:     vkoul@...nel.org, dan.j.williams@...el.com,
        linux-arm-msm@...r.kernel.org, dmaengine@...r.kernel.org,
        linux-kernel@...r.kernel.org, Parth Y Shah <sparth1292@...il.com>
Subject: [PATCH] Fixes kernel crash generating from bam_dma_irq()

While performing suspend/resume, we were getting below kernel crash.

[   54.541672] [FTS][Info]gesture suspend...
[   54.605256] [FTS][Error][GESTURE]Enter into gesture(suspend) failed!
[   54.605256]
[   58.345850] irq event 10: bogus return value fffffff3
......

[   58.345966] [<ffff0000080830f0>] el1_irq+0xb0/0x124
[   58.345971] [<ffff000008085360>] arch_cpu_idle+0x10/0x18
[   58.345975] [<ffff0000081077f4>] do_idle+0x1ac/0x1e0
[   58.345979] [<ffff0000081079c8>] cpu_startup_entry+0x20/0x28
[   58.345983] [<ffff000008a80ed0>] rest_init+0xd0/0xdc
[   58.345988] [<ffff0000091c0b48>] start_kernel+0x390/0x3a4
[   58.345990] handlers:
[   58.345994] [<ffff0000085120d0>] bam_dma_irq

The reason for the crash we found is, bam_dma_irq() was returning
negative value when the device resumes in some conditions.

In addition, the irq handler should have one of the below return values.

IRQ_NONE            interrupt was not from this device or was not handled
IRQ_HANDLED         interrupt was handled by this device
IRQ_WAKE_THREAD     handler requests to wake the handler thread

Therefore, to resolve this crash, we have changed the return value to
IRQ_NONE.

Signed-off-by: Parth Y Shah <sparth1292@...il.com>
---
 drivers/dma/qcom/bam_dma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/dma/qcom/bam_dma.c b/drivers/dma/qcom/bam_dma.c
index 4eeb8bb..d5773d4 100644
--- a/drivers/dma/qcom/bam_dma.c
+++ b/drivers/dma/qcom/bam_dma.c
@@ -875,7 +875,7 @@ static irqreturn_t bam_dma_irq(int irq, void *data)
 
 	ret = bam_pm_runtime_get_sync(bdev->dev);
 	if (ret < 0)
-		return ret;
+		return IRQ_NONE;
 
 	if (srcs & BAM_IRQ) {
 		clr_mask = readl_relaxed(bam_addr(bdev, 0, BAM_IRQ_STTS));
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ