lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220205171238.GA3073350@roeck-us.net>
Date:   Sat, 5 Feb 2022 09:12:38 -0800
From:   Guenter Roeck <linux@...ck-us.net>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Michael Stapelberg <michael+drm@...pelberg.ch>,
        Maxime Ripard <maxime@...no.tech>
Subject: Re: [PATCH 5.15 05/32] drm/vc4: hdmi: Make sure the device is
 powered with CEC

On Fri, Feb 04, 2022 at 10:22:15AM +0100, Greg Kroah-Hartman wrote:
> From: Maxime Ripard <maxime@...no.tech>
> 
> Commit 20b0dfa86bef0e80b41b0e5ac38b92f23b6f27f9 upstream.
> 
> The original commit depended on a rework commit (724fc856c09e ("drm/vc4:
> hdmi: Split the CEC disable / enable functions in two")) that
> (rightfully) didn't reach stable.
> 
> However, probably because the context changed, when the patch was
> applied to stable the pm_runtime_put called got moved to the end of the
> vc4_hdmi_cec_adap_enable function (that would have become
> vc4_hdmi_cec_disable with the rework) to vc4_hdmi_cec_init.
> 
> This means that at probe time, we now drop our reference to the clocks
> and power domains and thus end up with a CPU hang when the CPU tries to
> access registers.
> 
> The call to pm_runtime_resume_and_get() is also problematic since the
> .adap_enable CEC hook is called both to enable and to disable the
> controller. That means that we'll now call pm_runtime_resume_and_get()
> at disable time as well, messing with the reference counting.
> 
> The behaviour we should have though would be to have
> pm_runtime_resume_and_get() called when the CEC controller is enabled,
> and pm_runtime_put when it's disabled.
> 
> We need to move things around a bit to behave that way, but it aligns
> stable with upstream.
> 
> Cc: <stable@...r.kernel.org> # 5.10.x
> Cc: <stable@...r.kernel.org> # 5.15.x
> Cc: <stable@...r.kernel.org> # 5.16.x
> Reported-by: Michael Stapelberg <michael+drm@...pelberg.ch>
> Signed-off-by: Maxime Ripard <maxime@...no.tech>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> ---
>  drivers/gpu/drm/vc4/vc4_hdmi.c |   25 +++++++++++++------------
>  1 file changed, 13 insertions(+), 12 deletions(-)
> 
> --- a/drivers/gpu/drm/vc4/vc4_hdmi.c
> +++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
> @@ -1738,18 +1738,18 @@ static int vc4_hdmi_cec_adap_enable(stru
>  	u32 val;
>  	int ret;
>  
> -	ret = pm_runtime_resume_and_get(&vc4_hdmi->pdev->dev);
> -	if (ret)
> -		return ret;
> +	if (enable) {
> +		ret = pm_runtime_resume_and_get(&vc4_hdmi->pdev->dev);
> +		if (ret)
> +			return ret;
>  
> -	val = HDMI_READ(HDMI_CEC_CNTRL_5);
> -	val &= ~(VC4_HDMI_CEC_TX_SW_RESET | VC4_HDMI_CEC_RX_SW_RESET |
> -		 VC4_HDMI_CEC_CNT_TO_4700_US_MASK |
> -		 VC4_HDMI_CEC_CNT_TO_4500_US_MASK);
> -	val |= ((4700 / usecs) << VC4_HDMI_CEC_CNT_TO_4700_US_SHIFT) |
> -	       ((4500 / usecs) << VC4_HDMI_CEC_CNT_TO_4500_US_SHIFT);
> +		val = HDMI_READ(HDMI_CEC_CNTRL_5);
> +		val &= ~(VC4_HDMI_CEC_TX_SW_RESET | VC4_HDMI_CEC_RX_SW_RESET |
> +			 VC4_HDMI_CEC_CNT_TO_4700_US_MASK |
> +			 VC4_HDMI_CEC_CNT_TO_4500_US_MASK);
> +		val |= ((4700 / usecs) << VC4_HDMI_CEC_CNT_TO_4700_US_SHIFT) |
> +			((4500 / usecs) << VC4_HDMI_CEC_CNT_TO_4500_US_SHIFT);

Unfortunately this is broken because it leaves the still existing
else path with

               if (!vc4_hdmi->variant->external_irq_controller)
                        HDMI_WRITE(HDMI_CEC_CPU_MASK_SET, VC4_HDMI_CPU_CEC);
                HDMI_WRITE(HDMI_CEC_CNTRL_5, val |
                           VC4_HDMI_CEC_TX_SW_RESET | VC4_HDMI_CEC_RX_SW_RESET);

where 'val' is now uninitialized. I don't know how to fix this up properly,
so I won't even try.

Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ