| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250126064521.3857557-3-avri.altman@wdc.com>
Date: Sun, 26 Jan 2025 08:45:21 +0200
From: Avri Altman <avri.altman@....com>
To: "Martin K . Petersen" <martin.petersen@...cle.com>
Cc: linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org,
Manivannan Sadhasivam <manisadhasivam.linux@...il.com>,
Bart Van Assche <bvanassche@....org>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Avri Altman <avri.altman@....com>
Subject: [PATCH v3 2/2] scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed
This commit addresses an issue where `clk_gating.state` is being toggled
in `ufshcd_setup_clocks` even if clock gating is not allowed. This can
lead to a crash with the following error:
BUG: spinlock bad magic on CPU#6, swapper/0/1
lock: 0xffffff84443014e8, .magic: 00000000, .owner: <none>/-1,
.owner_cpu: 0
CPU: 6 UID: 0 PID: 1 Comm: swapper/0 Not tainted
6.13.0-rcar3-initrd-08318-g75abbef32a94 #896
Hardware name: R-Car S4 Starter Kit board (DT)
Call trace:
show_stack+0x18/0x24 (C)
dump_stack_lvl+0x60/0x80
dump_stack+0x18/0x24
spin_bug+0x7c/0xa0
do_raw_spin_lock+0x34/0xb4
_raw_spin_lock_irqsave+0x1c/0x30
class_spinlock_irqsave_constructor+0x18/0x30
ufshcd_setup_clocks+0x98/0x23c
ufshcd_init+0x288/0xd38
ufshcd_pltfrm_init+0x618/0x738
ufs_renesas_probe+0x18/0x24
platform_probe+0x68/0xb8
really_probe+0x138/0x268
__driver_probe_device+0xf4/0x10c
driver_probe_device+0x3c/0xf8
__driver_attach+0xf0/0x100
bus_for_each_dev+0x84/0xdc
driver_attach+0x24/0x30
bus_add_driver+0xe8/0x1dc
driver_register+0xbc/0xf8
__platform_driver_register+0x24/0x30
ufs_renesas_platform_init+0x1c/0x28
do_one_initcall+0x84/0x1f4
kernel_init_freeable+0x238/0x23c
kernel_init+0x20/0x120
ret_from_fork+0x10/0x20
The root cause of the issue is that `clk_gating.state` is being toggled
even if clock gating is not allowed. This can lead to the spinlock being
used before it is properly initialized.
The fix is to add a check for `hba->clk_gating.is_initialized` before
toggling `clk_gating.state` in `ufshcd_setup_clocks`. Since
`clk_gating.lock` is now initialized unconditionally, this is for
documentation purposes, to ensure clarity in the code. The primary fix
remains to prevent toggling the `clk_gating.state` if clock gating is
not allowed.
Fixes: 1ab27c9cf8b6 ("ufs: Add support for clock gating")
Reported-by: Geert Uytterhoeven <geert@...ux-m68k.org>
Signed-off-by: Avri Altman <avri.altman@....com>
---
drivers/ufs/core/ufshcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index b73c87da383d..abe0774133f5 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -9140,7 +9140,7 @@ static int ufshcd_setup_clocks(struct ufs_hba *hba, bool on)
if (!IS_ERR_OR_NULL(clki->clk) && clki->enabled)
clk_disable_unprepare(clki->clk);
}
- } else if (!ret && on) {
+ } else if (!ret && on && hba->clk_gating.is_initialized) {
scoped_guard(spinlock_irqsave, &hba->clk_gating.lock)
hba->clk_gating.state = CLKS_ON;
trace_ufshcd_clk_gating(dev_name(hba->dev),
--
2.25.1
Powered by blists - more mailing lists