| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 07 Mar 2022 11:45:44 +0000
From: Marc Zyngier <maz@...nel.org>
To: Shawn Guo <shawn.guo@...aro.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Maulik Shah <quic_mkshah@...cinc.com>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Sudeep Holla <sudeep.holla@....com>,
Rob Herring <robh+dt@...nel.org>, devicetree@...r.kernel.org,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 2/2] irqchip: Add Qualcomm MPM controller driver
On Sun, 06 Mar 2022 12:57:10 +0000,
Shawn Guo <shawn.guo@...aro.org> wrote:
>
> On Sat, Mar 05, 2022 at 11:05:07AM +0000, Marc Zyngier wrote:
> > On Sat, 05 Mar 2022 09:24:20 +0000,
> > Shawn Guo <shawn.guo@...aro.org> wrote:
> > >
> > > On Fri, Mar 04, 2022 at 03:24:43PM +0000, Marc Zyngier wrote:
> > > > On Fri, 04 Mar 2022 08:23:42 +0000,
> > > > Shawn Guo <shawn.guo@...aro.org> wrote:
> > > > >
> > > > > On Fri, Mar 04, 2022 at 07:59:15AM +0000, Marc Zyngier wrote:
> > > > > > On Thu, 03 Mar 2022 04:02:29 +0000,
> > > > > > Shawn Guo <shawn.guo@...aro.org> wrote:
> > > > > > >
> > > > > > > On Wed, Mar 02, 2022 at 01:57:27PM +0000, Marc Zyngier wrote:
> > > > > > > > This code actually makes me ask more questions. Why is it programming
> > > > > > > > 2 'pins' for each IRQ?
> > > > > > >
> > > > > > > The mapping between MPM pin and GIC IRQ is not strictly 1-1. There are
> > > > > > > some rare case that up to 2 MPM pins map to a single GIC IRQ, for
> > > > > > > example the last two in QC2290 'qcom,mpm-pin-map' below.
> > > > > > >
> > > > > > > qcom,mpm-pin-map = <2 275>, /* tsens0_tsens_upper_lower_int */
> > > > > > > <5 296>, /* lpass_irq_out_sdc */
> > > > > > > <12 422>, /* b3_lfps_rxterm_irq */
> > > > > > > <24 79>, /* bi_px_lpi_1_aoss_mx */
> > > > > > > <86 183>, /* mpm_wake,spmi_m */
> > > > > > > <90 260>, /* eud_p0_dpse_int_mx */
> > > > > > > <91 260>; /* eud_p0_dmse_int_mx */
> > > > > > >
> > > > > > >
> > > > > > > The downstream uses a DT bindings that specifies GIC hwirq number in
> > > > > > > client device nodes. In that case, d->hwirq in the driver is GIC IRQ
> > > > > > > number, and the driver will need to query mapping table, find out the
> > > > > > > possible 2 MPM pins, and set them up.
> > > > > > >
> > > > > > > The patches I'm posting here use a different bindings that specifies MPM
> > > > > > > pin instead in client device nodes. Thus the driver can simply get the
> > > > > > > MPM pin from d->hwirq, so that the whole look-up procedure can be saved.
> > > > > >
> > > > > > It still remains that there is no 1:1 mapping between input and
> > > > > > output, which is the rule #1 to be able to use a hierarchical setup.
> > > > >
> > > > > For direction of MPM pin -> GIC interrupt, it's a 1:1 mapping, i.e. for
> > > > > given MPM pin, there is only one GIC interrupt. And that's the
> > > > > mapping MPM driver relies on. For GIC interrupt -> MPM pin, it's not
> > > > > a strict 1:1 mapping.
> > > >
> > > > Then this isn't a 1:1 mapping *AT ALL*. The hierarchical setup
> > > > mandates that the mapping is a bijective function, and that's exactly
> > > > what 1:1 means. There is no such thing a 1:1 in a single
> > > > direction. When you take an interrupt, all you see is the GIC
> > > > interrupt. How do you know which of the *two* pins interrupted you? Oh
> > > > wait, you *can't* know. You end-up never servicing one of the two
> > > > interrupts
> > >
> > > Yes, you are right! But that might be a problem only in theory. I
> > > checked all the Qualcomm platforms I know built on MPM, and found that
> > > the only 2:1 case is USB DP & DM sensing pins. Since these two pins
> > > will be handled by USB driver with a single interrupt handler, it should
> > > not cause any problem in practice. That said, the 2:1 mapping is just
> > > a special case specific to USB, and MPM driver can be implemented as if
> > > it's just a 1:1 mapping.
> > >
> > > Shawn
> > >
> > > > (and I suspect this results in memory corruption if you
> > > > tear a hierarchy down).
> >
> > Key point here ^^^^^^^^^^
> >
> > You can't have *any* interrupt that fits this 2:1 model if the irqchip
> > implements 1:1. Think about the data structures for a second:
> >
> > Pins x and y and routed to GIC interrupt z. This results in the
> > following irq_data structures:
> >
> > MPM-x ---\
> > GIC-z
> > MPM-y ---/
> >
> > Now, the driver using these interrupts is being removed, and the
> > hierarchies is being freed. Tearing down the interrupt with pin x will
> > result in z being also freed. And then you'll process pin y, which
> > will just explode.
>
> I tested with manually unbinding the USB driver and didn't run into any
> memory corruption. If I read irq_domain code right, it seems that
> irq_domain_alloc_irq_data() will call into irq_domain_insert_irq_data()
> to allocate z irq_data in context of virq x and y respectively. So x
> and y do not share a single parent (z) irq_data but have their own copy
> of z irq_data, no?
Which is just another bug you are relying on. Maybe you're OK with
that, but I'm not (and I intend to fix this bug).
I'm not taking this driver until you either:
- prevent a pin sharing a GIC interrupt from triggering an interrupt
allocation in the driver
- or turn this driver into something that isn't a hierarchical setup
M.
--
Without deviation from the norm, progress is not possible.
Powered by blists - more mailing lists