Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New device: tegra30-fujitsu-m532.dts #1

Closed
wants to merge 1 commit into from
Closed

New device: tegra30-fujitsu-m532.dts #1

wants to merge 1 commit into from

Conversation

cunidev
Copy link

@cunidev cunidev commented Feb 23, 2020

Based on TF300T DTS

Based on TF300T DTS, with some cleanups. Still many things to fix, but a pretty good start.
@cunidev
Copy link
Author

cunidev commented Feb 23, 2020

Still very much WiP but may be a good starting point

#size-cells = <1>;
ranges;

firmware@bfe00000 {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

verify if reserved in chagall

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't it SoC-specific?

lp0_vec@bddf9000 {
reg = <0xbddf9000 0x2000>; // passed from bootloader (ATAGS/NVIDIA, cmdline)
};
/*
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

preferably drop all commented stuff if you didn't intent to uncomment it for chagall

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I did not drop them yet was because I still have to find out what they do, and if they are part of chagall or not

default-brightness-level = <6>;
};

sound {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check if in chagall sources is also this codec (wm8903) used.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, WM8903

};
};

extcon-keys {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems pretty specific for asus, will it work without it? Do have chagall even docking possibility?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it is compatible with docks (it has the same connector and very similar hardware) but yes, I'll comment it out for the moment

okias added a commit that referenced this pull request Feb 24, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
@cunidev
Copy link
Author

cunidev commented Feb 25, 2020

I'll close this for now and re-open it when I have a more mature DTB.

@cunidev
Copy link
Author

cunidev commented Feb 25, 2020

Can't close the request, weird bug.

@cunidev cunidev closed this Feb 25, 2020
okias added a commit that referenced this pull request Mar 9, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias pushed a commit that referenced this pull request Mar 9, 2020
In the commit setting up the qcom/msm pin controller to
be hierarchical some callbacks were careful to check that
d->parent_data on irq_data was valid before calling the
parent function, however irq_chip_eoi_parent() was called
unconditionally which doesn't work with elder Qualcomm
platforms such as APQ8060.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

Implement a local stub just avoiding to call down to
irq_chip_eoi_parent() if d->parent_data is not set.

Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias pushed a commit that referenced this pull request Mar 9, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_disable and .irq_eoi are anyway
assigned leading to semantic problems on elder
Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_disable and .irq_eoi
condtionally if we are actually using a wakeup parent.

Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias pushed a commit that referenced this pull request Mar 9, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_disable and .irq_eoi are anyway
assigned leading to semantic problems on elder
Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_disable and .irq_eoi
condtionally if we are actually using a wakeup parent.

Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias added a commit that referenced this pull request Mar 10, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias pushed a commit that referenced this pull request Mar 10, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_disable and .irq_eoi are anyway
assigned leading to semantic problems on elder
Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_disable and .irq_eoi
condtionally if we are actually using a wakeup parent.

Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias added a commit that referenced this pull request Mar 10, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias pushed a commit that referenced this pull request Mar 10, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_disable and .irq_eoi are anyway
assigned leading to semantic problems on elder
Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_disable and .irq_eoi
condtionally if we are actually using a wakeup parent.

Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias added a commit that referenced this pull request Mar 10, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias pushed a commit that referenced this pull request Mar 10, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_disable and .irq_eoi are anyway
assigned leading to semantic problems on elder
Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_disable and .irq_eoi
condtionally if we are actually using a wakeup parent.

Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias added a commit that referenced this pull request Mar 14, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias pushed a commit that referenced this pull request Mar 14, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_disable and .irq_eoi are anyway
assigned leading to semantic problems on elder
Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_disable and .irq_eoi
condtionally if we are actually using a wakeup parent.

Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Signed-off-by: Linus Walleij <[email protected]>
okias pushed a commit that referenced this pull request Mar 14, 2020
The hierarchical parts of MSM pinctrl/GPIO is only
used when the device tree has a "wakeup-parent" as
a phandle, but the .irq_eoi is anyway assigned leading
to semantic problems on elder Qualcomm chipsets.

When the drivers/mfd/qcom-pm8xxx.c driver calls
chained_irq_exit() that call will in turn call chip->irq_eoi()
which is set to irq_chip_eoi_parent() by default on a
hierachical IRQ chip, and the parent is pinctrl-msm.c
so that will in turn unconditionally call
irq_chip_eoi_parent() again, but its parent is invalid
so we get the following crash:

 Unnable to handle kernel NULL pointer dereference at
 virtual address 00000010
 pgd = (ptrval)
 [00000010] *pgd=00000000
 Internal error: Oops: 5 [#1] PREEMPT SMP ARM
 (...)
 PC is at irq_chip_eoi_parent+0x4/0x10
 LR is at pm8xxx_irq_handler+0x1b4/0x2d8

If we solve this crash by avoiding to call up to
irq_chip_eoi_parent(), the machine will hang and get
reset by the watchdog, because of semantic issues,
probably inside irq_chip.

As a solution, just assign the .irq_eoi conditionally if
we are actually using a wakeup parent.

Cc: David Heidelberg <[email protected]>
Cc: Bjorn Andersson <[email protected]>
Cc: Lina Iyer <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Stephen Boyd <[email protected]>
Cc: [email protected]
Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy")
Link: https://lore.kernel.org/r/[email protected]
Link: https://lore.kernel.org/r/[email protected]
Tested-by: David Heidelberg <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
okias added a commit that referenced this pull request Mar 19, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias added a commit that referenced this pull request Mar 19, 2020
This reverts commit 03436e3.

Fixes:
mdp: dummy supplies not allowed for exclusive requests
[    2.641236] 8<--- cut here ---
[    2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.643206] pgd = (ptrval)
[    2.651522] [00000000] *pgd=00000000
[    2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.657695] Modules linked in:
[    2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    2.665859] Hardware name: Generic DT based system
[    2.674123] Workqueue: events deferred_probe_work_func
[    2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c
[    2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c
[    2.689643] pc : [<c0766a4c>]    lr : [<c0766a44>]    psr: a0000013
[    2.695283] sp : e8043c08  ip : e8043c08  fp : e8043c24
[    2.701271] r10: e8305c00  r9 : e8305400  r8 : e8305c00
[    2.706482] r7 : e7d1fc00  r6 : 00000000  r5 : e7d1c4c0  r4 : e7d1fc00
[    2.711693] r3 : e7d1c4c0  r2 : e7d19280  r1 : 00000000  r0 : e7d1fc00
[    2.718297] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.724803] Control: 10c5787d  Table: 8020406a  DAC: 00000051
[    2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval))
[    2.737736] Stack: (0xe8043c08 to 0xe8044000)
[    2.744179] 3c00:                   e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28
[    2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400
[    2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c
[    2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8
[    2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013
[    2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74
[    2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8
[    2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000
[    2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000
[    2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10
[    2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003
[    2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718
[    2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714
[    2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8
[    2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c
[    2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10
[    2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160
[    2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160
[    2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10
[    2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001
[    2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c
[    2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160
[    2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0
[    2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c
[    2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014
[    2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8
[    2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000
[    2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20
[    2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000
[    2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000
[    2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    3.001359] Backtrace:
[    3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8)
[    3.011796]  r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0
[    3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4)
[    3.027510]  r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780
[    3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4)
[    3.043741]  r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400
[    3.051449]  r4:e8305c00
[    3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8)
[    3.061884]  r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40
[    3.070285]  r4:e7d11c40
[    3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100)
[    3.080811]  r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40
[    3.090945]  r4:c12775d4
[    3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290)
[    3.101291]  r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378
[    3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8)
[    3.116484]  r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10
[    3.124540]  r4:00000000
[    3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424)
[    3.135053]  r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10
[    3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc)
[    3.148950]  r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10
[    3.157005]  r4:e89efa10
[    3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110)
[    3.167527]  r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001
[    3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0)
[    3.184361]  r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000
[    3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158)
[    3.198766]  r6:e89efa54 r5:00000001 r4:e89efa10
[    3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20)
[    3.211614]  r6:c1277a88 r5:e89efa10 r4:c127780c
[    3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c)
[    3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0)
[    3.233145]  r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c
[    3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c)
[    3.247910]  r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000
[    3.257009]  r4:c1277844 r3:c0776430
[    3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500)
[    3.268393]  r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0
[    3.276449]  r4:e8a21000
[    3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168)
[    3.286881]  r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780
[    3.294246]  r4:e8a20600
[    3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[    3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8)
[    3.311617] 3fa0:                                     00000000 00000000 00000000 00000000
[    3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.333060]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4
[    3.339471]  r4:e8a20780
[    3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000)
[    3.350237] ---[ end trace ef11f4cc25ead15d ]---
[    3.377018] Kernel panic - not syncing: Fatal exception
[    3.377092] CPU0: stopping
[    3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.383835] Hardware name: Generic DT based system
[    3.393116] Backtrace:
[    3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.400069]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.420555]  r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.433751]  r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.441124]  r4:ea80200c
[    3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.451629] Exception stack(0xc1201ec0 to 0xc1201f08)
[    3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120
[    3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478
[    3.472208] 1f00: 60000013 ffffffff
[    3.480359]  r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478
[    3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.507448]  r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348
[    3.514822]  r4:000000cd
[    3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8)
[    3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c)
[    3.533053]  r5:00000001 r4:c12d9194
[    3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac)
[    3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0)
[    3.552585]  r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051
[    3.558484]  r4:c1100330
[    3.566469] CPU1: stopping
[    3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.571604] Hardware name: Generic DT based system
[    3.580882] Backtrace:
[    3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.587846]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.608331]  r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.621532]  r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.628896]  r4:ea80200c
[    3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.639399] Exception stack(0xe882df20 to 0xe882df68)
[    3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120
[    3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478
[    3.659982] df60: 60000013 ffffffff
[    3.668141]  r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478
[    3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.695230]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001
[    3.702592]  r4:00000089
[    3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.721866]  r5:00000051 r4:a882406a
[    3.729497] CPU2: stopping
[    3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.3.0-00014-g9bf8d2ba4898 grate-driver#120
[    3.735581] Hardware name: Generic DT based system
[    3.744858] Backtrace:
[    3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24)
[    3.751821]  r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080
[    3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94)
[    3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408)
[    3.772308]  r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50
[    3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0)
[    3.785509]  r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000
[    3.792871]  r4:ea80200c
[    3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[    3.803375] Exception stack(0xe882ff20 to 0xe882ff68)
[    3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120
[    3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478
[    3.823957] ff60: 60000013 ffffffff
[    3.832116]  r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478
[    3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c)
[    3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284)
[    3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c)
[    3.859206]  r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002
[    3.866569]  r4:00000089
[    3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c)
[    3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c)
[    3.885843]  r5:00000051 r4:a882406a
okias pushed a commit that referenced this pull request Mar 21, 2020
In NFSv4, the lock stateids are tied to the lockowner, and the open stateid,
so that the action of closing the file also results in either an automatic
loss of the locks, or an error of the form NFS4ERR_LOCKS_HELD.

In practice this means we must not add new locks to the open stateid
after the close process has been invoked. In fact doing so, can result
in the following panic:

 kernel BUG at lib/list_debug.c:51!
 invalid opcode: 0000 [#1] SMP NOPTI
 CPU: 2 PID: 1085 Comm: nfsd Not tainted 5.6.0-rc3+ #2
 Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.14410784.B64.1908150010 08/15/2019
 RIP: 0010:__list_del_entry_valid.cold+0x31/0x55
 Code: 1a 3d 9b e8 74 10 c2 ff 0f 0b 48 c7 c7 f0 1a 3d 9b e8 66 10 c2 ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 b0 1a 3d 9b e8 52 10 c2 ff <0f> 0b 48 89 fe 4c 89 c2 48 c7 c7 78 1a 3d 9b e8 3e 10 c2 ff 0f 0b
 RSP: 0018:ffffb296c1d47d90 EFLAGS: 00010246
 RAX: 0000000000000054 RBX: ffff8ba032456ec8 RCX: 0000000000000000
 RDX: 0000000000000000 RSI: ffff8ba039e99cc8 RDI: ffff8ba039e99cc8
 RBP: ffff8ba032456e60 R08: 0000000000000781 R09: 0000000000000003
 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8ba009a4abe0
 R13: ffff8ba032456e8c R14: 0000000000000000 R15: ffff8ba00adb01d8
 FS:  0000000000000000(0000) GS:ffff8ba039e80000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007fb213f0b008 CR3: 00000001347de006 CR4: 00000000003606e0
 Call Trace:
  release_lock_stateid+0x2b/0x80 [nfsd]
  nfsd4_free_stateid+0x1e9/0x210 [nfsd]
  nfsd4_proc_compound+0x414/0x700 [nfsd]
  ? nfs4svc_decode_compoundargs+0x407/0x4c0 [nfsd]
  nfsd_dispatch+0xc1/0x200 [nfsd]
  svc_process_common+0x476/0x6f0 [sunrpc]
  ? svc_sock_secure_port+0x12/0x30 [sunrpc]
  ? svc_recv+0x313/0x9c0 [sunrpc]
  ? nfsd_svc+0x2d0/0x2d0 [nfsd]
  svc_process+0xd4/0x110 [sunrpc]
  nfsd+0xe3/0x140 [nfsd]
  kthread+0xf9/0x130
  ? nfsd_destroy+0x50/0x50 [nfsd]
  ? kthread_park+0x90/0x90
  ret_from_fork+0x1f/0x40

The fix is to ensure that lock creation tests for whether or not the
open stateid is unhashed, and to fail if that is the case.

Fixes: 659aefb ("nfsd: Ensure we don't recognise lock stateids after freeing them")
Signed-off-by: Trond Myklebust <[email protected]>
Signed-off-by: Chuck Lever <[email protected]>
okias pushed a commit that referenced this pull request Mar 21, 2020
When the module is being removed, the module state is set to
MODULE_STATE_GOING. At this point, try_module_get() fails.
And when {full/open}_proxy_open() is being called,
it calls try_module_get() to try to hold module reference count.
If it fails, it warns about the possibility of debugfs file leak.

If {full/open}_proxy_open() is called while the module is being removed,
it fails to hold the module.
So, It warns about debugfs file leak. But it is not the debugfs file
leak case. So, this patch just adds module state checking routine
in the {full/open}_proxy_open().

Test commands:
    #SHELL1
    while :
    do
        modprobe netdevsim
        echo 1 > /sys/bus/netdevsim/new_device
        modprobe -rv netdevsim
    done

    #SHELL2
    while :
    do
        cat /sys/kernel/debug/netdevsim/netdevsim1/ports/0/ipsec
    done

Splat looks like:
[  298.766738][T14664] debugfs file owner did not clean up at exit: ipsec
[  298.766766][T14664] WARNING: CPU: 2 PID: 14664 at fs/debugfs/file.c:312 full_proxy_open+0x10f/0x650
[  298.768595][T14664] Modules linked in: netdevsim(-) openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 n][  298.771343][T14664] CPU: 2 PID: 14664 Comm: cat Tainted: G        W         5.5.0+ #1
[  298.772373][T14664] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  298.773545][T14664] RIP: 0010:full_proxy_open+0x10f/0x650
[  298.774247][T14664] Code: 48 c1 ea 03 80 3c 02 00 0f 85 c1 04 00 00 49 8b 3c 24 e8 e4 b5 78 ff 84 c0 75 2d 4c 89 ee 48
[  298.776782][T14664] RSP: 0018:ffff88805b7df9b8 EFLAGS: 00010282[  298.777583][T14664] RAX: dffffc0000000008 RBX: ffff8880511725c0 RCX: 0000000000000000
[  298.778610][T14664] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8880540c5c14
[  298.779637][T14664] RBP: 0000000000000000 R08: fffffbfff15235ad R09: 0000000000000000
[  298.780664][T14664] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc06b5000
[  298.781702][T14664] R13: ffff88804c234a88 R14: ffff88804c22dd00 R15: ffffffff8a1b5660
[  298.782722][T14664] FS:  00007fafa13a8540(0000) GS:ffff88806c800000(0000) knlGS:0000000000000000
[  298.783845][T14664] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  298.784672][T14664] CR2: 00007fafa0e9cd10 CR3: 000000004b286005 CR4: 00000000000606e0
[  298.785739][T14664] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  298.786769][T14664] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  298.787785][T14664] Call Trace:
[  298.788237][T14664]  do_dentry_open+0x63c/0xf50
[  298.788872][T14664]  ? open_proxy_open+0x270/0x270
[  298.789524][T14664]  ? __x64_sys_fchdir+0x180/0x180
[  298.790169][T14664]  ? inode_permission+0x65/0x390
[  298.790832][T14664]  path_openat+0xc45/0x2680
[  298.791425][T14664]  ? save_stack+0x69/0x80
[  298.791988][T14664]  ? save_stack+0x19/0x80
[  298.792544][T14664]  ? path_mountpoint+0x2e0/0x2e0
[  298.793233][T14664]  ? check_chain_key+0x236/0x5d0
[  298.793910][T14664]  ? sched_clock_cpu+0x18/0x170
[  298.794527][T14664]  ? find_held_lock+0x39/0x1d0
[  298.795153][T14664]  do_filp_open+0x16a/0x260
[ ... ]

Fixes: 9fd4dce ("debugfs: prevent access to possibly dead file_operations at file open")
Reported-by: kbuild test robot <[email protected]>
Signed-off-by: Taehee Yoo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Mar 21, 2020
It might have the unaligned access exception when trying to exchange data
with user space program. In this case, it failed in tty_ioctl(). Therefore
we should enable uaccess.S for NOMMU mode since the generic code doesn't
handle the unaligned access cases.

   0x8013a212 <tty_ioctl+462>:  ld      a5,460(s1)

[    0.115279] Oops - load address misaligned [#1]
[    0.115284] CPU: 0 PID: 29 Comm: sh Not tainted 5.4.0-rc5-00020-gb4c27160d562-dirty grate-driver#36
[    0.115294] epc: 000000008013a212 ra : 000000008013a212 sp : 000000008f48dd50
[    0.115303]  gp : 00000000801cac28 tp : 000000008fb80000 t0 : 00000000000000e8
[    0.115312]  t1 : 000000008f58f108 t2 : 0000000000000009 s0 : 000000008f48ddf0
[    0.115321]  s1 : 000000008f8c6220 a0 : 0000000000000001 a1 : 000000008f48dd28
[    0.115330]  a2 : 000000008fb80000 a3 : 00000000801a7398 a4 : 0000000000000000
[    0.115339]  a5 : 0000000000000000 a6 : 000000008f58f0c6 a7 : 000000000000001d
[    0.115348]  s2 : 000000008f8c6308 s3 : 000000008f78b7c8 s4 : 000000008fb834c0
[    0.115357]  s5 : 0000000000005413 s6 : 0000000000000000 s7 : 000000008f58f2b0
[    0.115366]  s8 : 000000008f858008 s9 : 000000008f776818 s10: 000000008f776830
[    0.115375]  s11: 000000008fb840a8 t3 : 1999999999999999 t4 : 000000008f78704c
[    0.115384]  t5 : 0000000000000005 t6 : 0000000000000002
[    0.115391] status: 0000000200001880 badaddr: 000000008f8c63ec cause: 0000000000000004
[    0.115401] ---[ end trace 00d490c6a8b6c9ac ]---

This failure could be fixed after this patch applied.

[    0.002282] Run /init as init process
Initializing random number generator... [    0.005573] random: dd: uninitialized urandom read (512 bytes read)
done.

Welcome to Buildroot
buildroot login: root
Password:
Jan  1 00:00:00 login[62]: root login on 'ttySIF0'
~ #

Signed-off-by: Greentime Hu <[email protected]>
Reviewed-by: Palmer Dabbelt <[email protected]>
Signed-off-by: Palmer Dabbelt <[email protected]>
okias pushed a commit that referenced this pull request Mar 21, 2020
… like the valid ones

On P9 DD2.2 due to a CPU defect some TM instructions need to be emulated by
KVM. This is handled at first by the hardware raising a softpatch interrupt
when certain TM instructions that need KVM assistance are executed in the
guest. Althought some TM instructions per Power ISA are invalid forms they
can raise a softpatch interrupt too. For instance, 'tresume.' instruction
as defined in the ISA must have bit 31 set (1), but an instruction that
matches 'tresume.' PO and XO opcode fields but has bit 31 not set (0), like
0x7cfe9ddc, also raises a softpatch interrupt. Similarly for 'treclaim.'
and 'trechkpt.' instructions with bit 31 = 0, i.e. 0x7c00075c and
0x7c0007dc, respectively. Hence, if a code like the following is executed
in the guest it will raise a softpatch interrupt just like a 'tresume.'
when the TM facility is enabled ('tabort. 0' in the example is used only
to enable the TM facility):

int main() { asm("tabort. 0; .long 0x7cfe9ddc;"); }

Currently in such a case KVM throws a complete trace like:

[345523.705984] WARNING: CPU: 24 PID: 64413 at arch/powerpc/kvm/book3s_hv_tm.c:211 kvmhv_p9_tm_emulation+0x68/0x620 [kvm_hv]
[345523.705985] Modules linked in: kvm_hv(E) xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp ip6table_mangle ip6table_nat
iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ebtable_filter ebtables ip6table_filter
ip6_tables iptable_filter bridge stp llc sch_fq_codel ipmi_powernv at24 vmx_crypto ipmi_devintf ipmi_msghandler
ibmpowernv uio_pdrv_genirq kvm opal_prd uio leds_powernv ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp
libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456
async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear tg3
crct10dif_vpmsum crc32c_vpmsum ipr [last unloaded: kvm_hv]
[345523.706030] CPU: 24 PID: 64413 Comm: CPU 0/KVM Tainted: G        W   E     5.5.0+ #1
[345523.706031] NIP:  c0080000072cb9c0 LR: c0080000072b5e80 CTR: c0080000085c7850
[345523.706034] REGS: c000000399467680 TRAP: 0700   Tainted: G        W   E      (5.5.0+)
[345523.706034] MSR:  900000010282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]>  CR: 24022428  XER: 00000000
[345523.706042] CFAR: c0080000072b5e7c IRQMASK: 0
                GPR00: c0080000072b5e80 c000000399467910 c0080000072db500 c000000375ccc720
                GPR04: c000000375ccc720 00000003fbec0000 0000a10395dda5a6 0000000000000000
                GPR08: 000000007cfe9ddc 7cfe9ddc000005dc 7cfe9ddc7c0005dc c0080000072cd530
                GPR12: c0080000085c7850 c0000003fffeb800 0000000000000001 00007dfb737f0000
                GPR16: c0002001edcca558 0000000000000000 0000000000000000 0000000000000001
                GPR20: c000000001b21258 c0002001edcca558 0000000000000018 0000000000000000
                GPR24: 0000000001000000 ffffffffffffffff 0000000000000001 0000000000001500
                GPR28: c0002001edcc4278 c00000037dd80000 800000050280f033 c000000375ccc720
[345523.706062] NIP [c0080000072cb9c0] kvmhv_p9_tm_emulation+0x68/0x620 [kvm_hv]
[345523.706065] LR [c0080000072b5e80] kvmppc_handle_exit_hv.isra.53+0x3e8/0x798 [kvm_hv]
[345523.706066] Call Trace:
[345523.706069] [c000000399467910] [c000000399467940] 0xc000000399467940 (unreliable)
[345523.706071] [c000000399467950] [c000000399467980] 0xc000000399467980
[345523.706075] [c0000003994679f0] [c0080000072bd1c4] kvmhv_run_single_vcpu+0xa1c/0xb80 [kvm_hv]
[345523.706079] [c000000399467ac0] [c0080000072bd8e0] kvmppc_vcpu_run_hv+0x5b8/0xb00 [kvm_hv]
[345523.706087] [c000000399467b90] [c0080000085c93cc] kvmppc_vcpu_run+0x34/0x48 [kvm]
[345523.706095] [c000000399467bb0] [c0080000085c582c] kvm_arch_vcpu_ioctl_run+0x244/0x420 [kvm]
[345523.706101] [c000000399467c40] [c0080000085b7498] kvm_vcpu_ioctl+0x3d0/0x7b0 [kvm]
[345523.706105] [c000000399467db0] [c0000000004adf9c] ksys_ioctl+0x13c/0x170
[345523.706107] [c000000399467e00] [c0000000004adff8] sys_ioctl+0x28/0x80
[345523.706111] [c000000399467e20] [c00000000000b278] system_call+0x5c/0x68
[345523.706112] Instruction dump:
[345523.706114] 419e0390 7f8a4840 409d0048 6d497c00 2f89075d 419e021c 6d497c00 2f8907dd
[345523.706119] 419e01c0 6d497c00 2f8905dd 419e00a4 <0fe00000> 38210040 38600000 ebc1fff0

and then treats the executed instruction as a 'nop'.

However the POWER9 User's Manual, in section "4.6.10 Book II Invalid
Forms", informs that for TM instructions bit 31 is in fact ignored, thus
for the TM-related invalid forms ignoring bit 31 and handling them like the
valid forms is an acceptable way to handle them. POWER8 behaves the same
way too.

This commit changes the handling of the cases here described by treating
the TM-related invalid forms that can generate a softpatch interrupt
just like their valid forms (w/ bit 31 = 1) instead of as a 'nop' and by
gently reporting any other unrecognized case to the host and treating it as
illegal instruction instead of throwing a trace and treating it as a 'nop'.

Signed-off-by: Gustavo Romero <[email protected]>
Reviewed-by: Segher Boessenkool <[email protected]>
Acked-By: Michael Neuling <[email protected]>
Reviewed-by: Leonardo Bras <[email protected]>
Signed-off-by: Paul Mackerras <[email protected]>
okias pushed a commit that referenced this pull request Mar 21, 2020
Code in the amdgpu driver triggers a bug when using clang to build
an arm64 kernel:

/tmp/sdma_v4_0-f95fd3.s: Assembler messages:
/tmp/sdma_v4_0-f95fd3.s:44: Error: selected processor does not support `bfc w0,#1,#5'

I expect this to be fixed in llvm soon, but we can also work around
it by inserting a barrier() that prevents the optimization.

Link: https://bugs.llvm.org/show_bug.cgi?id=42576
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit e14aec2 upstream.

Fix kernel crash in AP bus code caused by very early invocation of the
config change callback function via SCLP.

After a fresh IML of the machine the crypto cards are still offline and
will get switched online only with activation of any LPAR which has the
card in it's configuration. A crypto card coming online is reported
to the LPAR via SCLP and the AP bus offers a callback function to get
this kind of information. However, it may happen that the callback is
invoked before the AP bus init function is complete. As the callback
triggers a synchronous AP bus scan, the scan may already run but some
internal states are not initialized by the AP bus init function resulting
in a crash like this:

  [   11.635859] Unable to handle kernel pointer dereference in virtual kernel address space
  [   11.635861] Failing address: 0000000000000000 TEID: 0000000000000887
  [   11.635862] Fault in home space mode while using kernel ASCE.
  [   11.635864] AS:00000000894c4007 R3:00000001fece8007 S:00000001fece7800 P:000000000000013d
  [   11.635879] Oops: 0004 ilc:1 [#1] SMP
  [   11.635882] Modules linked in:
  [   11.635884] CPU: 5 PID: 42 Comm: kworker/5:0 Not tainted 6.6.0-rc3-00003-g4dbf7cdc6b42 grate-driver#12
  [   11.635886] Hardware name: IBM 3931 A01 751 (LPAR)
  [   11.635887] Workqueue: events_long ap_scan_bus
  [   11.635891] Krnl PSW : 0704c00180000000 0000000000000000 (0x0)
  [   11.635895]            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
  [   11.635897] Krnl GPRS: 0000000001000a00 0000000000000000 0000000000000006 0000000089591940
  [   11.635899]            0000000080000000 0000000000000a00 0000000000000000 0000000000000000
  [   11.635901]            0000000081870c00 0000000089591000 000000008834e4e2 0000000002625a00
  [   11.635903]            0000000081734200 0000038000913c18 000000008834c6d6 0000038000913ac8
  [   11.635906] Krnl Code:>0000000000000000: 0000                illegal
  [   11.635906]            0000000000000002: 0000                illegal
  [   11.635906]            0000000000000004: 0000                illegal
  [   11.635906]            0000000000000006: 0000                illegal
  [   11.635906]            0000000000000008: 0000                illegal
  [   11.635906]            000000000000000a: 0000                illegal
  [   11.635906]            000000000000000c: 0000                illegal
  [   11.635906]            000000000000000e: 0000                illegal
  [   11.635915] Call Trace:
  [   11.635916]  [<0000000000000000>] 0x0
  [   11.635918]  [<000000008834e4e2>] ap_queue_init_state+0x82/0xb8
  [   11.635921]  [<000000008834ba1c>] ap_scan_domains+0x6fc/0x740
  [   11.635923]  [<000000008834c092>] ap_scan_adapter+0x632/0x8b0
  [   11.635925]  [<000000008834c3e4>] ap_scan_bus+0xd4/0x288
  [   11.635927]  [<00000000879a33ba>] process_one_work+0x19a/0x410
  [   11.635930] Discipline DIAG cannot be used without z/VM
  [   11.635930]  [<00000000879a3a2c>] worker_thread+0x3fc/0x560
  [   11.635933]  [<00000000879aea60>] kthread+0x120/0x128
  [   11.635936]  [<000000008792afa4>] __ret_from_fork+0x3c/0x58
  [   11.635938]  [<00000000885ebe62>] ret_from_fork+0xa/0x30
  [   11.635942] Last Breaking-Event-Address:
  [   11.635942]  [<000000008834c6d4>] ap_wait+0xcc/0x148

This patch improves the ap_bus_force_rescan() function which is
invoked by the config change callback by checking if a first
initial AP bus scan has been done. If not, the force rescan request
is simple ignored. Anyhow it does not make sense to trigger AP bus
re-scans even before the very first bus scan is complete.

Cc: [email protected]
Reviewed-by: Holger Dengler <[email protected]>
Signed-off-by: Harald Freudenberger <[email protected]>
Signed-off-by: Vasily Gorbik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 5a22fbc upstream.

When LAN9303 is MDIO-connected two callchains exist into
mdio->bus->write():

1. switch ports 1&2 ("physical" PHYs):

virtual (switch-internal) MDIO bus (lan9303_switch_ops->phy_{read|write})->
  lan9303_mdio_phy_{read|write} -> mdiobus_{read|write}_nested

2. LAN9303 virtual PHY:

virtual MDIO bus (lan9303_phy_{read|write}) ->
  lan9303_virt_phy_reg_{read|write} -> regmap -> lan9303_mdio_{read|write}

If the latter functions just take
mutex_lock(&sw_dev->device->bus->mdio_lock) it triggers a LOCKDEP
false-positive splat. It's false-positive because the first
mdio_lock in the second callchain above belongs to virtual MDIO bus, the
second mdio_lock belongs to physical MDIO bus.

Consequent annotation in lan9303_mdio_{read|write} as nested lock
(similar to lan9303_mdio_phy_{read|write}, it's the same physical MDIO bus)
prevents the following splat:

WARNING: possible circular locking dependency detected
5.15.71 #1 Not tainted
------------------------------------------------------
kworker/u4:3/609 is trying to acquire lock:
ffff000011531c68 (lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock){+.+.}-{3:3}, at: regmap_lock_mutex
but task is already holding lock:
ffff0000114c44d8 (&bus->mdio_lock){+.+.}-{3:3}, at: mdiobus_read
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&bus->mdio_lock){+.+.}-{3:3}:
       lock_acquire
       __mutex_lock
       mutex_lock_nested
       lan9303_mdio_read
       _regmap_read
       regmap_read
       lan9303_probe
       lan9303_mdio_probe
       mdio_probe
       really_probe
       __driver_probe_device
       driver_probe_device
       __device_attach_driver
       bus_for_each_drv
       __device_attach
       device_initial_probe
       bus_probe_device
       deferred_probe_work_func
       process_one_work
       worker_thread
       kthread
       ret_from_fork
-> #0 (lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock){+.+.}-{3:3}:
       __lock_acquire
       lock_acquire.part.0
       lock_acquire
       __mutex_lock
       mutex_lock_nested
       regmap_lock_mutex
       regmap_read
       lan9303_phy_read
       dsa_slave_phy_read
       __mdiobus_read
       mdiobus_read
       get_phy_device
       mdiobus_scan
       __mdiobus_register
       dsa_register_switch
       lan9303_probe
       lan9303_mdio_probe
       mdio_probe
       really_probe
       __driver_probe_device
       driver_probe_device
       __device_attach_driver
       bus_for_each_drv
       __device_attach
       device_initial_probe
       bus_probe_device
       deferred_probe_work_func
       process_one_work
       worker_thread
       kthread
       ret_from_fork
other info that might help us debug this:
 Possible unsafe locking scenario:
       CPU0                    CPU1
       ----                    ----
  lock(&bus->mdio_lock);
                               lock(lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock);
                               lock(&bus->mdio_lock);
  lock(lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock);
*** DEADLOCK ***
5 locks held by kworker/u4:3/609:
 #0: ffff000002842938 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work
 #1: ffff80000bacbd60 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work
 #2: ffff000007645178 (&dev->mutex){....}-{3:3}, at: __device_attach
 #3: ffff8000096e6e78 (dsa2_mutex){+.+.}-{3:3}, at: dsa_register_switch
 #4: ffff0000114c44d8 (&bus->mdio_lock){+.+.}-{3:3}, at: mdiobus_read
stack backtrace:
CPU: 1 PID: 609 Comm: kworker/u4:3 Not tainted 5.15.71 #1
Workqueue: events_unbound deferred_probe_work_func
Call trace:
 dump_backtrace
 show_stack
 dump_stack_lvl
 dump_stack
 print_circular_bug
 check_noncircular
 __lock_acquire
 lock_acquire.part.0
 lock_acquire
 __mutex_lock
 mutex_lock_nested
 regmap_lock_mutex
 regmap_read
 lan9303_phy_read
 dsa_slave_phy_read
 __mdiobus_read
 mdiobus_read
 get_phy_device
 mdiobus_scan
 __mdiobus_register
 dsa_register_switch
 lan9303_probe
 lan9303_mdio_probe
...

Cc: [email protected]
Fixes: dc70058 ("net: dsa: LAN9303: add MDIO managed mode support")
Signed-off-by: Alexander Sverdlin <[email protected]>
Reviewed-by: Andrew Lunn <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Abeni <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit f803982 upstream.

Let's allocate the extent_cache tree without dynamic conditions to avoid a
missing condition causing a panic as below.

 # create a file w/ a compressed flag
 # disable the compression
 # panic while updating extent_cache

F2FS-fs (dm-64): Swapfile: last extent is not aligned to section
F2FS-fs (dm-64): Swapfile (3) is not align to section: 1) creat(), 2) ioctl(F2FS_IOC_SET_PIN_FILE), 3) fallocate(2097152 * N)
Adding 124996k swap on ./swap-file.  Priority:0 extents:2 across:17179494468k
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write out/common/include/linux/instrumented.h:101 [inline]
BUG: KASAN: null-ptr-deref in atomic_try_cmpxchg_acquire out/common/include/asm-generic/atomic-instrumented.h:705 [inline]
BUG: KASAN: null-ptr-deref in queued_write_lock out/common/include/asm-generic/qrwlock.h:92 [inline]
BUG: KASAN: null-ptr-deref in __raw_write_lock out/common/include/linux/rwlock_api_smp.h:211 [inline]
BUG: KASAN: null-ptr-deref in _raw_write_lock+0x5a/0x110 out/common/kernel/locking/spinlock.c:295
Write of size 4 at addr 0000000000000030 by task syz-executor154/3327

CPU: 0 PID: 3327 Comm: syz-executor154 Tainted: G           O      5.10.185 #1
Hardware name: emulation qemu-x86/qemu-x86, BIOS 2023.01-21885-gb3cc1cd24d 01/01/2023
Call Trace:
 __dump_stack out/common/lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x17e/0x1c4 out/common/lib/dump_stack.c:118
 __kasan_report+0x16c/0x260 out/common/mm/kasan/report.c:415
 kasan_report+0x51/0x70 out/common/mm/kasan/report.c:428
 kasan_check_range+0x2f3/0x340 out/common/mm/kasan/generic.c:186
 __kasan_check_write+0x14/0x20 out/common/mm/kasan/shadow.c:37
 instrument_atomic_read_write out/common/include/linux/instrumented.h:101 [inline]
 atomic_try_cmpxchg_acquire out/common/include/asm-generic/atomic-instrumented.h:705 [inline]
 queued_write_lock out/common/include/asm-generic/qrwlock.h:92 [inline]
 __raw_write_lock out/common/include/linux/rwlock_api_smp.h:211 [inline]
 _raw_write_lock+0x5a/0x110 out/common/kernel/locking/spinlock.c:295
 __drop_extent_tree+0xdf/0x2f0 out/common/fs/f2fs/extent_cache.c:1155
 f2fs_drop_extent_tree+0x17/0x30 out/common/fs/f2fs/extent_cache.c:1172
 f2fs_insert_range out/common/fs/f2fs/file.c:1600 [inline]
 f2fs_fallocate+0x19fd/0x1f40 out/common/fs/f2fs/file.c:1764
 vfs_fallocate+0x514/0x9b0 out/common/fs/open.c:310
 ksys_fallocate out/common/fs/open.c:333 [inline]
 __do_sys_fallocate out/common/fs/open.c:341 [inline]
 __se_sys_fallocate out/common/fs/open.c:339 [inline]
 __x64_sys_fallocate+0xb8/0x100 out/common/fs/open.c:339
 do_syscall_64+0x35/0x50 out/common/arch/x86/entry/common.c:46

Cc: [email protected]
Fixes: 72840cc ("f2fs: allocate the extent_cache by default")
Reported-and-tested-by: [email protected]
Signed-off-by: Jaegeuk Kim <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 28f07f2 upstream.

The commit 5721d4e enhanced dm-verity, so that it can verify blocks
from tasklets rather than from workqueues. This reportedly improves
performance significantly.

However, dm-verity was using the flag CRYPTO_TFM_REQ_MAY_SLEEP from
tasklets which resulted in warnings about sleeping function being called
from non-sleeping context.

BUG: sleeping function called from invalid context at crypto/internal.h:206
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 14, name: ksoftirqd/0
preempt_count: 100, expected: 0
RCU nest depth: 0, expected: 0
CPU: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G        W 6.7.0-rc1 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x32/0x50
 __might_resched+0x110/0x160
 crypto_hash_walk_done+0x54/0xb0
 shash_ahash_update+0x51/0x60
 verity_hash_update.isra.0+0x4a/0x130 [dm_verity]
 verity_verify_io+0x165/0x550 [dm_verity]
 ? free_unref_page+0xdf/0x170
 ? psi_group_change+0x113/0x390
 verity_tasklet+0xd/0x70 [dm_verity]
 tasklet_action_common.isra.0+0xb3/0xc0
 __do_softirq+0xaf/0x1ec
 ? smpboot_thread_fn+0x1d/0x200
 ? sort_range+0x20/0x20
 run_ksoftirqd+0x15/0x30
 smpboot_thread_fn+0xed/0x200
 kthread+0xdc/0x110
 ? kthread_complete_and_exit+0x20/0x20
 ret_from_fork+0x28/0x40
 ? kthread_complete_and_exit+0x20/0x20
 ret_from_fork_asm+0x11/0x20
 </TASK>

This commit fixes dm-verity so that it doesn't use the flags
CRYPTO_TFM_REQ_MAY_SLEEP and CRYPTO_TFM_REQ_MAY_BACKLOG from tasklets. The
crypto API would do GFP_ATOMIC allocation instead, it could return -ENOMEM
and we catch -ENOMEM in verity_tasklet and requeue the request to the
workqueue.

Signed-off-by: Mikulas Patocka <[email protected]>
Cc: [email protected]	# v6.0+
Fixes: 5721d4e ("dm verity: Add optional "try_verify_in_tasklet" feature")
Signed-off-by: Mike Snitzer <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit fc43e9c ]

hid_debug_events_release releases resources bound to the HID device instance.
hid_device_release releases the underlying HID device instance potentially
before hid_debug_events_release has completed releasing debug resources bound
to the same HID device instance.

Reference count to prevent the HID device instance from being torn down
preemptively when HID debugging support is used. When count reaches zero,
release core resources of HID device instance using hiddev_free.

The crash:

[  120.728477][ T4396] kernel BUG at lib/list_debug.c:53!
[  120.728505][ T4396] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[  120.739806][ T4396] Modules linked in: bcmdhd dhd_static_buf 8822cu pcie_mhi r8168
[  120.747386][ T4396] CPU: 1 PID: 4396 Comm: hidt_bridge Not tainted 5.10.110 #257
[  120.754771][ T4396] Hardware name: Rockchip RK3588 EVB4 LP4 V10 Board (DT)
[  120.761643][ T4396] pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
[  120.768338][ T4396] pc : __list_del_entry_valid+0x98/0xac
[  120.773730][ T4396] lr : __list_del_entry_valid+0x98/0xac
[  120.779120][ T4396] sp : ffffffc01e62bb60
[  120.783126][ T4396] x29: ffffffc01e62bb60 x28: ffffff818ce3a200
[  120.789126][ T4396] x27: 0000000000000009 x26: 0000000000980000
[  120.795126][ T4396] x25: ffffffc012431000 x24: ffffff802c6d4e00
[  120.801125][ T4396] x23: ffffff8005c66f00 x22: ffffffc01183b5b8
[  120.807125][ T4396] x21: ffffff819df2f100 x20: 0000000000000000
[  120.813124][ T4396] x19: ffffff802c3f0700 x18: ffffffc01d2cd058
[  120.819124][ T4396] x17: 0000000000000000 x16: 0000000000000000
[  120.825124][ T4396] x15: 0000000000000004 x14: 0000000000003fff
[  120.831123][ T4396] x13: ffffffc012085588 x12: 0000000000000003
[  120.837123][ T4396] x11: 00000000ffffbfff x10: 0000000000000003
[  120.843123][ T4396] x9 : 455103d46b329300 x8 : 455103d46b329300
[  120.849124][ T4396] x7 : 74707572726f6320 x6 : ffffffc0124b8cb5
[  120.855124][ T4396] x5 : ffffffffffffffff x4 : 0000000000000000
[  120.861123][ T4396] x3 : ffffffc011cf4f90 x2 : ffffff81fee7b948
[  120.867122][ T4396] x1 : ffffffc011cf4f90 x0 : 0000000000000054
[  120.873122][ T4396] Call trace:
[  120.876259][ T4396]  __list_del_entry_valid+0x98/0xac
[  120.881304][ T4396]  hid_debug_events_release+0x48/0x12c
[  120.886617][ T4396]  full_proxy_release+0x50/0xbc
[  120.891323][ T4396]  __fput+0xdc/0x238
[  120.895075][ T4396]  ____fput+0x14/0x24
[  120.898911][ T4396]  task_work_run+0x90/0x148
[  120.903268][ T4396]  do_exit+0x1bc/0x8a4
[  120.907193][ T4396]  do_group_exit+0x8c/0xa4
[  120.911458][ T4396]  get_signal+0x468/0x744
[  120.915643][ T4396]  do_signal+0x84/0x280
[  120.919650][ T4396]  do_notify_resume+0xd0/0x218
[  120.924262][ T4396]  work_pending+0xc/0x3f0

[ Rahul Rameshbabu <[email protected]>: rework changelog ]
Fixes: cd667ce ("HID: use debugfs for events/reports dumping")
Signed-off-by: Charles Yi <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit 7bf9a6b ]

xen_vcpu_info is a percpu area than needs to be mapped by Xen.
Currently, it could cross a page boundary resulting in Xen being unable
to map it:

[    0.567318] kernel BUG at arch/arm64/xen/../../arm/xen/enlighten.c:164!
[    0.574002] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP

Fix the issue by using __alloc_percpu and requesting alignment for the
memory allocation.

Signed-off-by: Stefano Stabellini <[email protected]>

Link: https://lore.kernel.org/r/alpine.DEB.2.22.394.2311221501340.2053963@ubuntu-linux-20-04-desktop
Fixes: 24d5373 ("arm/xen: Use alloc_percpu rather than __alloc_percpu")
Reviewed-by: Juergen Gross <[email protected]>
Signed-off-by: Juergen Gross <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 2faac25 upstream.

We get a kernel crash about "unable to handle kernel paging request":

```dmesg
[368033.032005] BUG: unable to handle kernel paging request at ffffffffad9ae4b5
[368033.032007] PGD fc3a0d067 P4D fc3a0d067 PUD fc3a0e063 PMD 8000000fc38000e1
[368033.032012] Oops: 0003 [#1] SMP PTI
[368033.032015] CPU: 23 PID: 55090 Comm: bch_dirtcnt[0] Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-147.5.1.es8_24.x86_64 #1
[368033.032017] Hardware name: Tsinghua Tongfang THTF Chaoqiang Server/072T6D, BIOS 2.4.3 01/17/2017
[368033.032027] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0
[368033.032029] Code: 8b 02 48 85 c0 74 f6 48 89 c1 eb d0 c1 e9 12 83 e0
03 83 e9 01 48 c1 e0 05 48 63 c9 48 05 c0 3d 02 00 48 03 04 cd 60 68 93
ad <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 02
[368033.032031] RSP: 0018:ffffbb48852abe00 EFLAGS: 00010082
[368033.032032] RAX: ffffffffad9ae4b5 RBX: 0000000000000246 RCX: 0000000000003bf3
[368033.032033] RDX: ffff97b0ff8e3dc0 RSI: 0000000000600000 RDI: ffffbb4884743c68
[368033.032034] RBP: 0000000000000001 R08: 0000000000000000 R09: 000007ffffffffff
[368033.032035] R10: ffffbb486bb01000 R11: 0000000000000001 R12: ffffffffc068da70
[368033.032036] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
[368033.032038] FS:  0000000000000000(0000) GS:ffff97b0ff8c0000(0000) knlGS:0000000000000000
[368033.032039] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[368033.032040] CR2: ffffffffad9ae4b5 CR3: 0000000fc3a0a002 CR4: 00000000003626e0
[368033.032042] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[368033.032043] bcache: bch_cached_dev_attach() Caching rbd479 as bcache462 on set 8cff3c36-4a76-4242-afaa-7630206bc70b
[368033.032045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[368033.032046] Call Trace:
[368033.032054]  _raw_spin_lock_irqsave+0x32/0x40
[368033.032061]  __wake_up_common_lock+0x63/0xc0
[368033.032073]  ? bch_ptr_invalid+0x10/0x10 [bcache]
[368033.033502]  bch_dirty_init_thread+0x14c/0x160 [bcache]
[368033.033511]  ? read_dirty_submit+0x60/0x60 [bcache]
[368033.033516]  kthread+0x112/0x130
[368033.033520]  ? kthread_flush_work_fn+0x10/0x10
[368033.034505]  ret_from_fork+0x35/0x40
```

The crash occurred when call wake_up(&state->wait), and then we want
to look at the value in the state. However, bch_sectors_dirty_init()
is not found in the stack of any task. Since state is allocated on
the stack, we guess that bch_sectors_dirty_init() has exited, causing
bch_dirty_init_thread() to be unable to handle kernel paging request.

In order to verify this idea, we added some printing information during
wake_up(&state->wait). We find that "wake up" is printed twice, however
we only expect the last thread to wake up once.

```dmesg
[  994.641004] alcache: bch_dirty_init_thread() wake up
[  994.641018] alcache: bch_dirty_init_thread() wake up
[  994.641523] alcache: bch_sectors_dirty_init() init exit
```

There is a race. If bch_sectors_dirty_init() exits after the first wake
up, the second wake up will trigger this bug("unable to handle kernel
paging request").

Proceed as follows:

bch_sectors_dirty_init
    kthread_run ==============> bch_dirty_init_thread(bch_dirtcnt[0])
            ...                         ...
    atomic_inc(&state.started)          ...
            ...                         ...
    atomic_read(&state.enough)          ...
            ...                 atomic_set(&state->enough, 1)
    kthread_run ======================================================> bch_dirty_init_thread(bch_dirtcnt[1])
            ...                 atomic_dec_and_test(&state->started)            ...
    atomic_inc(&state.started)          ...                                     ...
            ...                 wake_up(&state->wait)                           ...
    atomic_read(&state.enough)                                          atomic_dec_and_test(&state->started)
            ...                                                                 ...
    wait_event(state.wait, atomic_read(&state.started) == 0)                    ...
    return                                                                      ...
                                                                        wake_up(&state->wait)

We believe it is very common to wake up twice if there is no dirty, but
crash is an extremely low probability event. It's hard for us to reproduce
this issue. We attached and detached continuously for a week, with a total
of more than one million attaches and only one crash.

Putting atomic_inc(&state.started) before kthread_run() can avoid waking
up twice.

Fixes: b144e45 ("bcache: make bch_sectors_dirty_init() to be multithreaded")
Signed-off-by: Mingzhe Zou <[email protected]>
Cc:  <[email protected]>
Signed-off-by: Coly Li <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 864fb5d upstream.

[ 8743.393379] ======================================================
[ 8743.393385] WARNING: possible circular locking dependency detected
[ 8743.393391] 6.4.0-rc1+ grate-driver#11 Tainted: G           OE
[ 8743.393397] ------------------------------------------------------
[ 8743.393402] kworker/0:2/12921 is trying to acquire lock:
[ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
[ 8743.393510]
               but task is already holding lock:
[ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd]
[ 8743.393618]
               which lock already depends on the new lock.

[ 8743.393623]
               the existing dependency chain (in reverse order) is:
[ 8743.393628]
               -> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}:
[ 8743.393648]        down_write_nested+0x9a/0x1b0
[ 8743.393660]        filename_create+0x128/0x270
[ 8743.393670]        do_mkdirat+0xab/0x1f0
[ 8743.393680]        __x64_sys_mkdir+0x47/0x60
[ 8743.393690]        do_syscall_64+0x5d/0x90
[ 8743.393701]        entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 8743.393711]
               -> #0 (sb_writers#8){.+.+}-{0:0}:
[ 8743.393728]        __lock_acquire+0x2201/0x3b80
[ 8743.393737]        lock_acquire+0x18f/0x440
[ 8743.393746]        mnt_want_write+0x5f/0x240
[ 8743.393755]        ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
[ 8743.393839]        ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd]
[ 8743.393924]        compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd]
[ 8743.394010]        smb2_open+0x3432/0x3cc0 [ksmbd]
[ 8743.394099]        handle_ksmbd_work+0x2c9/0x7b0 [ksmbd]
[ 8743.394187]        process_one_work+0x65a/0xb30
[ 8743.394198]        worker_thread+0x2cf/0x700
[ 8743.394209]        kthread+0x1ad/0x1f0
[ 8743.394218]        ret_from_fork+0x29/0x50

This patch add mnt_want_write() above parent inode lock and remove
nested mnt_want_write calls in smb2_open().

Fixes: 40b268d ("ksmbd: add mnt_want_write to ksmbd vfs functions")
Cc: [email protected]
Reported-by: Marios Makassikis <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit d8b90d6 upstream.

When scanning namespaces, it is possible to get valid data from the first
call to nvme_identify_ns() in nvme_alloc_ns(), but not from the second
call in nvme_update_ns_info_block().  In particular, if the NSID becomes
inactive between the two commands, a storage device may return a buffer
filled with zero as per 4.1.5.1.  In this case, we can get a kernel crash
due to a divide-by-zero in blk_stack_limits() because ns->lba_shift will
be set to zero.

PID: 326      TASK: ffff95fec3cd8000  CPU: 29   COMMAND: "kworker/u98:10"
 #0 [ffffad8f8702f9e0] machine_kexec at ffffffff91c76ec7
 #1 [ffffad8f8702fa38] __crash_kexec at ffffffff91dea4fa
 #2 [ffffad8f8702faf8] crash_kexec at ffffffff91deb788
 #3 [ffffad8f8702fb00] oops_end at ffffffff91c2e4bb
 #4 [ffffad8f8702fb20] do_trap at ffffffff91c2a4ce
 #5 [ffffad8f8702fb70] do_error_trap at ffffffff91c2a595
 #6 [ffffad8f8702fbb0] exc_divide_error at ffffffff928506e6
 #7 [ffffad8f8702fbd0] asm_exc_divide_error at ffffffff92a00926
    [exception RIP: blk_stack_limits+434]
    RIP: ffffffff92191872  RSP: ffffad8f8702fc80  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff95efa0c91800  RCX: 0000000000000001
    RDX: 0000000000000000  RSI: 0000000000000001  RDI: 0000000000000001
    RBP: 00000000ffffffff   R8: ffff95fec7df35a8   R9: 0000000000000000
    R10: 0000000000000000  R11: 0000000000000001  R12: 0000000000000000
    R13: 0000000000000000  R14: 0000000000000000  R15: ffff95fed33c09a8
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #8 [ffffad8f8702fce0] nvme_update_ns_info_block at ffffffffc06d3533 [nvme_core]
 grate-driver#9 [ffffad8f8702fd18] nvme_scan_ns at ffffffffc06d6fa7 [nvme_core]

This happened when the check for valid data was moved out of nvme_identify_ns()
into one of the callers.  Fix this by checking in both callers.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=218186
Fixes: 0dd6fff ("nvme: bring back auto-removal of deleted namespaces during sequential scan")
Cc: [email protected]
Signed-off-by: Ewan D. Milne <[email protected]>
Signed-off-by: Keith Busch <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 5cf4f52 upstream.

mmap_lock nests under uring_lock out of necessity, as we may be doing
user copies with uring_lock held. However, for mmap of provided buffer
rings, we attempt to grab uring_lock with mmap_lock already held from
do_mmap(). This makes lockdep, rightfully, complain:

WARNING: possible circular locking dependency detected
6.7.0-rc1-00009-gff3337ebaf94-dirty #4438 Not tainted
------------------------------------------------------
buf-ring.t/442 is trying to acquire lock:
ffff00020e1480a8 (&ctx->uring_lock){+.+.}-{3:3}, at: io_uring_validate_mmap_request.isra.0+0x4c/0x140

but task is already holding lock:
ffff0000dc226190 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x124/0x264

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #1 (&mm->mmap_lock){++++}-{3:3}:
       __might_fault+0x90/0xbc
       io_register_pbuf_ring+0x94/0x488
       __arm64_sys_io_uring_register+0x8dc/0x1318
       invoke_syscall+0x5c/0x17c
       el0_svc_common.constprop.0+0x108/0x130
       do_el0_svc+0x2c/0x38
       el0_svc+0x4c/0x94
       el0t_64_sync_handler+0x118/0x124
       el0t_64_sync+0x168/0x16c

-> #0 (&ctx->uring_lock){+.+.}-{3:3}:
       __lock_acquire+0x19a0/0x2d14
       lock_acquire+0x2e0/0x44c
       __mutex_lock+0x118/0x564
       mutex_lock_nested+0x20/0x28
       io_uring_validate_mmap_request.isra.0+0x4c/0x140
       io_uring_mmu_get_unmapped_area+0x3c/0x98
       get_unmapped_area+0xa4/0x158
       do_mmap+0xec/0x5b4
       vm_mmap_pgoff+0x158/0x264
       ksys_mmap_pgoff+0x1d4/0x254
       __arm64_sys_mmap+0x80/0x9c
       invoke_syscall+0x5c/0x17c
       el0_svc_common.constprop.0+0x108/0x130
       do_el0_svc+0x2c/0x38
       el0_svc+0x4c/0x94
       el0t_64_sync_handler+0x118/0x124
       el0t_64_sync+0x168/0x16c

From that mmap(2) path, we really just need to ensure that the buffer
list doesn't go away from underneath us. For the lower indexed entries,
they never go away until the ring is freed and we can always sanely
reference those as long as the caller has a file reference. For the
higher indexed ones in our xarray, we just need to ensure that the
buffer list remains valid while we return the address of it.

Free the higher indexed io_buffer_list entries via RCU. With that we can
avoid needing ->uring_lock inside mmap(2), and simply hold the RCU read
lock around the buffer list lookup and address check.

To ensure that the arrayed lookup either returns a valid fully formulated
entry via RCU lookup, add an 'is_ready' flag that we access with store
and release memory ordering. This isn't needed for the xarray lookups,
but doesn't hurt either. Since this isn't a fast path, retain it across
both types. Similarly, for the allocated array inside the ctx, ensure
we use the proper load/acquire as setup could in theory be running in
parallel with mmap.

While in there, add a few lockdep checks for documentation purposes.

Cc: [email protected]
Fixes: c56e022 ("io_uring: add support for user mapped provided buffer ring")
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit a524eab ]

As of commit b92143d ("net: dsa: mv88e6xxx: add infrastructure for
phylink_pcs") probing of a Marvell 88e6350 switch causes a NULL pointer
de-reference like this example:

    ...
    mv88e6085 d0072004.mdio-mii:11: switch 0x3710 detected: Marvell 88E6350, revision 2
    8<--- cut here ---
    Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
    [00000000] *pgd=00000000
    Internal error: Oops: 5 [#1] ARM
    Modules linked in:
    CPU: 0 PID: 8 Comm: kworker/u2:0 Not tainted 6.7.0-rc2-dirty grate-driver#26
    Hardware name: Marvell Armada 370/XP (Device Tree)
    Workqueue: events_unbound deferred_probe_work_func
    PC is at mv88e6xxx_port_setup+0x1c/0x44
    LR is at dsa_port_devlink_setup+0x74/0x154
    pc : [<c057ea24>]    lr : [<c0819598>]    psr: a0000013
    sp : c184fce0  ip : c542b8f4  fp : 00000000
    r10: 00000001  r9 : c542a540  r8 : c542bc00
    r7 : c542b838  r6 : c5244580  r5 : 00000005  r4 : c5244580
    r3 : 00000000  r2 : c542b840  r1 : 00000005  r0 : c1a02040
    ...

The Marvell 6350 switch has no SERDES interface and so has no
corresponding pcs_ops defined for it. But during probing a call is made
to mv88e6xxx_port_setup() which unconditionally expects pcs_ops to exist -
though the presence of the pcs_ops->pcs_init function is optional.

Modify code to check for pcs_ops first, before checking for and calling
pcs_ops->pcs_init. Modify checking and use of pcs_ops->pcs_teardown
which may potentially suffer the same problem.

Fixes: b92143d ("net: dsa: mv88e6xxx: add infrastructure for phylink_pcs")
Signed-off-by: Greg Ungerer <[email protected]>
Reviewed-by: Andrew Lunn <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit a2e36cd ]

This allows it to break the following circular locking dependency.

Aug 10 07:01:29 dg1test kernel: ======================================================
Aug 10 07:01:29 dg1test kernel: WARNING: possible circular locking dependency detected
Aug 10 07:01:29 dg1test kernel: 6.4.0-rc7+ grate-driver#10 Not tainted
Aug 10 07:01:29 dg1test kernel: ------------------------------------------------------
Aug 10 07:01:29 dg1test kernel: wireplumber/2236 is trying to acquire lock:
Aug 10 07:01:29 dg1test kernel: ffff8fca5320da18 (&fctx->lock){-...}-{2:2}, at: nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau]
Aug 10 07:01:29 dg1test kernel:
                                but task is already holding lock:
Aug 10 07:01:29 dg1test kernel: ffff8fca41208610 (&event->list_lock#2){-...}-{2:2}, at: nvkm_event_ntfy+0x50/0xf0 [nouveau]
Aug 10 07:01:29 dg1test kernel:
                                which lock already depends on the new lock.
Aug 10 07:01:29 dg1test kernel:
                                the existing dependency chain (in reverse order) is:
Aug 10 07:01:29 dg1test kernel:
                                -> #3 (&event->list_lock#2){-...}-{2:2}:
Aug 10 07:01:29 dg1test kernel:        _raw_spin_lock_irqsave+0x4b/0x70
Aug 10 07:01:29 dg1test kernel:        nvkm_event_ntfy+0x50/0xf0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        ga100_fifo_nonstall_intr+0x24/0x30 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_intr+0x12c/0x240 [nouveau]
Aug 10 07:01:29 dg1test kernel:        __handle_irq_event_percpu+0x88/0x240
Aug 10 07:01:29 dg1test kernel:        handle_irq_event+0x38/0x80
Aug 10 07:01:29 dg1test kernel:        handle_edge_irq+0xa3/0x240
Aug 10 07:01:29 dg1test kernel:        __common_interrupt+0x72/0x160
Aug 10 07:01:29 dg1test kernel:        common_interrupt+0x60/0xe0
Aug 10 07:01:29 dg1test kernel:        asm_common_interrupt+0x26/0x40
Aug 10 07:01:29 dg1test kernel:
                                -> #2 (&device->intr.lock){-...}-{2:2}:
Aug 10 07:01:29 dg1test kernel:        _raw_spin_lock_irqsave+0x4b/0x70
Aug 10 07:01:29 dg1test kernel:        nvkm_inth_allow+0x2c/0x80 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_event_ntfy_state+0x181/0x250 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_event_ntfy_allow+0x63/0xd0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_uevent_mthd+0x4d/0x70 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_ioctl+0x10b/0x250 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvif_object_mthd+0xa8/0x1f0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvif_event_allow+0x2a/0xa0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nouveau_fence_enable_signaling+0x78/0x80 [nouveau]
Aug 10 07:01:29 dg1test kernel:        __dma_fence_enable_signaling+0x5e/0x100
Aug 10 07:01:29 dg1test kernel:        dma_fence_add_callback+0x4b/0xd0
Aug 10 07:01:29 dg1test kernel:        nouveau_cli_work_queue+0xae/0x110 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nouveau_gem_object_close+0x1d1/0x2a0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        drm_gem_handle_delete+0x70/0xe0 [drm]
Aug 10 07:01:29 dg1test kernel:        drm_ioctl_kernel+0xa5/0x150 [drm]
Aug 10 07:01:29 dg1test kernel:        drm_ioctl+0x256/0x490 [drm]
Aug 10 07:01:29 dg1test kernel:        nouveau_drm_ioctl+0x5a/0xb0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        __x64_sys_ioctl+0x91/0xd0
Aug 10 07:01:29 dg1test kernel:        do_syscall_64+0x3c/0x90
Aug 10 07:01:29 dg1test kernel:        entry_SYSCALL_64_after_hwframe+0x72/0xdc
Aug 10 07:01:29 dg1test kernel:
                                -> #1 (&event->refs_lock#4){....}-{2:2}:
Aug 10 07:01:29 dg1test kernel:        _raw_spin_lock_irqsave+0x4b/0x70
Aug 10 07:01:29 dg1test kernel:        nvkm_event_ntfy_state+0x37/0x250 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_event_ntfy_allow+0x63/0xd0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_uevent_mthd+0x4d/0x70 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_ioctl+0x10b/0x250 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvif_object_mthd+0xa8/0x1f0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvif_event_allow+0x2a/0xa0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nouveau_fence_enable_signaling+0x78/0x80 [nouveau]
Aug 10 07:01:29 dg1test kernel:        __dma_fence_enable_signaling+0x5e/0x100
Aug 10 07:01:29 dg1test kernel:        dma_fence_add_callback+0x4b/0xd0
Aug 10 07:01:29 dg1test kernel:        nouveau_cli_work_queue+0xae/0x110 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nouveau_gem_object_close+0x1d1/0x2a0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        drm_gem_handle_delete+0x70/0xe0 [drm]
Aug 10 07:01:29 dg1test kernel:        drm_ioctl_kernel+0xa5/0x150 [drm]
Aug 10 07:01:29 dg1test kernel:        drm_ioctl+0x256/0x490 [drm]
Aug 10 07:01:29 dg1test kernel:        nouveau_drm_ioctl+0x5a/0xb0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        __x64_sys_ioctl+0x91/0xd0
Aug 10 07:01:29 dg1test kernel:        do_syscall_64+0x3c/0x90
Aug 10 07:01:29 dg1test kernel:        entry_SYSCALL_64_after_hwframe+0x72/0xdc
Aug 10 07:01:29 dg1test kernel:
                                -> #0 (&fctx->lock){-...}-{2:2}:
Aug 10 07:01:29 dg1test kernel:        __lock_acquire+0x14e3/0x2240
Aug 10 07:01:29 dg1test kernel:        lock_acquire+0xc8/0x2a0
Aug 10 07:01:29 dg1test kernel:        _raw_spin_lock_irqsave+0x4b/0x70
Aug 10 07:01:29 dg1test kernel:        nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_client_event+0xf/0x20 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_event_ntfy+0x9b/0xf0 [nouveau]
Aug 10 07:01:29 dg1test kernel:        ga100_fifo_nonstall_intr+0x24/0x30 [nouveau]
Aug 10 07:01:29 dg1test kernel:        nvkm_intr+0x12c/0x240 [nouveau]
Aug 10 07:01:29 dg1test kernel:        __handle_irq_event_percpu+0x88/0x240
Aug 10 07:01:29 dg1test kernel:        handle_irq_event+0x38/0x80
Aug 10 07:01:29 dg1test kernel:        handle_edge_irq+0xa3/0x240
Aug 10 07:01:29 dg1test kernel:        __common_interrupt+0x72/0x160
Aug 10 07:01:29 dg1test kernel:        common_interrupt+0x60/0xe0
Aug 10 07:01:29 dg1test kernel:        asm_common_interrupt+0x26/0x40
Aug 10 07:01:29 dg1test kernel:
                                other info that might help us debug this:
Aug 10 07:01:29 dg1test kernel: Chain exists of:
                                  &fctx->lock --> &device->intr.lock --> &event->list_lock#2
Aug 10 07:01:29 dg1test kernel:  Possible unsafe locking scenario:
Aug 10 07:01:29 dg1test kernel:        CPU0                    CPU1
Aug 10 07:01:29 dg1test kernel:        ----                    ----
Aug 10 07:01:29 dg1test kernel:   lock(&event->list_lock#2);
Aug 10 07:01:29 dg1test kernel:                                lock(&device->intr.lock);
Aug 10 07:01:29 dg1test kernel:                                lock(&event->list_lock#2);
Aug 10 07:01:29 dg1test kernel:   lock(&fctx->lock);
Aug 10 07:01:29 dg1test kernel:
                                 *** DEADLOCK ***
Aug 10 07:01:29 dg1test kernel: 2 locks held by wireplumber/2236:
Aug 10 07:01:29 dg1test kernel:  #0: ffff8fca53177bf8 (&device->intr.lock){-...}-{2:2}, at: nvkm_intr+0x29/0x240 [nouveau]
Aug 10 07:01:29 dg1test kernel:  #1: ffff8fca41208610 (&event->list_lock#2){-...}-{2:2}, at: nvkm_event_ntfy+0x50/0xf0 [nouveau]
Aug 10 07:01:29 dg1test kernel:
                                stack backtrace:
Aug 10 07:01:29 dg1test kernel: CPU: 6 PID: 2236 Comm: wireplumber Not tainted 6.4.0-rc7+ grate-driver#10
Aug 10 07:01:29 dg1test kernel: Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021
Aug 10 07:01:29 dg1test kernel: Call Trace:
Aug 10 07:01:29 dg1test kernel:  <TASK>
Aug 10 07:01:29 dg1test kernel:  dump_stack_lvl+0x5b/0x90
Aug 10 07:01:29 dg1test kernel:  check_noncircular+0xe2/0x110
Aug 10 07:01:29 dg1test kernel:  __lock_acquire+0x14e3/0x2240
Aug 10 07:01:29 dg1test kernel:  lock_acquire+0xc8/0x2a0
Aug 10 07:01:29 dg1test kernel:  ? nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau]
Aug 10 07:01:29 dg1test kernel:  ? lock_acquire+0xc8/0x2a0
Aug 10 07:01:29 dg1test kernel:  _raw_spin_lock_irqsave+0x4b/0x70
Aug 10 07:01:29 dg1test kernel:  ? nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau]
Aug 10 07:01:29 dg1test kernel:  nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau]
Aug 10 07:01:29 dg1test kernel:  nvkm_client_event+0xf/0x20 [nouveau]
Aug 10 07:01:29 dg1test kernel:  nvkm_event_ntfy+0x9b/0xf0 [nouveau]
Aug 10 07:01:29 dg1test kernel:  ga100_fifo_nonstall_intr+0x24/0x30 [nouveau]
Aug 10 07:01:29 dg1test kernel:  nvkm_intr+0x12c/0x240 [nouveau]
Aug 10 07:01:29 dg1test kernel:  __handle_irq_event_percpu+0x88/0x240
Aug 10 07:01:29 dg1test kernel:  handle_irq_event+0x38/0x80
Aug 10 07:01:29 dg1test kernel:  handle_edge_irq+0xa3/0x240
Aug 10 07:01:29 dg1test kernel:  __common_interrupt+0x72/0x160
Aug 10 07:01:29 dg1test kernel:  common_interrupt+0x60/0xe0
Aug 10 07:01:29 dg1test kernel:  asm_common_interrupt+0x26/0x40
Aug 10 07:01:29 dg1test kernel: RIP: 0033:0x7fb66174d700
Aug 10 07:01:29 dg1test kernel: Code: c1 e2 05 29 ca 8d 0c 10 0f be 07 84 c0 75 eb 89 c8 c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa e9 d7 0f fc ff 0f 1f 80 00 00 00 00 <f3> 0f 1e fa e9 c7 0f fc>
Aug 10 07:01:29 dg1test kernel: RSP: 002b:00007ffdd3c48438 EFLAGS: 00000206
Aug 10 07:01:29 dg1test kernel: RAX: 000055bb758763c0 RBX: 000055bb758752c0 RCX: 00000000000028b0
Aug 10 07:01:29 dg1test kernel: RDX: 000055bb758752c0 RSI: 000055bb75887490 RDI: 000055bb75862950
Aug 10 07:01:29 dg1test kernel: RBP: 00007ffdd3c48490 R08: 000055bb75873b10 R09: 0000000000000001
Aug 10 07:01:29 dg1test kernel: R10: 0000000000000004 R11: 000055bb7587f000 R12: 000055bb75887490
Aug 10 07:01:29 dg1test kernel: R13: 000055bb757f6280 R14: 000055bb758875c0 R15: 000055bb757f6280
Aug 10 07:01:29 dg1test kernel:  </TASK>

Signed-off-by: Dave Airlie <[email protected]>
Tested-by: Danilo Krummrich <[email protected]>
Reviewed-by: Danilo Krummrich <[email protected]>
Signed-off-by: Danilo Krummrich <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit 2b78832 ]

When removing the irdma driver or unplugging its aux device, the ccq
queue is released before destorying the cqp_cmpl_wq queue.
But in the window, there may still be completion events for wqes. That
will cause a UAF in irdma_sc_ccq_get_cqe_info().

[34693.333191] BUG: KASAN: use-after-free in irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma]
[34693.333194] Read of size 8 at addr ffff889097f80818 by task kworker/u67:1/26327
[34693.333194]
[34693.333199] CPU: 9 PID: 26327 Comm: kworker/u67:1 Kdump: loaded Tainted: G           O     --------- -t - 4.18.0 #1
[34693.333200] Hardware name: SANGFOR Inspur/NULL, BIOS 4.1.13 08/01/2016
[34693.333211] Workqueue: cqp_cmpl_wq cqp_compl_worker [irdma]
[34693.333213] Call Trace:
[34693.333220]  dump_stack+0x71/0xab
[34693.333226]  print_address_description+0x6b/0x290
[34693.333238]  ? irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma]
[34693.333240]  kasan_report+0x14a/0x2b0
[34693.333251]  irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma]
[34693.333264]  ? irdma_free_cqp_request+0x151/0x1e0 [irdma]
[34693.333274]  irdma_cqp_ce_handler+0x1fb/0x3b0 [irdma]
[34693.333285]  ? irdma_ctrl_init_hw+0x2c20/0x2c20 [irdma]
[34693.333290]  ? __schedule+0x836/0x1570
[34693.333293]  ? strscpy+0x83/0x180
[34693.333296]  process_one_work+0x56a/0x11f0
[34693.333298]  worker_thread+0x8f/0xf40
[34693.333301]  ? __kthread_parkme+0x78/0xf0
[34693.333303]  ? rescuer_thread+0xc50/0xc50
[34693.333305]  kthread+0x2a0/0x390
[34693.333308]  ? kthread_destroy_worker+0x90/0x90
[34693.333310]  ret_from_fork+0x1f/0x40

Fixes: 44d9e52 ("RDMA/irdma: Implement device initialization definitions")
Signed-off-by: Shifeng Li <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Acked-by: Shiraz Saleem <[email protected]>
Signed-off-by: Leon Romanovsky <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit e3e82fc ]

When creating ceq_0 during probing irdma, cqp.sc_cqp will be sent as a
cqp_request to cqp->sc_cqp.sq_ring. If the request is pending when
removing the irdma driver or unplugging its aux device, cqp.sc_cqp will be
dereferenced as wrong struct in irdma_free_pending_cqp_request().

  PID: 3669   TASK: ffff88aef892c000  CPU: 28  COMMAND: "kworker/28:0"
   #0 [fffffe0000549e38] crash_nmi_callback at ffffffff810e3a34
   #1 [fffffe0000549e40] nmi_handle at ffffffff810788b2
   #2 [fffffe0000549ea0] default_do_nmi at ffffffff8107938f
   #3 [fffffe0000549eb8] do_nmi at ffffffff81079582
   #4 [fffffe0000549ef0] end_repeat_nmi at ffffffff82e016b4
      [exception RIP: native_queued_spin_lock_slowpath+1291]
      RIP: ffffffff8127e72b  RSP: ffff88aa841ef778  RFLAGS: 00000046
      RAX: 0000000000000000  RBX: ffff88b01f849700  RCX: ffffffff8127e47e
      RDX: 0000000000000000  RSI: 0000000000000004  RDI: ffffffff83857ec0
      RBP: ffff88afe3e4efc8   R8: ffffed15fc7c9dfa   R9: ffffed15fc7c9dfa
      R10: 0000000000000001  R11: ffffed15fc7c9df9  R12: 0000000000740000
      R13: ffff88b01f849708  R14: 0000000000000003  R15: ffffed1603f092e1
      ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0000
  -- <NMI exception stack> --
   #5 [ffff88aa841ef778] native_queued_spin_lock_slowpath at ffffffff8127e72b
   #6 [ffff88aa841ef7b0] _raw_spin_lock_irqsave at ffffffff82c22aa4
   #7 [ffff88aa841ef7c8] __wake_up_common_lock at ffffffff81257363
   #8 [ffff88aa841ef888] irdma_free_pending_cqp_request at ffffffffa0ba12cc [irdma]
   grate-driver#9 [ffff88aa841ef958] irdma_cleanup_pending_cqp_op at ffffffffa0ba1469 [irdma]
   grate-driver#10 [ffff88aa841ef9c0] irdma_ctrl_deinit_hw at ffffffffa0b2989f [irdma]
   grate-driver#11 [ffff88aa841efa28] irdma_remove at ffffffffa0b252df [irdma]
   grate-driver#12 [ffff88aa841efae8] auxiliary_bus_remove at ffffffff8219afdb
   grate-driver#13 [ffff88aa841efb00] device_release_driver_internal at ffffffff821882e6
   grate-driver#14 [ffff88aa841efb38] bus_remove_device at ffffffff82184278
   grate-driver#15 [ffff88aa841efb88] device_del at ffffffff82179d23
   grate-driver#16 [ffff88aa841efc48] ice_unplug_aux_dev at ffffffffa0eb1c14 [ice]
   grate-driver#17 [ffff88aa841efc68] ice_service_task at ffffffffa0d88201 [ice]
   grate-driver#18 [ffff88aa841efde8] process_one_work at ffffffff811c589a
   grate-driver#19 [ffff88aa841efe60] worker_thread at ffffffff811c71ff
   grate-driver#20 [ffff88aa841eff10] kthread at ffffffff811d87a0
   grate-driver#21 [ffff88aa841eff50] ret_from_fork at ffffffff82e0022f

Fixes: 44d9e52 ("RDMA/irdma: Implement device initialization definitions")
Link: https://lore.kernel.org/r/[email protected]
Suggested-by: "Ismail, Mustafa" <[email protected]>
Signed-off-by: Shifeng Li <[email protected]>
Reviewed-by: Shiraz Saleem <[email protected]>
Signed-off-by: Jason Gunthorpe <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit ed5b7cf ]

We need to probe for IOCP only once during boot stage, as we were probing
for IOCP for all the stages this caused the below issue during module-init
stage,

[9.019104] Unable to handle kernel paging request at virtual address ffffffff8100d3a0
[9.027153] Oops [#1]
[9.029421] Modules linked in: rcar_canfd renesas_usbhs i2c_riic can_dev spi_rspi i2c_core
[9.037686] CPU: 0 PID: 90 Comm: udevd Not tainted 6.7.0-rc1+ grate-driver#57
[9.043756] Hardware name: Renesas SMARC EVK based on r9a07g043f01 (DT)
[9.050339] epc : riscv_noncoherent_supported+0x10/0x3e
[9.055558]  ra : andes_errata_patch_func+0x4a/0x52
[9.060418] epc : ffffffff8000d8c2 ra : ffffffff8000d95c sp : ffffffc8003abb00
[9.067607]  gp : ffffffff814e25a0 tp : ffffffd80361e540 t0 : 0000000000000000
[9.074795]  t1 : 000000000900031e t2 : 0000000000000001 s0 : ffffffc8003abb20
[9.081984]  s1 : ffffffff015b57c7 a0 : 0000000000000000 a1 : 0000000000000001
[9.089172]  a2 : 0000000000000000 a3 : 0000000000000000 a4 : ffffffff8100d8be
[9.096360]  a5 : 0000000000000001 a6 : 0000000000000001 a7 : 000000000900031e
[9.103548]  s2 : ffffffff015b57d7 s3 : 0000000000000001 s4 : 000000000000031e
[9.110736]  s5 : 8000000000008a45 s6 : 0000000000000500 s7 : 000000000000003f
[9.117924]  s8 : ffffffc8003abd48 s9 : ffffffff015b1140 s10: ffffffff8151a1b0
[9.125113]  s11: ffffffff015b1000 t3 : 0000000000000001 t4 : fefefefefefefeff
[9.132301]  t5 : ffffffff015b57c7 t6 : ffffffd8b63a6000
[9.137587] status: 0000000200000120 badaddr: ffffffff8100d3a0 cause: 000000000000000f
[9.145468] [<ffffffff8000d8c2>] riscv_noncoherent_supported+0x10/0x3e
[9.151972] [<ffffffff800027e8>] _apply_alternatives+0x84/0x86
[9.157784] [<ffffffff800029be>] apply_module_alternatives+0x10/0x1a
[9.164113] [<ffffffff80008fcc>] module_finalize+0x5e/0x7a
[9.169583] [<ffffffff80085cd6>] load_module+0xfd8/0x179c
[9.174965] [<ffffffff80086630>] init_module_from_file+0x76/0xaa
[9.180948] [<ffffffff800867f6>] __riscv_sys_finit_module+0x176/0x2a8
[9.187365] [<ffffffff80889862>] do_trap_ecall_u+0xbe/0x130
[9.192922] [<ffffffff808920bc>] ret_from_exception+0x0/0x64
[9.198573] Code: 0009 b7e9 6797 014d a783 85a7 c799 4785 0717 0100 (0123) aef7
[9.205994] ---[ end trace 0000000000000000 ]---

This is because we called riscv_noncoherent_supported() for all the stages
during IOCP probe. riscv_noncoherent_supported() function sets
noncoherent_supported variable to true which has an annotation set to
"__ro_after_init" due to which we were seeing the above splat. Fix this by
probing for IOCP only once in boot stage by having a boolean variable
"done" which will be set to true upon IOCP probe in errata_probe_iocp()
and we bail out early if "done" is set to true.

While at it make return type of errata_probe_iocp() to void as we were
not checking the return value in andes_errata_patch_func().

Fixes: e021ae7 ("riscv: errata: Add Andes alternative ports")
Signed-off-by: Lad Prabhakar <[email protected]>
Reviewed-by: Geert Uytterhoeven <[email protected]>
Reviewed-by: Yu Chien Peter Lin <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Palmer Dabbelt <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 2b3a7a3 upstream.

The pcm state can be SNDRV_PCM_STATE_DISCONNECTED at disconnect
callback, and there is not an entry of SNDRV_PCM_STATE_DISCONNECTED
in snd_pcm_state_names.

This patch adds the missing entry to resolve this issue.

cat /proc/asound/card2/pcm0p/sub0/status
That results in stack traces like the following:

[   99.702732][ T5171] Unexpected kernel BRK exception at EL1
[   99.702774][ T5171] Internal error: BRK handler: f2005512 [#1] PREEMPT SMP
[   99.703858][ T5171] Modules linked in: bcmdhd(E) (...)
[   99.747425][ T5171] CPU: 3 PID: 5171 Comm: cat Tainted: G         C OE     5.10.189-android13-4-00003-g4a17384380d8-ab11086999 #1
[   99.748447][ T5171] Hardware name: Rockchip RK3588 CVTE V10 Board (DT)
[   99.749024][ T5171] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[   99.749616][ T5171] pc : snd_pcm_substream_proc_status_read+0x264/0x2bc
[   99.750204][ T5171] lr : snd_pcm_substream_proc_status_read+0xa4/0x2bc
[   99.750778][ T5171] sp : ffffffc0175abae0
[   99.751132][ T5171] x29: ffffffc0175abb80 x28: ffffffc009a2c498
[   99.751665][ T5171] x27: 0000000000000001 x26: ffffff810cbae6e8
[   99.752199][ T5171] x25: 0000000000400cc0 x24: ffffffc0175abc60
[   99.752729][ T5171] x23: 0000000000000000 x22: ffffff802f558400
[   99.753263][ T5171] x21: ffffff81d8d8ff00 x20: ffffff81020cdc00
[   99.753795][ T5171] x19: ffffff802d110000 x18: ffffffc014fbd058
[   99.754326][ T5171] x17: 0000000000000000 x16: 0000000000000000
[   99.754861][ T5171] x15: 000000000000c276 x14: ffffffff9a976fda
[   99.755392][ T5171] x13: 0000000065689089 x12: 000000000000d72e
[   99.755923][ T5171] x11: ffffff802d110000 x10: 00000000000000e0
[   99.756457][ T5171] x9 : 9c431600c8385d00 x8 : 0000000000000008
[   99.756990][ T5171] x7 : 0000000000000000 x6 : 000000000000003f
[   99.757522][ T5171] x5 : 0000000000000040 x4 : ffffffc0175abb70
[   99.758056][ T5171] x3 : 0000000000000001 x2 : 0000000000000001
[   99.758588][ T5171] x1 : 0000000000000000 x0 : 0000000000000000
[   99.759123][ T5171] Call trace:
[   99.759404][ T5171]  snd_pcm_substream_proc_status_read+0x264/0x2bc
[   99.759958][ T5171]  snd_info_seq_show+0x54/0xa4
[   99.760370][ T5171]  seq_read_iter+0x19c/0x7d4
[   99.760770][ T5171]  seq_read+0xf0/0x128
[   99.761117][ T5171]  proc_reg_read+0x100/0x1f8
[   99.761515][ T5171]  vfs_read+0xf4/0x354
[   99.761869][ T5171]  ksys_read+0x7c/0x148
[   99.762226][ T5171]  __arm64_sys_read+0x20/0x30
[   99.762625][ T5171]  el0_svc_common+0xd0/0x1e4
[   99.763023][ T5171]  el0_svc+0x28/0x98
[   99.763358][ T5171]  el0_sync_handler+0x8c/0xf0
[   99.763759][ T5171]  el0_sync+0x1b8/0x1c0
[   99.764118][ T5171] Code: d65f03c0 b9406102 17ffffae 94191565 (d42aa240)
[   99.764715][ T5171] ---[ end trace 1eeffa3e17c58e10 ]---
[   99.780720][ T5171] Kernel panic - not syncing: BRK handler: Fatal exception

Signed-off-by: Jason Zhang <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit fe2b122 upstream.

When working on LED support for r8169 I got the following lockdep
warning. Easiest way to prevent this scenario seems to be to take
the RTNL lock before the trigger_data lock in set_device_name().

======================================================
WARNING: possible circular locking dependency detected
6.7.0-rc2-next-20231124+ #2 Not tainted
------------------------------------------------------
bash/383 is trying to acquire lock:
ffff888103aa1c68 (&trigger_data->lock){+.+.}-{3:3}, at: netdev_trig_notify+0xec/0x190 [ledtrig_netdev]

but task is already holding lock:
ffffffff8cddf808 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x12/0x20

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #1 (rtnl_mutex){+.+.}-{3:3}:
       __mutex_lock+0x9b/0xb50
       mutex_lock_nested+0x16/0x20
       rtnl_lock+0x12/0x20
       set_device_name+0xa9/0x120 [ledtrig_netdev]
       netdev_trig_activate+0x1a1/0x230 [ledtrig_netdev]
       led_trigger_set+0x172/0x2c0
       led_trigger_write+0xf1/0x140
       sysfs_kf_bin_write+0x5d/0x80
       kernfs_fop_write_iter+0x15d/0x210
       vfs_write+0x1f0/0x510
       ksys_write+0x6c/0xf0
       __x64_sys_write+0x14/0x20
       do_syscall_64+0x3f/0xf0
       entry_SYSCALL_64_after_hwframe+0x6c/0x74

-> #0 (&trigger_data->lock){+.+.}-{3:3}:
       __lock_acquire+0x1459/0x25a0
       lock_acquire+0xc8/0x2d0
       __mutex_lock+0x9b/0xb50
       mutex_lock_nested+0x16/0x20
       netdev_trig_notify+0xec/0x190 [ledtrig_netdev]
       call_netdevice_register_net_notifiers+0x5a/0x100
       register_netdevice_notifier+0x85/0x120
       netdev_trig_activate+0x1d4/0x230 [ledtrig_netdev]
       led_trigger_set+0x172/0x2c0
       led_trigger_write+0xf1/0x140
       sysfs_kf_bin_write+0x5d/0x80
       kernfs_fop_write_iter+0x15d/0x210
       vfs_write+0x1f0/0x510
       ksys_write+0x6c/0xf0
       __x64_sys_write+0x14/0x20
       do_syscall_64+0x3f/0xf0
       entry_SYSCALL_64_after_hwframe+0x6c/0x74

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(rtnl_mutex);
                               lock(&trigger_data->lock);
                               lock(rtnl_mutex);
  lock(&trigger_data->lock);

 *** DEADLOCK ***

8 locks held by bash/383:
 #0: ffff888103ff33f0 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x6c/0xf0
 #1: ffff888103aa1e88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x114/0x210
 #2: ffff8881036f1890 (kn->active#82){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x11d/0x210
 #3: ffff888108e2c358 (&led_cdev->led_access){+.+.}-{3:3}, at: led_trigger_write+0x30/0x140
 #4: ffffffff8cdd9e10 (triggers_list_lock){++++}-{3:3}, at: led_trigger_write+0x75/0x140
 #5: ffff888108e2c270 (&led_cdev->trigger_lock){++++}-{3:3}, at: led_trigger_write+0xe3/0x140
 #6: ffffffff8cdde3d0 (pernet_ops_rwsem){++++}-{3:3}, at: register_netdevice_notifier+0x1c/0x120
 #7: ffffffff8cddf808 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x12/0x20

stack backtrace:
CPU: 0 PID: 383 Comm: bash Not tainted 6.7.0-rc2-next-20231124+ #2
Hardware name: Default string Default string/Default string, BIOS ADLN.M6.SODIMM.ZB.CY.015 08/08/2023
Call Trace:
 <TASK>
 dump_stack_lvl+0x5c/0xd0
 dump_stack+0x10/0x20
 print_circular_bug+0x2dd/0x410
 check_noncircular+0x131/0x150
 __lock_acquire+0x1459/0x25a0
 lock_acquire+0xc8/0x2d0
 ? netdev_trig_notify+0xec/0x190 [ledtrig_netdev]
 __mutex_lock+0x9b/0xb50
 ? netdev_trig_notify+0xec/0x190 [ledtrig_netdev]
 ? __this_cpu_preempt_check+0x13/0x20
 ? netdev_trig_notify+0xec/0x190 [ledtrig_netdev]
 ? __cancel_work_timer+0x11c/0x1b0
 ? __mutex_lock+0x123/0xb50
 mutex_lock_nested+0x16/0x20
 ? mutex_lock_nested+0x16/0x20
 netdev_trig_notify+0xec/0x190 [ledtrig_netdev]
 call_netdevice_register_net_notifiers+0x5a/0x100
 register_netdevice_notifier+0x85/0x120
 netdev_trig_activate+0x1d4/0x230 [ledtrig_netdev]
 led_trigger_set+0x172/0x2c0
 ? preempt_count_add+0x49/0xc0
 led_trigger_write+0xf1/0x140
 sysfs_kf_bin_write+0x5d/0x80
 kernfs_fop_write_iter+0x15d/0x210
 vfs_write+0x1f0/0x510
 ksys_write+0x6c/0xf0
 __x64_sys_write+0x14/0x20
 do_syscall_64+0x3f/0xf0
 entry_SYSCALL_64_after_hwframe+0x6c/0x74
RIP: 0033:0x7f269055d034
Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d 35 c3 0d 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 48 89 54 24 18 48
RSP: 002b:00007ffddb7ef748 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f269055d034
RDX: 0000000000000007 RSI: 000055bf5f4af3c0 RDI: 0000000000000001
RBP: 000055bf5f4af3c0 R08: 0000000000000073 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000007
R13: 00007f26906325c0 R14: 00007f269062ff20 R15: 0000000000000000
 </TASK>

Fixes: d5e0126 ("leds: trigger: netdev: add additional specific link speed mode")
Cc: [email protected]
Signed-off-by: Heiner Kallweit <[email protected]>
Reviewed-by: Andrew Lunn <[email protected]>
Acked-by: Lee Jones <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
commit 187da0f upstream.

The routine __vma_private_lock tests for the existence of a reserve map
associated with a private hugetlb mapping.  A pointer to the reserve map
is in vma->vm_private_data.  __vma_private_lock was checking the pointer
for NULL.  However, it is possible that the low bits of the pointer could
be used as flags.  In such instances, vm_private_data is not NULL and not
a valid pointer.  This results in the null-ptr-deref reported by syzbot:

general protection fault, probably for non-canonical address 0xdffffc000000001d:
 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000e8-0x00000000000000ef]
CPU: 0 PID: 5048 Comm: syz-executor139 Not tainted 6.6.0-rc7-syzkaller-00142-g88
8cf78c29e2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 1
0/09/2023
RIP: 0010:__lock_acquire+0x109/0x5de0 kernel/locking/lockdep.c:5004
...
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5753 [inline]
 lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
 down_write+0x93/0x200 kernel/locking/rwsem.c:1573
 hugetlb_vma_lock_write mm/hugetlb.c:300 [inline]
 hugetlb_vma_lock_write+0xae/0x100 mm/hugetlb.c:291
 __hugetlb_zap_begin+0x1e9/0x2b0 mm/hugetlb.c:5447
 hugetlb_zap_begin include/linux/hugetlb.h:258 [inline]
 unmap_vmas+0x2f4/0x470 mm/memory.c:1733
 exit_mmap+0x1ad/0xa60 mm/mmap.c:3230
 __mmput+0x12a/0x4d0 kernel/fork.c:1349
 mmput+0x62/0x70 kernel/fork.c:1371
 exit_mm kernel/exit.c:567 [inline]
 do_exit+0x9ad/0x2a20 kernel/exit.c:861
 __do_sys_exit kernel/exit.c:991 [inline]
 __se_sys_exit kernel/exit.c:989 [inline]
 __x64_sys_exit+0x42/0x50 kernel/exit.c:989
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Mask off low bit flags before checking for NULL pointer.  In addition, the
reserve map only 'belongs' to the OWNER (parent in parent/child
relationships) so also check for the OWNER flag.

Link: https://lkml.kernel.org/r/[email protected]
Reported-by: [email protected]
Closes: https://lore.kernel.org/linux-mm/[email protected]/
Fixes: bf49169 ("hugetlbfs: extend hugetlb_vma_lock to private VMAs")
Signed-off-by: Mike Kravetz <[email protected]>
Reviewed-by: Rik van Riel <[email protected]>
Cc: Edward Adam Davis <[email protected]>
Cc: Muchun Song <[email protected]>
Cc: Nathan Chancellor <[email protected]>
Cc: Nick Desaulniers <[email protected]>
Cc: Tom Rix <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit 287e82c ]

Partially revert the change in commit 6148652 ("coresight: Enable
and disable helper devices adjacent to the path") which changed the bare
call from source_ops(csdev)->enable() to coresight_enable_source() for
Perf sessions. It was missed that coresight_enable_source() is
specifically for the sysfs interface, rather than being a generic call.
This interferes with the sysfs reference counting to cause the following
crash:

  $ perf record -e cs_etm/@tmc_etr0/ -C 0 &
  $ echo 1 > /sys/bus/coresight/devices/tmc_etr0/enable_sink
  $ echo 1 > /sys/bus/coresight/devices/etm0/enable_source
  $ echo 0 > /sys/bus/coresight/devices/etm0/enable_source

  Unable to handle kernel NULL pointer dereference at virtual
  address 00000000000001d0
  Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
  ...
  Call trace:
   etm4_disable+0x54/0x150 [coresight_etm4x]
   coresight_disable_source+0x6c/0x98 [coresight]
   coresight_disable+0x74/0x1c0 [coresight]
   enable_source_store+0x88/0xa0 [coresight]
   dev_attr_store+0x20/0x40
   sysfs_kf_write+0x4c/0x68
   kernfs_fop_write_iter+0x120/0x1b8
   vfs_write+0x2dc/0x3b0
   ksys_write+0x70/0x108
   __arm64_sys_write+0x24/0x38
   invoke_syscall+0x50/0x128
   el0_svc_common.constprop.0+0x104/0x130
   do_el0_svc+0x40/0xb8
   el0_svc+0x2c/0xb8
   el0t_64_sync_handler+0xc0/0xc8
   el0t_64_sync+0x1a4/0x1a8
  Code: d53cd042 91002000 b9402a81 b8626800 (f940ead5)
  ---[ end trace 0000000000000000 ]---

This commit linked below also fixes the issue, but has unlocked updates
to the mode which could potentially race. So until we come up with a
more complete solution that takes all locking and interaction between
both modes into account, just revert back to the old behavior for Perf.

Reported-by: Junhao He <[email protected]>
Closes: https://lore.kernel.org/linux-arm-kernel/[email protected]/
Fixes: 6148652 ("coresight: Enable and disable helper devices adjacent to the path")
Tested-by: Junhao He <[email protected]>
Signed-off-by: James Clark <[email protected]>
Signed-off-by: Suzuki K Poulose <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit b841128 ]

When we to enable the SMB by perf, the perf sched will call perf_ctx_lock()
to close system preempt in event_function_call(). But SMB::enable_smb() use
mutex to lock the critical section, which may sleep.

 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 153023, name: perf
 preempt_count: 2, expected: 0
 RCU nest depth: 0, expected: 0
 INFO: lockdep is turned off.
 irq event stamp: 0
 hardirqs last  enabled at (0): [<0000000000000000>] 0x0
 hardirqs last disabled at (0): [<ffffa2983f5c5f40>] copy_process+0xae8/0x2b48
 softirqs last  enabled at (0): [<ffffa2983f5c5f40>] copy_process+0xae8/0x2b48
 softirqs last disabled at (0): [<0000000000000000>] 0x0
 CPU: 2 PID: 153023 Comm: perf Kdump: loaded Tainted: G   W  O   6.5.0-rc4+ #1

 Call trace:
 ...
  __mutex_lock+0xbc/0xa70
  mutex_lock_nested+0x34/0x48
  smb_update_buffer+0x58/0x360 [ultrasoc_smb]
  etm_event_stop+0x204/0x2d8 [coresight]
  etm_event_del+0x1c/0x30 [coresight]
  event_sched_out+0x17c/0x3b8
  group_sched_out.part.0+0x5c/0x208
  __perf_event_disable+0x15c/0x210
  event_function+0xe0/0x230
  remote_function+0xb4/0xe8
  generic_exec_single+0x160/0x268
  smp_call_function_single+0x20c/0x2a0
  event_function_call+0x20c/0x220
  _perf_event_disable+0x5c/0x90
  perf_event_for_each_child+0x58/0xc0
  _perf_ioctl+0x34c/0x1250
  perf_ioctl+0x64/0x98
 ...

Use spinlock to replace mutex to control driver data access to one at a
time. The function copy_to_user() may sleep, it cannot be in a spinlock
context, so we can't simply replace it in smb_read(). But we can ensure
that only one user gets the SMB device fd by smb_open(), so remove the
locks from smb_read() and buffer synchronization is guaranteed by the user.

Fixes: 06f5c29 ("drivers/coresight: Add UltraSoc System Memory Buffer driver")
Signed-off-by: Junhao He <[email protected]>
Reviewed-by: James Clark <[email protected]>
Signed-off-by: Suzuki K Poulose <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit fe57575 ]

The `cgrp_local_storage` test triggers a kernel panic like:

  # ./test_progs -t cgrp_local_storage
  Can't find bpf_testmod.ko kernel module: -2
  WARNING! Selftests relying on bpf_testmod.ko will be skipped.
  [  550.930632] CPU 1 Unable to handle kernel paging request at virtual address 0000000000000080, era == ffff80000200be34, ra == ffff80000200be00
  [  550.931781] Oops[#1]:
  [  550.931966] CPU: 1 PID: 1303 Comm: test_progs Not tainted 6.7.0-rc2-loong-devel-g2f56bb0d2327 grate-driver#35 a896aca3f4164f09cc346f89f2e09832e07be5f6
  [  550.932215] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022
  [  550.932403] pc ffff80000200be34 ra ffff80000200be00 tp 9000000108350000 sp 9000000108353dc0
  [  550.932545] a0 0000000000000000 a1 0000000000000517 a2 0000000000000118 a3 00007ffffbb15558
  [  550.932682] a4 00007ffffbb15620 a5 90000001004e7700 a6 0000000000000021 a7 0000000000000118
  [  550.932824] t0 ffff80000200bdc0 t1 0000000000000517 t2 0000000000000517 t3 00007ffff1c06ee0
  [  550.932961] t4 0000555578ae04d0 t5 fffffffffffffff8 t6 0000000000000004 t7 0000000000000020
  [  550.933097] t8 0000000000000040 u0 00000000000007b8 s9 9000000108353e00 s0 90000001004e7700
  [  550.933241] s1 9000000004005000 s2 0000000000000001 s3 0000000000000000 s4 0000555555eb2ec8
  [  550.933379] s5 00007ffffbb15bb8 s6 00007ffff1dafd60 s7 000055555663f610 s8 00007ffff1db0050
  [  550.933520]    ra: ffff80000200be00 bpf_prog_98f1b9e767be2a84_on_enter+0x40/0x200
  [  550.933911]   ERA: ffff80000200be34 bpf_prog_98f1b9e767be2a84_on_enter+0x74/0x200
  [  550.934105]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
  [  550.934596]  PRMD: 00000004 (PPLV0 +PIE -PWE)
  [  550.934712]  EUEN: 00000003 (+FPE +SXE -ASXE -BTE)
  [  550.934836]  ECFG: 00071c1c (LIE=2-4,10-12 VS=7)
  [  550.934976] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)
  [  550.935097]  BADV: 0000000000000080
  [  550.935181]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)
  [  550.935291] Modules linked in:
  [  550.935391] Process test_progs (pid: 1303, threadinfo=000000006c3b1c41, task=0000000061f84a55)
  [  550.935643] Stack : 00007ffffbb15bb8 0000555555eb2ec8 0000000000000000 0000000000000001
  [  550.935844]         9000000004005000 ffff80001b864000 00007ffffbb15450 90000000029aa034
  [  550.935990]         0000000000000000 9000000108353ec0 0000000000000118 d07d9dfb09721a09
  [  550.936175]         0000000000000001 0000000000000000 9000000108353ec0 0000000000000118
  [  550.936314]         9000000101d46ad0 900000000290abf0 000055555663f610 0000000000000000
  [  550.936479]         0000000000000003 9000000108353ec0 00007ffffbb15450 90000000029d7288
  [  550.936635]         00007ffff1dafd60 000055555663f610 0000000000000000 0000000000000003
  [  550.936779]         9000000108353ec0 90000000035dd1f0 00007ffff1dafd58 9000000002841c5c
  [  550.936939]         0000000000000119 0000555555eea5a8 00007ffff1d78780 00007ffffbb153e0
  [  550.937083]         ffffffffffffffda 00007ffffbb15518 0000000000000040 00007ffffbb15558
  [  550.937224]         ...
  [  550.937299] Call Trace:
  [  550.937521] [<ffff80000200be34>] bpf_prog_98f1b9e767be2a84_on_enter+0x74/0x200
  [  550.937910] [<90000000029aa034>] bpf_trace_run2+0x90/0x154
  [  550.938105] [<900000000290abf0>] syscall_trace_enter.isra.0+0x1cc/0x200
  [  550.938224] [<90000000035dd1f0>] do_syscall+0x48/0x94
  [  550.938319] [<9000000002841c5c>] handle_syscall+0xbc/0x158
  [  550.938477]
  [  550.938607] Code: 580009ae  50016000  262402e4 <28c20085> 14092084  03a00084  16000024  03240084  00150006
  [  550.938851]
  [  550.939021] ---[ end trace 0000000000000000 ]---

Further investigation shows that this panic is triggered by memory
load operations:

  ptr = bpf_cgrp_storage_get(&map_a, task->cgroups->dfl_cgrp, 0,
                             BPF_LOCAL_STORAGE_GET_F_CREATE);

The expression `task->cgroups->dfl_cgrp` involves two memory load.
Since the field offset fits in imm12 or imm14, we use ldd or ldptrd
instructions. But both instructions have the side effect that it will
signed-extended the imm operand. Finally, we got the wrong addresses
and panics is inevitable.

Use a generic ldxd instruction to avoid this kind of issues.

With this change, we have:

  # ./test_progs -t cgrp_local_storage
  Can't find bpf_testmod.ko kernel module: -2
  WARNING! Selftests relying on bpf_testmod.ko will be skipped.
  test_cgrp_local_storage:PASS:join_cgroup /cgrp_local_storage 0 nsec
  grate-driver#48/1    cgrp_local_storage/tp_btf:OK
  test_attach_cgroup:PASS:skel_open 0 nsec
  test_attach_cgroup:PASS:prog_attach 0 nsec
  test_attach_cgroup:PASS:prog_attach 0 nsec
  libbpf: prog 'update_cookie_tracing': failed to attach: ERROR: strerror_r(-524)=22
  test_attach_cgroup:FAIL:prog_attach unexpected error: -524
  grate-driver#48/2    cgrp_local_storage/attach_cgroup:FAIL
  test_recursion:PASS:skel_open_and_load 0 nsec
  libbpf: prog 'on_lookup': failed to attach: ERROR: strerror_r(-524)=22
  libbpf: prog 'on_lookup': failed to auto-attach: -524
  test_recursion:FAIL:skel_attach unexpected error: -524 (errno 524)
  grate-driver#48/3    cgrp_local_storage/recursion:FAIL
  grate-driver#48/4    cgrp_local_storage/negative:OK
  grate-driver#48/5    cgrp_local_storage/cgroup_iter_sleepable:OK
  test_yes_rcu_lock:PASS:skel_open 0 nsec
  test_yes_rcu_lock:PASS:skel_load 0 nsec
  libbpf: prog 'yes_rcu_lock': failed to attach: ERROR: strerror_r(-524)=22
  libbpf: prog 'yes_rcu_lock': failed to auto-attach: -524
  test_yes_rcu_lock:FAIL:skel_attach unexpected error: -524 (errno 524)
  grate-driver#48/6    cgrp_local_storage/yes_rcu_lock:FAIL
  grate-driver#48/7    cgrp_local_storage/no_rcu_lock:OK
  grate-driver#48      cgrp_local_storage:FAIL

  All error logs:
  test_cgrp_local_storage:PASS:join_cgroup /cgrp_local_storage 0 nsec
  test_attach_cgroup:PASS:skel_open 0 nsec
  test_attach_cgroup:PASS:prog_attach 0 nsec
  test_attach_cgroup:PASS:prog_attach 0 nsec
  libbpf: prog 'update_cookie_tracing': failed to attach: ERROR: strerror_r(-524)=22
  test_attach_cgroup:FAIL:prog_attach unexpected error: -524
  grate-driver#48/2    cgrp_local_storage/attach_cgroup:FAIL
  test_recursion:PASS:skel_open_and_load 0 nsec
  libbpf: prog 'on_lookup': failed to attach: ERROR: strerror_r(-524)=22
  libbpf: prog 'on_lookup': failed to auto-attach: -524
  test_recursion:FAIL:skel_attach unexpected error: -524 (errno 524)
  grate-driver#48/3    cgrp_local_storage/recursion:FAIL
  test_yes_rcu_lock:PASS:skel_open 0 nsec
  test_yes_rcu_lock:PASS:skel_load 0 nsec
  libbpf: prog 'yes_rcu_lock': failed to attach: ERROR: strerror_r(-524)=22
  libbpf: prog 'yes_rcu_lock': failed to auto-attach: -524
  test_yes_rcu_lock:FAIL:skel_attach unexpected error: -524 (errno 524)
  grate-driver#48/6    cgrp_local_storage/yes_rcu_lock:FAIL
  grate-driver#48      cgrp_local_storage:FAIL
  Summary: 0/4 PASSED, 0 SKIPPED, 1 FAILED

No panics any more (The test still failed because lack of BPF trampoline
which I am actively working on).

Fixes: 5dc6155 ("LoongArch: Add BPF JIT support")
Signed-off-by: Hengqi Chen <[email protected]>
Signed-off-by: Huacai Chen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 7, 2024
[ Upstream commit 5d47ec2 ]

The `cls_redirect` test triggers a kernel panic like:

  # ./test_progs -t cls_redirect
  Can't find bpf_testmod.ko kernel module: -2
  WARNING! Selftests relying on bpf_testmod.ko will be skipped.
  [   30.938489] CPU 3 Unable to handle kernel paging request at virtual address fffffffffd814de0, era == ffff800002009fb8, ra == ffff800002009f9c
  [   30.939331] Oops[#1]:
  [   30.939513] CPU: 3 PID: 1260 Comm: test_progs Not tainted 6.7.0-rc2-loong-devel-g2f56bb0d2327 grate-driver#35 a896aca3f4164f09cc346f89f2e09832e07be5f6
  [   30.939732] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022
  [   30.939901] pc ffff800002009fb8 ra ffff800002009f9c tp 9000000104da4000 sp 9000000104da7ab0
  [   30.940038] a0 fffffffffd814de0 a1 9000000104da7a68 a2 0000000000000000 a3 9000000104da7c10
  [   30.940183] a4 9000000104da7c14 a5 0000000000000002 a6 0000000000000021 a7 00005555904d7f90
  [   30.940321] t0 0000000000000110 t1 0000000000000000 t2 fffffffffd814de0 t3 0004c4b400000000
  [   30.940456] t4 ffffffffffffffff t5 00000000c3f63600 t6 0000000000000000 t7 0000000000000000
  [   30.940590] t8 000000000006d803 u0 0000000000000020 s9 9000000104da7b10 s0 900000010504c200
  [   30.940727] s1 fffffffffd814de0 s2 900000010504c200 s3 9000000104da7c10 s4 9000000104da7ad0
  [   30.940866] s5 0000000000000000 s6 90000000030e65bc s7 9000000104da7b44 s8 90000000044f6fc0
  [   30.941015]    ra: ffff800002009f9c bpf_prog_846803e5ae81417f_cls_redirect+0xa0/0x590
  [   30.941535]   ERA: ffff800002009fb8 bpf_prog_846803e5ae81417f_cls_redirect+0xbc/0x590
  [   30.941696]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
  [   30.942224]  PRMD: 00000004 (PPLV0 +PIE -PWE)
  [   30.942330]  EUEN: 00000003 (+FPE +SXE -ASXE -BTE)
  [   30.942453]  ECFG: 00071c1c (LIE=2-4,10-12 VS=7)
  [   30.942612] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)
  [   30.942764]  BADV: fffffffffd814de0
  [   30.942854]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)
  [   30.942974] Modules linked in:
  [   30.943078] Process test_progs (pid: 1260, threadinfo=00000000ce303226, task=000000007d10bb76)
  [   30.943306] Stack : 900000010a064000 90000000044f6fc0 9000000104da7b48 0000000000000000
  [   30.943495]         0000000000000000 9000000104da7c14 9000000104da7c10 900000010504c200
  [   30.943626]         0000000000000001 ffff80001b88c000 9000000104da7b70 90000000030e6668
  [   30.943785]         0000000000000000 9000000104da7b58 ffff80001b88c048 9000000003d05000
  [   30.943936]         900000000303ac88 0000000000000000 0000000000000000 9000000104da7b70
  [   30.944091]         0000000000000000 0000000000000001 0000000731eeab00 0000000000000000
  [   30.944245]         ffff80001b88c000 0000000000000000 0000000000000000 54b99959429f83b8
  [   30.944402]         ffff80001b88c000 90000000044f6fc0 9000000101d70000 ffff80001b88c000
  [   30.944538]         000000000000005a 900000010504c200 900000010a064000 900000010a067000
  [   30.944697]         9000000104da7d88 0000000000000000 9000000003d05000 90000000030e794c
  [   30.944852]         ...
  [   30.944924] Call Trace:
  [   30.945120] [<ffff800002009fb8>] bpf_prog_846803e5ae81417f_cls_redirect+0xbc/0x590
  [   30.945650] [<90000000030e6668>] bpf_test_run+0x1ec/0x2f8
  [   30.945958] [<90000000030e794c>] bpf_prog_test_run_skb+0x31c/0x684
  [   30.946065] [<90000000026d4f68>] __sys_bpf+0x678/0x2724
  [   30.946159] [<90000000026d7288>] sys_bpf+0x20/0x2c
  [   30.946253] [<90000000032dd224>] do_syscall+0x7c/0x94
  [   30.946343] [<9000000002541c5c>] handle_syscall+0xbc/0x158
  [   30.946492]
  [   30.946549] Code: 0015030e  5c0009c0  5001d000 <28c00304> 02c00484  29c00304  00150009  2a42d2e4  0280200d
  [   30.946793]
  [   30.946971] ---[ end trace 0000000000000000 ]---
  [   32.093225] Kernel panic - not syncing: Fatal exception in interrupt
  [   32.093526] Kernel relocated by 0x2320000
  [   32.093630]  .text @ 0x9000000002520000
  [   32.093725]  .data @ 0x9000000003400000
  [   32.093792]  .bss  @ 0x9000000004413200
  [   34.971998] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

This is because we signed-extend function return values. When subprog
mode is enabled, we have:

  cls_redirect()
    -> get_global_metrics() returns pcpu ptr 0xfffffefffc00b480

The pointer returned is later signed-extended to 0xfffffffffc00b480 at
`BPF_JMP | BPF_EXIT`. During BPF prog run, this triggers unhandled page
fault and a kernel panic.

Drop the unnecessary signed-extension on return values like other
architectures do.

With this change, we have:

  # ./test_progs -t cls_redirect
  Can't find bpf_testmod.ko kernel module: -2
  WARNING! Selftests relying on bpf_testmod.ko will be skipped.
  grate-driver#51/1    cls_redirect/cls_redirect_inlined:OK
  grate-driver#51/2    cls_redirect/IPv4 TCP accept unknown (no hops, flags: SYN):OK
  grate-driver#51/3    cls_redirect/IPv6 TCP accept unknown (no hops, flags: SYN):OK
  grate-driver#51/4    cls_redirect/IPv4 TCP accept unknown (no hops, flags: ACK):OK
  grate-driver#51/5    cls_redirect/IPv6 TCP accept unknown (no hops, flags: ACK):OK
  grate-driver#51/6    cls_redirect/IPv4 TCP forward unknown (one hop, flags: ACK):OK
  grate-driver#51/7    cls_redirect/IPv6 TCP forward unknown (one hop, flags: ACK):OK
  grate-driver#51/8    cls_redirect/IPv4 TCP accept known (one hop, flags: ACK):OK
  grate-driver#51/9    cls_redirect/IPv6 TCP accept known (one hop, flags: ACK):OK
  grate-driver#51/10   cls_redirect/IPv4 UDP accept unknown (no hops, flags: none):OK
  grate-driver#51/11   cls_redirect/IPv6 UDP accept unknown (no hops, flags: none):OK
  grate-driver#51/12   cls_redirect/IPv4 UDP forward unknown (one hop, flags: none):OK
  grate-driver#51/13   cls_redirect/IPv6 UDP forward unknown (one hop, flags: none):OK
  grate-driver#51/14   cls_redirect/IPv4 UDP accept known (one hop, flags: none):OK
  grate-driver#51/15   cls_redirect/IPv6 UDP accept known (one hop, flags: none):OK
  grate-driver#51/16   cls_redirect/cls_redirect_subprogs:OK
  grate-driver#51/17   cls_redirect/IPv4 TCP accept unknown (no hops, flags: SYN):OK
  grate-driver#51/18   cls_redirect/IPv6 TCP accept unknown (no hops, flags: SYN):OK
  grate-driver#51/19   cls_redirect/IPv4 TCP accept unknown (no hops, flags: ACK):OK
  grate-driver#51/20   cls_redirect/IPv6 TCP accept unknown (no hops, flags: ACK):OK
  grate-driver#51/21   cls_redirect/IPv4 TCP forward unknown (one hop, flags: ACK):OK
  grate-driver#51/22   cls_redirect/IPv6 TCP forward unknown (one hop, flags: ACK):OK
  grate-driver#51/23   cls_redirect/IPv4 TCP accept known (one hop, flags: ACK):OK
  grate-driver#51/24   cls_redirect/IPv6 TCP accept known (one hop, flags: ACK):OK
  grate-driver#51/25   cls_redirect/IPv4 UDP accept unknown (no hops, flags: none):OK
  grate-driver#51/26   cls_redirect/IPv6 UDP accept unknown (no hops, flags: none):OK
  grate-driver#51/27   cls_redirect/IPv4 UDP forward unknown (one hop, flags: none):OK
  grate-driver#51/28   cls_redirect/IPv6 UDP forward unknown (one hop, flags: none):OK
  grate-driver#51/29   cls_redirect/IPv4 UDP accept known (one hop, flags: none):OK
  grate-driver#51/30   cls_redirect/IPv6 UDP accept known (one hop, flags: none):OK
  grate-driver#51/31   cls_redirect/cls_redirect_dynptr:OK
  grate-driver#51/32   cls_redirect/IPv4 TCP accept unknown (no hops, flags: SYN):OK
  grate-driver#51/33   cls_redirect/IPv6 TCP accept unknown (no hops, flags: SYN):OK
  grate-driver#51/34   cls_redirect/IPv4 TCP accept unknown (no hops, flags: ACK):OK
  grate-driver#51/35   cls_redirect/IPv6 TCP accept unknown (no hops, flags: ACK):OK
  grate-driver#51/36   cls_redirect/IPv4 TCP forward unknown (one hop, flags: ACK):OK
  grate-driver#51/37   cls_redirect/IPv6 TCP forward unknown (one hop, flags: ACK):OK
  grate-driver#51/38   cls_redirect/IPv4 TCP accept known (one hop, flags: ACK):OK
  grate-driver#51/39   cls_redirect/IPv6 TCP accept known (one hop, flags: ACK):OK
  grate-driver#51/40   cls_redirect/IPv4 UDP accept unknown (no hops, flags: none):OK
  grate-driver#51/41   cls_redirect/IPv6 UDP accept unknown (no hops, flags: none):OK
  grate-driver#51/42   cls_redirect/IPv4 UDP forward unknown (one hop, flags: none):OK
  grate-driver#51/43   cls_redirect/IPv6 UDP forward unknown (one hop, flags: none):OK
  grate-driver#51/44   cls_redirect/IPv4 UDP accept known (one hop, flags: none):OK
  grate-driver#51/45   cls_redirect/IPv6 UDP accept known (one hop, flags: none):OK
  grate-driver#51      cls_redirect:OK
  Summary: 1/45 PASSED, 0 SKIPPED, 0 FAILED

Fixes: 5dc6155 ("LoongArch: Add BPF JIT support")
Signed-off-by: Hengqi Chen <[email protected]>
Signed-off-by: Huacai Chen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
…o HEAD

KVM/riscv changes for 6.8 part #1

- KVM_GET_REG_LIST improvement for vector registers
- Generate ISA extension reg_list using macros in get-reg-list selftest
- Steal time account support along with selftest
okias pushed a commit that referenced this pull request Jan 11, 2024
…te_call_indirect

kprobe_emulate_call_indirect currently uses int3_emulate_call to emulate
indirect calls. However, int3_emulate_call always assumes the size of
the call to be 5 bytes when calculating the return address. This is
incorrect for register-based indirect calls in x86, which can be either
2 or 3 bytes depending on whether REX prefix is used. At kprobe runtime,
the incorrect return address causes control flow to land onto the wrong
place after return -- possibly not a valid instruction boundary. This
can lead to a panic like the following:

[    7.308204][    C1] BUG: unable to handle page fault for address: 000000000002b4d8
[    7.308883][    C1] #PF: supervisor read access in kernel mode
[    7.309168][    C1] #PF: error_code(0x0000) - not-present page
[    7.309461][    C1] PGD 0 P4D 0
[    7.309652][    C1] Oops: 0000 [#1] SMP
[    7.309929][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.7.0-rc5-trace-for-next #6
[    7.310397][    C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
[    7.311068][    C1] RIP: 0010:__common_interrupt+0x52/0xc0
[    7.311349][    C1] Code: 01 00 4d 85 f6 74 39 49 81 fe 00 f0 ff ff 77 30 4c 89 f7 4d 8b 5e 68 41 ba 91 76 d8 42 45 03 53 fc 74 02 0f 0b cc ff d3 65 48 <8b> 05 30 c7 ff 7e 65 4c 89 3d 28 c7 ff 7e 5b 41 5c 41 5e 41 5f c3
[    7.312512][    C1] RSP: 0018:ffffc900000e0fd0 EFLAGS: 00010046
[    7.312899][    C1] RAX: 0000000000000001 RBX: 0000000000000023 RCX: 0000000000000001
[    7.313334][    C1] RDX: 00000000000003cd RSI: 0000000000000001 RDI: ffff888100d302a4
[    7.313702][    C1] RBP: 0000000000000001 R08: 0ef439818636191f R09: b1621ff338a3b482
[    7.314146][    C1] R10: ffffffff81e5127b R11: ffffffff81059810 R12: 0000000000000023
[    7.314509][    C1] R13: 0000000000000000 R14: ffff888100d30200 R15: 0000000000000000
[    7.314951][    C1] FS:  0000000000000000(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000
[    7.315396][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.315691][    C1] CR2: 000000000002b4d8 CR3: 0000000003028003 CR4: 0000000000370ef0
[    7.316153][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    7.316508][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    7.316948][    C1] Call Trace:
[    7.317123][    C1]  <IRQ>
[    7.317279][    C1]  ? __die_body+0x64/0xb0
[    7.317482][    C1]  ? page_fault_oops+0x248/0x370
[    7.317712][    C1]  ? __wake_up+0x96/0xb0
[    7.317964][    C1]  ? exc_page_fault+0x62/0x130
[    7.318211][    C1]  ? asm_exc_page_fault+0x22/0x30
[    7.318444][    C1]  ? __cfi_native_send_call_func_single_ipi+0x10/0x10
[    7.318860][    C1]  ? default_idle+0xb/0x10
[    7.319063][    C1]  ? __common_interrupt+0x52/0xc0
[    7.319330][    C1]  common_interrupt+0x78/0x90
[    7.319546][    C1]  </IRQ>
[    7.319679][    C1]  <TASK>
[    7.319854][    C1]  asm_common_interrupt+0x22/0x40
[    7.320082][    C1] RIP: 0010:default_idle+0xb/0x10
[    7.320309][    C1] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 66 90 0f 00 2d 09 b9 3b 00 fb f4 <fa> c3 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 e9
[    7.321449][    C1] RSP: 0018:ffffc9000009bee8 EFLAGS: 00000256
[    7.321808][    C1] RAX: ffff88813bca8b68 RBX: 0000000000000001 RCX: 000000000001ef0c
[    7.322227][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000001ef0c
[    7.322656][    C1] RBP: ffffc9000009bef8 R08: 8000000000000000 R09: 00000000000008c2
[    7.323083][    C1] R10: 0000000000000000 R11: ffffffff81058e70 R12: 0000000000000000
[    7.323530][    C1] R13: ffff8881002b30c0 R14: 0000000000000000 R15: 0000000000000000
[    7.323948][    C1]  ? __cfi_lapic_next_deadline+0x10/0x10
[    7.324239][    C1]  default_idle_call+0x31/0x50
[    7.324464][    C1]  do_idle+0xd3/0x240
[    7.324690][    C1]  cpu_startup_entry+0x25/0x30
[    7.324983][    C1]  start_secondary+0xb4/0xc0
[    7.325217][    C1]  secondary_startup_64_no_verify+0x179/0x17b
[    7.325498][    C1]  </TASK>
[    7.325641][    C1] Modules linked in:
[    7.325906][    C1] CR2: 000000000002b4d8
[    7.326104][    C1] ---[ end trace 0000000000000000 ]---
[    7.326354][    C1] RIP: 0010:__common_interrupt+0x52/0xc0
[    7.326614][    C1] Code: 01 00 4d 85 f6 74 39 49 81 fe 00 f0 ff ff 77 30 4c 89 f7 4d 8b 5e 68 41 ba 91 76 d8 42 45 03 53 fc 74 02 0f 0b cc ff d3 65 48 <8b> 05 30 c7 ff 7e 65 4c 89 3d 28 c7 ff 7e 5b 41 5c 41 5e 41 5f c3
[    7.327570][    C1] RSP: 0018:ffffc900000e0fd0 EFLAGS: 00010046
[    7.327910][    C1] RAX: 0000000000000001 RBX: 0000000000000023 RCX: 0000000000000001
[    7.328273][    C1] RDX: 00000000000003cd RSI: 0000000000000001 RDI: ffff888100d302a4
[    7.328632][    C1] RBP: 0000000000000001 R08: 0ef439818636191f R09: b1621ff338a3b482
[    7.329223][    C1] R10: ffffffff81e5127b R11: ffffffff81059810 R12: 0000000000000023
[    7.329780][    C1] R13: 0000000000000000 R14: ffff888100d30200 R15: 0000000000000000
[    7.330193][    C1] FS:  0000000000000000(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000
[    7.330632][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.331050][    C1] CR2: 000000000002b4d8 CR3: 0000000003028003 CR4: 0000000000370ef0
[    7.331454][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    7.331854][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    7.332236][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[    7.332730][    C1] Kernel Offset: disabled
[    7.333044][    C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

The relevant assembly code is (from objdump, faulting address
highlighted):

ffffffff8102ed9d:       41 ff d3                  call   *%r11
ffffffff8102eda0:       65 48 <8b> 05 30 c7 ff    mov    %gs:0x7effc730(%rip),%rax

The emulation incorrectly sets the return address to be ffffffff8102ed9d
+ 0x5 = ffffffff8102eda2, which is the 8b byte in the middle of the next
mov. This in turn causes incorrect subsequent instruction decoding and
eventually triggers the page fault above.

Instead of invoking int3_emulate_call, perform push and jmp emulation
directly in kprobe_emulate_call_indirect. At this point we can obtain
the instruction size from p->ainsn.size so that we can calculate the
correct return address.

Link: https://lore.kernel.org/all/[email protected]/

Fixes: 6256e66 ("x86/kprobes: Use int3 instead of debug trap for single-step")
Cc: [email protected]
Signed-off-by: Jinghao Jia <[email protected]>
Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
The lock_class_key is still registered and can be found in
lock_keys_hash hlist after subsys_private is freed in error
handler path.A task who iterate over the lock_keys_hash
later may cause use-after-free.So fix that up and unregister
the lock_class_key before kfree(cp).

On our platform, a driver fails to kset_register because of
creating duplicate filename '/class/xxx'.With Kasan enabled,
it prints a invalid-access bug report.

KASAN bug report:

BUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc
Write of size 8 at addr 15ffff808b8c0368 by task modprobe/252
Pointer tag: [15], memory tag: [fe]

CPU: 7 PID: 252 Comm: modprobe Tainted: G        W
 6.6.0-mainline-maybe-dirty #1

Call trace:
dump_backtrace+0x1b0/0x1e4
show_stack+0x2c/0x40
dump_stack_lvl+0xac/0xe0
print_report+0x18c/0x4d8
kasan_report+0xe8/0x148
__hwasan_store8_noabort+0x88/0x98
lockdep_register_key+0x19c/0x1bc
class_register+0x94/0x1ec
init_module+0xbc/0xf48 [rfkill]
do_one_initcall+0x17c/0x72c
do_init_module+0x19c/0x3f8
...
Memory state around the buggy address:
ffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a
ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe
>ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
                                     ^
ffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03

As CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access
not use-after-free here.In this case, modprobe is manipulating
the corrupted lock_keys_hash hlish where lock_class_key is already
freed before.

It's worth noting that this only can happen if lockdep is enabled,
which is not true for normal system.

Fixes: dcfbb67 ("driver core: class: use lock_class_key already present in struct subsys_private")
Cc: stable <[email protected]>
Signed-off-by: Jing Xia <[email protected]>
Signed-off-by: Xuewen Yan <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
The btrfs CI reported a lockdep warning as follows by running generic
generic/129.

   WARNING: possible circular locking dependency detected
   6.7.0-rc5+ #1 Not tainted
   ------------------------------------------------------
   kworker/u5:5/793427 is trying to acquire lock:
   ffff88813256d028 (&cache->lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130
   but task is already holding lock:
   ffff88810a23a318 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130
   which lock already depends on the new lock.

   the existing dependency chain (in reverse order) is:
   -> #1 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}:
   ...
   -> #0 (&cache->lock){+.+.}-{2:2}:
   ...

This is because we take fs_info->zone_active_bgs_lock after a block_group's
lock in btrfs_zone_activate() while doing the opposite in other places.

Fix the issue by expanding the fs_info->zone_active_bgs_lock's critical
section and taking it before a block_group's lock.

Fixes: a7e1ac7 ("btrfs: zoned: reserve zones for an active metadata/system block group")
CC: [email protected] # 6.6
Signed-off-by: Naohiro Aota <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
act_ct adds skb->users before defragmentation. If frags arrive in order,
the last frag's reference is reset in:

  inet_frag_reasm_prepare
    skb_morph

which is not straightforward.

However when frags arrive out of order, nobody unref the last frag, and
all frags are leaked. The situation is even worse, as initiating packet
capture can lead to a crash[0] when skb has been cloned and shared at the
same time.

Fix the issue by removing skb_get() before defragmentation. act_ct
returns TC_ACT_CONSUMED when defrag failed or in progress.

[0]:
[  843.804823] ------------[ cut here ]------------
[  843.809659] kernel BUG at net/core/skbuff.c:2091!
[  843.814516] invalid opcode: 0000 [#1] PREEMPT SMP
[  843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2
[  843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022
[  843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300
[  843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89
[  843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202
[  843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820
[  843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00
[  843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000
[  843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880
[  843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900
[  843.871680] FS:  0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000
[  843.876242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0
[  843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  843.894229] PKRU: 55555554
[  843.898539] Call Trace:
[  843.902772]  <IRQ>
[  843.906922]  ? __die_body+0x1e/0x60
[  843.911032]  ? die+0x3c/0x60
[  843.915037]  ? do_trap+0xe2/0x110
[  843.918911]  ? pskb_expand_head+0x2ac/0x300
[  843.922687]  ? do_error_trap+0x65/0x80
[  843.926342]  ? pskb_expand_head+0x2ac/0x300
[  843.929905]  ? exc_invalid_op+0x50/0x60
[  843.933398]  ? pskb_expand_head+0x2ac/0x300
[  843.936835]  ? asm_exc_invalid_op+0x1a/0x20
[  843.940226]  ? pskb_expand_head+0x2ac/0x300
[  843.943580]  inet_frag_reasm_prepare+0xd1/0x240
[  843.946904]  ip_defrag+0x5d4/0x870
[  843.950132]  nf_ct_handle_fragments+0xec/0x130 [nf_conntrack]
[  843.953334]  tcf_ct_act+0x252/0xd90 [act_ct]
[  843.956473]  ? tcf_mirred_act+0x516/0x5a0 [act_mirred]
[  843.959657]  tcf_action_exec+0xa1/0x160
[  843.962823]  fl_classify+0x1db/0x1f0 [cls_flower]
[  843.966010]  ? skb_clone+0x53/0xc0
[  843.969173]  tcf_classify+0x24d/0x420
[  843.972333]  tc_run+0x8f/0xf0
[  843.975465]  __netif_receive_skb_core+0x67a/0x1080
[  843.978634]  ? dev_gro_receive+0x249/0x730
[  843.981759]  __netif_receive_skb_list_core+0x12d/0x260
[  843.984869]  netif_receive_skb_list_internal+0x1cb/0x2f0
[  843.987957]  ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core]
[  843.991170]  napi_complete_done+0x72/0x1a0
[  843.994305]  mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core]
[  843.997501]  __napi_poll+0x25/0x1b0
[  844.000627]  net_rx_action+0x256/0x330
[  844.003705]  __do_softirq+0xb3/0x29b
[  844.006718]  irq_exit_rcu+0x9e/0xc0
[  844.009672]  common_interrupt+0x86/0xa0
[  844.012537]  </IRQ>
[  844.015285]  <TASK>
[  844.017937]  asm_common_interrupt+0x26/0x40
[  844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20
[  844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb f4 <fa> c3 0f 1f 00 89 fa ec 48 8b 05 ee 88 ed 00 a9 00 00 00 80 75 11
[  844.028900] RSP: 0018:ffffc90000533e70 EFLAGS: 00000246
[  844.031725] RAX: 0000000000004000 RBX: 0000000000000001 RCX: 0000000000000000
[  844.034553] RDX: ffff889ffffc0000 RSI: ffffffff828b7f20 RDI: ffff88a090f45c64
[  844.037368] RBP: ffff88a0901a2800 R08: ffff88a090f45c00 R09: 00000000000317c0
[  844.040155] R10: 00ec812281150475 R11: ffff889fffff0e04 R12: ffffffff828b7fa0
[  844.042962] R13: ffffffff828b7f20 R14: 0000000000000001 R15: 0000000000000000
[  844.045819]  acpi_idle_enter+0x7b/0xc0
[  844.048621]  cpuidle_enter_state+0x7f/0x430
[  844.051451]  cpuidle_enter+0x2d/0x40
[  844.054279]  do_idle+0x1d4/0x240
[  844.057096]  cpu_startup_entry+0x2a/0x30
[  844.059934]  start_secondary+0x104/0x130
[  844.062787]  secondary_startup_64_no_verify+0x16b/0x16b
[  844.065674]  </TASK>

Fixes: b57dc7c ("net/sched: Introduce action ct")
Signed-off-by: Tao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
Use raw_spinlock functions to avoid this warning:

 =============================
 [ BUG: Invalid wait context ]
 6.7.0-rc3-64bit+ #1032 Tainted: G        W
 -----------------------------
 swapper/0/0 is trying to lock:
 0000000041c1b250 (pdc_lock){....}-{3:3}, at: pdc_iodc_print+0x64/0x180
 other info that might help us debug this:
 context-{2:2}
 3 locks held by swapper/0/0:
  #0: 0000000041c22060 (console_lock){....}-{0:0}, at: vprintk_emit+0x1ac/0x4a8
  #1: 0000000041c22098 (console_srcu){....}-{0:0}, at: rcu_lock_acquire+0x0/0x68
  #2: 0000000041c21ea8 (console_owner){-...}-{0:0}, at: console_flush_all+0x304/0x638
 stack backtrace:
 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W          6.7.0-rc3-64bit+ #1032
 Hardware name: 9000/785/C3700
 Backtrace:
  [<000000004030b544>] show_stack+0x8c/0xa8
  [<00000000412cb768>] dump_stack_lvl+0x148/0x1c8
  [<00000000412cb81c>] dump_stack+0x34/0x48
  [<00000000403d4324>] __lock_acquire+0x674/0x1cf8
  [<00000000403d68d4>] lock_acquire+0x36c/0x3a8
  [<00000000412cfba0>] _raw_spin_lock_irqsave+0xa0/0xe8
  [<000000004031121c>] pdc_iodc_print+0x64/0x180
  [<000000004031d0d8>] pdc_console_write+0x60/0x98
  [<00000000403e76c4>] console_flush_all+0x414/0x638
  [<00000000403e79e4>] console_unlock+0xfc/0x2a8
  [<00000000403e95a8>] vprintk_emit+0x490/0x4a8
  [<00000000403e95fc>] vprintk_default+0x3c/0x50
  [<00000000403e9c74>] vprintk+0x94/0xb8
  [<0000000041296cd0>] _printk+0x58/0x70
  [<000000004125a624>] report_bug+0x1f4/0x2b8
  [<000000004030bcac>] handle_interruption+0x3c4/0xbd8
  [<000000004030307c>] intr_check_sig+0x0/0x3c

Signed-off-by: Helge Deller <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
======================================================
WARNING: possible circular locking dependency detected
6.5.0-kfd-fkuehlin #276 Not tainted
------------------------------------------------------
kworker/8:2/2676 is trying to acquire lock:
ffff9435aae95c88 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}, at: __flush_work+0x52/0x550

but task is already holding lock:
ffff9435cd8e1720 (&svms->lock){+.+.}-{3:3}, at: svm_range_deferred_list_work+0xe8/0x340 [amdgpu]

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 (&svms->lock){+.+.}-{3:3}:
       __mutex_lock+0x97/0xd30
       kfd_ioctl_alloc_memory_of_gpu+0x6d/0x3c0 [amdgpu]
       kfd_ioctl+0x1b2/0x5d0 [amdgpu]
       __x64_sys_ioctl+0x86/0xc0
       do_syscall_64+0x39/0x80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #1 (&mm->mmap_lock){++++}-{3:3}:
       down_read+0x42/0x160
       svm_range_evict_svm_bo_worker+0x8b/0x340 [amdgpu]
       process_one_work+0x27a/0x540
       worker_thread+0x53/0x3e0
       kthread+0xeb/0x120
       ret_from_fork+0x31/0x50
       ret_from_fork_asm+0x11/0x20

-> #0 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}:
       __lock_acquire+0x1426/0x2200
       lock_acquire+0xc1/0x2b0
       __flush_work+0x80/0x550
       __cancel_work_timer+0x109/0x190
       svm_range_bo_release+0xdc/0x1c0 [amdgpu]
       svm_range_free+0x175/0x180 [amdgpu]
       svm_range_deferred_list_work+0x15d/0x340 [amdgpu]
       process_one_work+0x27a/0x540
       worker_thread+0x53/0x3e0
       kthread+0xeb/0x120
       ret_from_fork+0x31/0x50
       ret_from_fork_asm+0x11/0x20

other info that might help us debug this:

Chain exists of:
  (work_completion)(&svm_bo->eviction_work) --> &mm->mmap_lock --> &svms->lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&svms->lock);
                               lock(&mm->mmap_lock);
                               lock(&svms->lock);
  lock((work_completion)(&svm_bo->eviction_work));

I believe this cannot really lead to a deadlock in practice, because
svm_range_evict_svm_bo_worker only takes the mmap_read_lock if the BO
refcount is non-0. That means it's impossible that svm_range_bo_release
is running concurrently. However, there is no good way to annotate this.

To avoid the problem, take a BO reference in
svm_range_schedule_evict_svm_bo instead of in the worker. That way it's
impossible for a BO to get freed while eviction work is pending and the
cancel_work_sync call in svm_range_bo_release can be eliminated.

v2: Use svm_bo_ref_unless_zero and explained why that's safe. Also
removed redundant checks that are already done in
amdkfd_fence_enable_signaling.

Signed-off-by: Felix Kuehling <[email protected]>
Reviewed-by: Philip Yang <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
okias pushed a commit that referenced this pull request Jan 11, 2024
======================================================
WARNING: possible circular locking dependency detected
6.5.0-kfd-yangp #2289 Not tainted
------------------------------------------------------
kworker/0:2/996 is trying to acquire lock:
        (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0

but task is already holding lock:
        ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at:
	process_one_work+0x211/0x560

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}:
        __flush_work+0x88/0x4f0
        svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu]
        svm_range_set_attr+0xd6/0x14c0 [amdgpu]
        kfd_ioctl+0x1d1/0x630 [amdgpu]
        __x64_sys_ioctl+0x88/0xc0

-> #2 (&info->lock#2){+.+.}-{3:3}:
        __mutex_lock+0x99/0xc70
        amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]
        restore_process_helper+0x22/0x80 [amdgpu]
        restore_process_worker+0x2d/0xa0 [amdgpu]
        process_one_work+0x29b/0x560
        worker_thread+0x3d/0x3d0

-> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}:
        __flush_work+0x88/0x4f0
        __cancel_work_timer+0x12c/0x1c0
        kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]
        __mmu_notifier_release+0xad/0x240
        exit_mmap+0x6a/0x3a0
        mmput+0x6a/0x120
        do_exit+0x322/0xb90
        do_group_exit+0x37/0xa0
        __x64_sys_exit_group+0x18/0x20
        do_syscall_64+0x38/0x80

-> #0 (srcu){.+.+}-{0:0}:
        __lock_acquire+0x1521/0x2510
        lock_sync+0x5f/0x90
        __synchronize_srcu+0x4f/0x1a0
        __mmu_notifier_release+0x128/0x240
        exit_mmap+0x6a/0x3a0
        mmput+0x6a/0x120
        svm_range_deferred_list_work+0x19f/0x350 [amdgpu]
        process_one_work+0x29b/0x560
        worker_thread+0x3d/0x3d0

other info that might help us debug this:
Chain exists of:
  srcu --> &info->lock#2 --> (work_completion)(&svms->deferred_list_work)

Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
        lock((work_completion)(&svms->deferred_list_work));
                        lock(&info->lock#2);
			lock((work_completion)(&svms->deferred_list_work));
        sync(srcu);

Signed-off-by: Philip Yang <[email protected]>
Reviewed-by: Felix Kuehling <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants