-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New device: tegra30-fujitsu-m532.dts #1
Conversation
Based on TF300T DTS, with some cleanups. Still many things to fix, but a pretty good start.
Still very much WiP but may be a good starting point |
#size-cells = <1>; | ||
ranges; | ||
|
||
firmware@bfe00000 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
verify if reserved in chagall
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it SoC-specific?
lp0_vec@bddf9000 { | ||
reg = <0xbddf9000 0x2000>; // passed from bootloader (ATAGS/NVIDIA, cmdline) | ||
}; | ||
/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
preferably drop all commented stuff if you didn't intent to uncomment it for chagall
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason I did not drop them yet was because I still have to find out what they do, and if they are part of chagall or not
default-brightness-level = <6>; | ||
}; | ||
|
||
sound { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check if in chagall sources is also this codec (wm8903) used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, WM8903
}; | ||
}; | ||
|
||
extcon-keys { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems pretty specific for asus, will it work without it? Do have chagall even docking possibility?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess it is compatible with docks (it has the same connector and very similar hardware) but yes, I'll comment it out for the moment
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
I'll close this for now and re-open it when I have a more mature DTB. |
Can't close the request, weird bug. |
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
In the commit setting up the qcom/msm pin controller to be hierarchical some callbacks were careful to check that d->parent_data on irq_data was valid before calling the parent function, however irq_chip_eoi_parent() was called unconditionally which doesn't work with elder Qualcomm platforms such as APQ8060. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 Implement a local stub just avoiding to call down to irq_chip_eoi_parent() if d->parent_data is not set. Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_disable and .irq_eoi are anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_disable and .irq_eoi condtionally if we are actually using a wakeup parent. Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_disable and .irq_eoi are anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_disable and .irq_eoi condtionally if we are actually using a wakeup parent. Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_disable and .irq_eoi are anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_disable and .irq_eoi condtionally if we are actually using a wakeup parent. Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_disable and .irq_eoi are anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_disable and .irq_eoi condtionally if we are actually using a wakeup parent. Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_disable and .irq_eoi are anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_disable and .irq_eoi condtionally if we are actually using a wakeup parent. Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_disable and .irq_eoi are anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_disable and .irq_eoi condtionally if we are actually using a wakeup parent. Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Linus Walleij <[email protected]>
The hierarchical parts of MSM pinctrl/GPIO is only used when the device tree has a "wakeup-parent" as a phandle, but the .irq_eoi is anyway assigned leading to semantic problems on elder Qualcomm chipsets. When the drivers/mfd/qcom-pm8xxx.c driver calls chained_irq_exit() that call will in turn call chip->irq_eoi() which is set to irq_chip_eoi_parent() by default on a hierachical IRQ chip, and the parent is pinctrl-msm.c so that will in turn unconditionally call irq_chip_eoi_parent() again, but its parent is invalid so we get the following crash: Unnable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = (ptrval) [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (...) PC is at irq_chip_eoi_parent+0x4/0x10 LR is at pm8xxx_irq_handler+0x1b4/0x2d8 If we solve this crash by avoiding to call up to irq_chip_eoi_parent(), the machine will hang and get reset by the watchdog, because of semantic issues, probably inside irq_chip. As a solution, just assign the .irq_eoi conditionally if we are actually using a wakeup parent. Cc: David Heidelberg <[email protected]> Cc: Bjorn Andersson <[email protected]> Cc: Lina Iyer <[email protected]> Cc: Marc Zyngier <[email protected]> Cc: Stephen Boyd <[email protected]> Cc: [email protected] Fixes: e35a6ae ("pinctrl/msm: Setup GPIO chip in hierarchy") Link: https://lore.kernel.org/r/[email protected] Link: https://lore.kernel.org/r/[email protected] Tested-by: David Heidelberg <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
This reverts commit 03436e3. Fixes: mdp: dummy supplies not allowed for exclusive requests [ 2.641236] 8<--- cut here --- [ 2.641279] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 2.643206] pgd = (ptrval) [ 2.651522] [00000000] *pgd=00000000 [ 2.653973] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.657695] Modules linked in: [ 2.663000] CPU: 3 PID: 105 Comm: kworker/3:1 Not tainted 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 2.665859] Hardware name: Generic DT based system [ 2.674123] Workqueue: events deferred_probe_work_func [ 2.678718] PC is at msm_dsi_manager_setup_encoder+0x38/0x6c [ 2.683830] LR is at msm_dsi_manager_setup_encoder+0x30/0x6c [ 2.689643] pc : [<c0766a4c>] lr : [<c0766a44>] psr: a0000013 [ 2.695283] sp : e8043c08 ip : e8043c08 fp : e8043c24 [ 2.701271] r10: e8305c00 r9 : e8305400 r8 : e8305c00 [ 2.706482] r7 : e7d1fc00 r6 : 00000000 r5 : e7d1c4c0 r4 : e7d1fc00 [ 2.711693] r3 : e7d1c4c0 r2 : e7d19280 r1 : 00000000 r0 : e7d1fc00 [ 2.718297] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.724803] Control: 10c5787d Table: 8020406a DAC: 00000051 [ 2.732006] Process kworker/3:1 (pid: 105, stack limit = 0x(ptrval)) [ 2.737736] Stack: (0xe8043c08 to 0xe8044000) [ 2.744179] 3c00: e7d1c4c0 e8305400 00000000 e7d1fc00 e8043c4c e8043c28 [ 2.748445] 3c20: c07629dc c0766a20 e7d1f780 00000006 e8305400 e8305400 00000001 e8305400 [ 2.756606] 3c40: e8043c8c e8043c50 c071caac c0762948 00000002 e8043c60 c091d268 c0c5ee2c [ 2.764766] 3c60: e8305c00 e8305c00 e8305400 00000000 e89efa10 e8305c00 00000002 c12c2ea8 [ 2.772926] 3c80: e8043cec e8043c90 c0754554 c071c540 c034bfd8 c036f8a8 e89efba4 60000013 [ 2.781086] 3ca0: e89efa10 e89efba4 e8043ccc c0c5ee58 e8043ccc e8043cc0 c0c5ee58 c034be74 [ 2.789245] 3cc0: e8043cec e7d11c40 e7d11f40 e7d11f18 e7d16540 e7d11f18 00000002 c12c2ea8 [ 2.797405] 3ce0: e8043d2c e8043cf0 c0770244 c0754190 c0d1db90 e7d11f40 e89efa10 00000000 [ 2.805565] 3d00: e8043d2c c12775d4 e7d11f40 e89efa10 c0d5a440 c0f8cbf0 e89efa10 00000000 [ 2.813725] 3d20: e8043d54 e8043d30 c0770644 c0770054 c0d5f5f4 c038f528 e93f3378 e89efa10 [ 2.821885] 3d40: e93f5ab8 e89efa10 e8043d94 e8043d58 c0753dbc c0770590 e7d16540 00000003 [ 2.830043] 3d60: 00000000 e93f6274 c07908d8 00000000 e89efa10 c1276f10 00000000 c1313718 [ 2.838203] 3d80: c1276f10 c12c3160 e8043db4 e8043d98 c077992c c0753b98 e89efa10 c1313714 [ 2.846364] 3da0: 00000000 00000000 e8043df4 e8043db8 c0776ffc c07798e0 e8043dd4 e8043dc8 [ 2.854523] 3dc0: c0c5eebc 00000007 e8043df4 e89efa10 c1276f10 e8043e78 e89efa10 c0f91d0c [ 2.862683] 3de0: c12c3160 e89efa10 e8043e2c e8043df8 c077754c c0776ef4 c1276f10 c1276f10 [ 2.870844] 3e00: e8043e78 e89efa10 00000001 c1276f10 e8043e78 e89efa10 c0f91d0c c12c3160 [ 2.879002] 3e20: e8043e4c e8043e30 c0777870 c07774d8 00000000 e8043e78 c07777cc c12c3160 [ 2.887162] 3e40: e8043e74 e8043e50 c0774ff4 c07777d8 c02e686c e8ba4738 e89efa10 e89efa10 [ 2.895322] 3e60: 00000001 e89efa54 e8043e9c e8043e78 c0776e30 c0774f80 e89efa10 00000001 [ 2.903483] 3e80: c07733dc c127780c e89efa10 c1277a88 e8043eac e8043ea0 c07778f8 c0776d7c [ 2.911641] 3ea0: e8043ecc e8043eb0 c0775f08 c07778e8 c127780c c127780c c1277820 c12c3160 [ 2.919801] 3ec0: e8043efc e8043ed0 c07764b8 c0775e80 c0776430 c1277844 e8a21000 e93d4dc0 [ 2.927959] 3ee0: e93d7f00 00000000 c12bb270 00000000 e8043f3c e8043f00 c033d1b8 c077643c [ 2.936121] 3f00: c034bfd8 c036f8a8 e93d4dc0 e93d4dc0 e93d4dc0 e8a21000 e93d4dc0 e8a21014 [ 2.944279] 3f20: e93d4dd8 c1203d00 00000008 e8863e88 e8043f74 e8043f40 c033ed74 c033cfe8 [ 2.952440] 3f40: e8043f74 e8042000 c0343274 e8a20600 e8a20780 00000000 e8042000 e8a21000 [ 2.960601] 3f60: e8a2061c e8863e88 e8043fac e8043f78 c03436e0 c033eb2c c032fe64 c033eb20 [ 2.968757] 3f80: 00000000 e8a20780 c03435b4 00000000 00000000 00000000 00000000 00000000 [ 2.976919] 3fa0: 00000000 e8043fb0 c03010e8 c03435c0 00000000 00000000 00000000 00000000 [ 2.985078] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.993236] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 3.001359] Backtrace: [ 3.009541] [<c0766a14>] (msm_dsi_manager_setup_encoder) from [<c07629dc>] (msm_dsi_modeset_init+0xa0/0x1c8) [ 3.011796] r7:e7d1fc00 r6:00000000 r5:e8305400 r4:e7d1c4c0 [ 3.021869] [<c076293c>] (msm_dsi_modeset_init) from [<c071caac>] (mdp4_kms_init+0x578/0x7b4) [ 3.027510] r9:e8305400 r8:00000001 r7:e8305400 r6:e8305400 r5:00000006 r4:e7d1f780 [ 3.035927] [<c071c534>] (mdp4_kms_init) from [<c0754554>] (msm_drm_bind+0x3d0/0x5f4) [ 3.043741] r10:c12c2ea8 r9:00000002 r8:e8305c00 r7:e89efa10 r6:00000000 r5:e8305400 [ 3.051449] r4:e8305c00 [ 3.059274] [<c0754184>] (msm_drm_bind) from [<c0770244>] (try_to_bring_up_master+0x1fc/0x2c8) [ 3.061884] r10:c12c2ea8 r9:00000002 r8:e7d11f18 r7:e7d16540 r6:e7d11f18 r5:e7d11f40 [ 3.070285] r4:e7d11c40 [ 3.078198] [<c0770048>] (try_to_bring_up_master) from [<c0770644>] (component_master_add_with_match+0xc0/0x100) [ 3.080811] r10:00000000 r9:e89efa10 r8:c0f8cbf0 r7:c0d5a440 r6:e89efa10 r5:e7d11f40 [ 3.090945] r4:c12775d4 [ 3.098679] [<c0770584>] (component_master_add_with_match) from [<c0753dbc>] (msm_pdev_probe+0x230/0x290) [ 3.101291] r7:e89efa10 r6:e93f5ab8 r5:e89efa10 r4:e93f3378 [ 3.110756] [<c0753b8c>] (msm_pdev_probe) from [<c077992c>] (platform_drv_probe+0x58/0xa8) [ 3.116484] r10:c12c3160 r9:c1276f10 r8:c1313718 r7:00000000 r6:c1276f10 r5:e89efa10 [ 3.124540] r4:00000000 [ 3.132447] [<c07798d4>] (platform_drv_probe) from [<c0776ffc>] (really_probe+0x114/0x424) [ 3.135053] r7:00000000 r6:00000000 r5:c1313714 r4:e89efa10 [ 3.143129] [<c0776ee8>] (really_probe) from [<c077754c>] (driver_probe_device+0x80/0x1dc) [ 3.148950] r10:e89efa10 r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 [ 3.157005] r4:e89efa10 [ 3.164911] [<c07774cc>] (driver_probe_device) from [<c0777870>] (__device_attach_driver+0xa4/0x110) [ 3.167527] r9:c12c3160 r8:c0f91d0c r7:e89efa10 r6:e8043e78 r5:c1276f10 r4:00000001 [ 3.176637] [<c07777cc>] (__device_attach_driver) from [<c0774ff4>] (bus_for_each_drv+0x80/0xb0) [ 3.184361] r7:c12c3160 r6:c07777cc r5:e8043e78 r4:00000000 [ 3.193127] [<c0774f74>] (bus_for_each_drv) from [<c0776e30>] (__device_attach+0xc0/0x158) [ 3.198766] r6:e89efa54 r5:00000001 r4:e89efa10 [ 3.206841] [<c0776d70>] (__device_attach) from [<c07778f8>] (device_initial_probe+0x1c/0x20) [ 3.211614] r6:c1277a88 r5:e89efa10 r4:c127780c [ 3.220035] [<c07778dc>] (device_initial_probe) from [<c0775f08>] (bus_probe_device+0x94/0x9c) [ 3.224730] [<c0775e74>] (bus_probe_device) from [<c07764b8>] (deferred_probe_work_func+0x88/0xd0) [ 3.233145] r7:c12c3160 r6:c1277820 r5:c127780c r4:c127780c [ 3.242096] [<c0776430>] (deferred_probe_work_func) from [<c033d1b8>] (process_one_work+0x1dc/0x53c) [ 3.247910] r10:00000000 r9:c12bb270 r8:00000000 r7:e93d7f00 r6:e93d4dc0 r5:e8a21000 [ 3.257009] r4:c1277844 r3:c0776430 [ 3.264741] [<c033cfdc>] (process_one_work) from [<c033ed74>] (worker_thread+0x254/0x500) [ 3.268393] r10:e8863e88 r9:00000008 r8:c1203d00 r7:e93d4dd8 r6:e8a21014 r5:e93d4dc0 [ 3.276449] r4:e8a21000 [ 3.284270] [<c033eb20>] (worker_thread) from [<c03436e0>] (kthread+0x12c/0x168) [ 3.286881] r10:e8863e88 r9:e8a2061c r8:e8a21000 r7:e8042000 r6:00000000 r5:e8a20780 [ 3.294246] r4:e8a20600 [ 3.301977] [<c03435b4>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 3.304575] Exception stack(0xe8043fb0 to 0xe8043ff8) [ 3.311617] 3fa0: 00000000 00000000 00000000 00000000 [ 3.316761] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.324913] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 3.333060] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c03435b4 [ 3.339471] r4:e8a20780 [ 3.347469] Code: e5936004 ebffefaa e2504000 089da8f0 (e5963000) [ 3.350237] ---[ end trace ef11f4cc25ead15d ]--- [ 3.377018] Kernel panic - not syncing: Fatal exception [ 3.377092] CPU0: stopping [ 3.381054] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.383835] Hardware name: Generic DT based system [ 3.393116] Backtrace: [ 3.397727] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.400069] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.407712] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.413531] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.420555] r7:00000000 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.428108] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.433751] r10:00000000 r9:c1201ec0 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.441124] r4:ea80200c [ 3.449021] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.451629] Exception stack(0xc1201ec0 to 0xc1201f08) [ 3.459024] 1ec0: 00000000 00002f2c e93999f0 c031ac20 00000000 c1200000 c12060e4 c1206120 [ 3.464065] 1ee0: 00000000 c11a5548 00000000 c1201f1c c1201f20 c1201f10 c030a474 c030a478 [ 3.472208] 1f00: 60000013 ffffffff [ 3.480359] r9:c1200000 r8:00000000 r7:c1201ef4 r6:ffffffff r5:60000013 r4:c030a478 [ 3.483683] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.491656] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.499725] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.507448] r10:c12060c0 r9:00000001 r8:c12d9140 r7:c12d9140 r6:ffffffff r5:c1216348 [ 3.514822] r4:000000cd [ 3.522719] [<c03541c4>] (cpu_startup_entry) from [<c0c59138>] (rest_init+0xb8/0xd8) [ 3.525339] [<c0c59080>] (rest_init) from [<c1100b38>] (arch_call_rest_init+0x18/0x1c) [ 3.533053] r5:00000001 r4:c12d9194 [ 3.540777] [<c1100b20>] (arch_call_rest_init) from [<c1100fbc>] (start_kernel+0x408/0x4ac) [ 3.544517] [<c1100bb4>] (start_kernel) from [<00000000>] (0x0) [ 3.552585] r10:10c5387d r9:511f06f0 r8:819700a0 r7:00001e7a r6:10c0387d r5:00000051 [ 3.558484] r4:c1100330 [ 3.566469] CPU1: stopping [ 3.569089] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.571604] Hardware name: Generic DT based system [ 3.580882] Backtrace: [ 3.585500] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.587846] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.595489] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.601310] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.608331] r7:00000001 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.615888] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.621532] r10:00000000 r9:e882df20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.628896] r4:ea80200c [ 3.636800] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.639399] Exception stack(0xe882df20 to 0xe882df68) [ 3.646805] df20: 00000000 000002fc e93ad9f0 c031ac20 00000001 e882c000 c12060e4 c1206120 [ 3.651846] df40: 00000000 c11a5548 00000000 e882df7c e882df80 e882df70 c030a474 c030a478 [ 3.659982] df60: 60000013 ffffffff [ 3.668141] r9:e882c000 r8:00000000 r7:e882df54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.671457] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.679434] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.687504] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.695230] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000001 [ 3.702592] r4:00000089 [ 3.710502] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.713113] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.721866] r5:00000051 r4:a882406a [ 3.729497] CPU2: stopping [ 3.733066] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.3.0-00014-g9bf8d2ba4898 grate-driver#120 [ 3.735581] Hardware name: Generic DT based system [ 3.744858] Backtrace: [ 3.749476] [<c030e80c>] (dump_backtrace) from [<c030eb64>] (show_stack+0x20/0x24) [ 3.751821] r7:c12b4080 r6:20000193 r5:00000000 r4:c12b4080 [ 3.759466] [<c030eb44>] (show_stack) from [<c0c420d4>] (dump_stack+0x78/0x94) [ 3.765287] [<c0c4205c>] (dump_stack) from [<c03106b0>] (handle_IPI+0x3a4/0x408) [ 3.772308] r7:00000002 r6:c12bb144 r5:00000004 r4:c11a5d50 [ 3.779864] [<c031030c>] (handle_IPI) from [<c0302388>] (gic_handle_irq+0x94/0xa0) [ 3.785509] r10:00000000 r9:e882ff20 r8:ea803000 r7:c124cf28 r6:c1206894 r5:ea802000 [ 3.792871] r4:ea80200c [ 3.800776] [<c03022f4>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8) [ 3.803375] Exception stack(0xe882ff20 to 0xe882ff68) [ 3.810781] ff20: 00000000 000006fc e93c19f0 c031ac20 00000002 e882e000 c12060e4 c1206120 [ 3.815821] ff40: 00000000 c11a5548 00000000 e882ff7c e882ff80 e882ff70 c030a474 c030a478 [ 3.823957] ff60: 60000013 ffffffff [ 3.832116] r9:e882e000 r8:00000000 r7:e882ff54 r6:ffffffff r5:60000013 r4:c030a478 [ 3.835430] [<c030a438>] (arch_cpu_idle) from [<c0c5e93c>] (default_idle_call+0x30/0x3c) [ 3.843410] [<c0c5e90c>] (default_idle_call) from [<c0353ea4>] (do_idle+0x204/0x284) [ 3.851479] [<c0353ca0>] (do_idle) from [<c03541ec>] (cpu_startup_entry+0x28/0x2c) [ 3.859206] r10:00000000 r9:511f06f0 r8:8020406a r7:c12d9438 r6:10c0387d r5:00000002 [ 3.866569] r4:00000089 [ 3.874476] [<c03541c4>] (cpu_startup_entry) from [<c0310044>] (secondary_start_kernel+0x154/0x19c) [ 3.877087] [<c030fef0>] (secondary_start_kernel) from [<8030284c>] (0x8030284c) [ 3.885843] r5:00000051 r4:a882406a
In NFSv4, the lock stateids are tied to the lockowner, and the open stateid, so that the action of closing the file also results in either an automatic loss of the locks, or an error of the form NFS4ERR_LOCKS_HELD. In practice this means we must not add new locks to the open stateid after the close process has been invoked. In fact doing so, can result in the following panic: kernel BUG at lib/list_debug.c:51! invalid opcode: 0000 [#1] SMP NOPTI CPU: 2 PID: 1085 Comm: nfsd Not tainted 5.6.0-rc3+ #2 Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.14410784.B64.1908150010 08/15/2019 RIP: 0010:__list_del_entry_valid.cold+0x31/0x55 Code: 1a 3d 9b e8 74 10 c2 ff 0f 0b 48 c7 c7 f0 1a 3d 9b e8 66 10 c2 ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 b0 1a 3d 9b e8 52 10 c2 ff <0f> 0b 48 89 fe 4c 89 c2 48 c7 c7 78 1a 3d 9b e8 3e 10 c2 ff 0f 0b RSP: 0018:ffffb296c1d47d90 EFLAGS: 00010246 RAX: 0000000000000054 RBX: ffff8ba032456ec8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8ba039e99cc8 RDI: ffff8ba039e99cc8 RBP: ffff8ba032456e60 R08: 0000000000000781 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8ba009a4abe0 R13: ffff8ba032456e8c R14: 0000000000000000 R15: ffff8ba00adb01d8 FS: 0000000000000000(0000) GS:ffff8ba039e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb213f0b008 CR3: 00000001347de006 CR4: 00000000003606e0 Call Trace: release_lock_stateid+0x2b/0x80 [nfsd] nfsd4_free_stateid+0x1e9/0x210 [nfsd] nfsd4_proc_compound+0x414/0x700 [nfsd] ? nfs4svc_decode_compoundargs+0x407/0x4c0 [nfsd] nfsd_dispatch+0xc1/0x200 [nfsd] svc_process_common+0x476/0x6f0 [sunrpc] ? svc_sock_secure_port+0x12/0x30 [sunrpc] ? svc_recv+0x313/0x9c0 [sunrpc] ? nfsd_svc+0x2d0/0x2d0 [nfsd] svc_process+0xd4/0x110 [sunrpc] nfsd+0xe3/0x140 [nfsd] kthread+0xf9/0x130 ? nfsd_destroy+0x50/0x50 [nfsd] ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x40 The fix is to ensure that lock creation tests for whether or not the open stateid is unhashed, and to fail if that is the case. Fixes: 659aefb ("nfsd: Ensure we don't recognise lock stateids after freeing them") Signed-off-by: Trond Myklebust <[email protected]> Signed-off-by: Chuck Lever <[email protected]>
When the module is being removed, the module state is set to MODULE_STATE_GOING. At this point, try_module_get() fails. And when {full/open}_proxy_open() is being called, it calls try_module_get() to try to hold module reference count. If it fails, it warns about the possibility of debugfs file leak. If {full/open}_proxy_open() is called while the module is being removed, it fails to hold the module. So, It warns about debugfs file leak. But it is not the debugfs file leak case. So, this patch just adds module state checking routine in the {full/open}_proxy_open(). Test commands: #SHELL1 while : do modprobe netdevsim echo 1 > /sys/bus/netdevsim/new_device modprobe -rv netdevsim done #SHELL2 while : do cat /sys/kernel/debug/netdevsim/netdevsim1/ports/0/ipsec done Splat looks like: [ 298.766738][T14664] debugfs file owner did not clean up at exit: ipsec [ 298.766766][T14664] WARNING: CPU: 2 PID: 14664 at fs/debugfs/file.c:312 full_proxy_open+0x10f/0x650 [ 298.768595][T14664] Modules linked in: netdevsim(-) openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 n][ 298.771343][T14664] CPU: 2 PID: 14664 Comm: cat Tainted: G W 5.5.0+ #1 [ 298.772373][T14664] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 298.773545][T14664] RIP: 0010:full_proxy_open+0x10f/0x650 [ 298.774247][T14664] Code: 48 c1 ea 03 80 3c 02 00 0f 85 c1 04 00 00 49 8b 3c 24 e8 e4 b5 78 ff 84 c0 75 2d 4c 89 ee 48 [ 298.776782][T14664] RSP: 0018:ffff88805b7df9b8 EFLAGS: 00010282[ 298.777583][T14664] RAX: dffffc0000000008 RBX: ffff8880511725c0 RCX: 0000000000000000 [ 298.778610][T14664] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8880540c5c14 [ 298.779637][T14664] RBP: 0000000000000000 R08: fffffbfff15235ad R09: 0000000000000000 [ 298.780664][T14664] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc06b5000 [ 298.781702][T14664] R13: ffff88804c234a88 R14: ffff88804c22dd00 R15: ffffffff8a1b5660 [ 298.782722][T14664] FS: 00007fafa13a8540(0000) GS:ffff88806c800000(0000) knlGS:0000000000000000 [ 298.783845][T14664] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 298.784672][T14664] CR2: 00007fafa0e9cd10 CR3: 000000004b286005 CR4: 00000000000606e0 [ 298.785739][T14664] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 298.786769][T14664] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 298.787785][T14664] Call Trace: [ 298.788237][T14664] do_dentry_open+0x63c/0xf50 [ 298.788872][T14664] ? open_proxy_open+0x270/0x270 [ 298.789524][T14664] ? __x64_sys_fchdir+0x180/0x180 [ 298.790169][T14664] ? inode_permission+0x65/0x390 [ 298.790832][T14664] path_openat+0xc45/0x2680 [ 298.791425][T14664] ? save_stack+0x69/0x80 [ 298.791988][T14664] ? save_stack+0x19/0x80 [ 298.792544][T14664] ? path_mountpoint+0x2e0/0x2e0 [ 298.793233][T14664] ? check_chain_key+0x236/0x5d0 [ 298.793910][T14664] ? sched_clock_cpu+0x18/0x170 [ 298.794527][T14664] ? find_held_lock+0x39/0x1d0 [ 298.795153][T14664] do_filp_open+0x16a/0x260 [ ... ] Fixes: 9fd4dce ("debugfs: prevent access to possibly dead file_operations at file open") Reported-by: kbuild test robot <[email protected]> Signed-off-by: Taehee Yoo <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
It might have the unaligned access exception when trying to exchange data with user space program. In this case, it failed in tty_ioctl(). Therefore we should enable uaccess.S for NOMMU mode since the generic code doesn't handle the unaligned access cases. 0x8013a212 <tty_ioctl+462>: ld a5,460(s1) [ 0.115279] Oops - load address misaligned [#1] [ 0.115284] CPU: 0 PID: 29 Comm: sh Not tainted 5.4.0-rc5-00020-gb4c27160d562-dirty grate-driver#36 [ 0.115294] epc: 000000008013a212 ra : 000000008013a212 sp : 000000008f48dd50 [ 0.115303] gp : 00000000801cac28 tp : 000000008fb80000 t0 : 00000000000000e8 [ 0.115312] t1 : 000000008f58f108 t2 : 0000000000000009 s0 : 000000008f48ddf0 [ 0.115321] s1 : 000000008f8c6220 a0 : 0000000000000001 a1 : 000000008f48dd28 [ 0.115330] a2 : 000000008fb80000 a3 : 00000000801a7398 a4 : 0000000000000000 [ 0.115339] a5 : 0000000000000000 a6 : 000000008f58f0c6 a7 : 000000000000001d [ 0.115348] s2 : 000000008f8c6308 s3 : 000000008f78b7c8 s4 : 000000008fb834c0 [ 0.115357] s5 : 0000000000005413 s6 : 0000000000000000 s7 : 000000008f58f2b0 [ 0.115366] s8 : 000000008f858008 s9 : 000000008f776818 s10: 000000008f776830 [ 0.115375] s11: 000000008fb840a8 t3 : 1999999999999999 t4 : 000000008f78704c [ 0.115384] t5 : 0000000000000005 t6 : 0000000000000002 [ 0.115391] status: 0000000200001880 badaddr: 000000008f8c63ec cause: 0000000000000004 [ 0.115401] ---[ end trace 00d490c6a8b6c9ac ]--- This failure could be fixed after this patch applied. [ 0.002282] Run /init as init process Initializing random number generator... [ 0.005573] random: dd: uninitialized urandom read (512 bytes read) done. Welcome to Buildroot buildroot login: root Password: Jan 1 00:00:00 login[62]: root login on 'ttySIF0' ~ # Signed-off-by: Greentime Hu <[email protected]> Reviewed-by: Palmer Dabbelt <[email protected]> Signed-off-by: Palmer Dabbelt <[email protected]>
… like the valid ones On P9 DD2.2 due to a CPU defect some TM instructions need to be emulated by KVM. This is handled at first by the hardware raising a softpatch interrupt when certain TM instructions that need KVM assistance are executed in the guest. Althought some TM instructions per Power ISA are invalid forms they can raise a softpatch interrupt too. For instance, 'tresume.' instruction as defined in the ISA must have bit 31 set (1), but an instruction that matches 'tresume.' PO and XO opcode fields but has bit 31 not set (0), like 0x7cfe9ddc, also raises a softpatch interrupt. Similarly for 'treclaim.' and 'trechkpt.' instructions with bit 31 = 0, i.e. 0x7c00075c and 0x7c0007dc, respectively. Hence, if a code like the following is executed in the guest it will raise a softpatch interrupt just like a 'tresume.' when the TM facility is enabled ('tabort. 0' in the example is used only to enable the TM facility): int main() { asm("tabort. 0; .long 0x7cfe9ddc;"); } Currently in such a case KVM throws a complete trace like: [345523.705984] WARNING: CPU: 24 PID: 64413 at arch/powerpc/kvm/book3s_hv_tm.c:211 kvmhv_p9_tm_emulation+0x68/0x620 [kvm_hv] [345523.705985] Modules linked in: kvm_hv(E) xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp ip6table_mangle ip6table_nat iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bridge stp llc sch_fq_codel ipmi_powernv at24 vmx_crypto ipmi_devintf ipmi_msghandler ibmpowernv uio_pdrv_genirq kvm opal_prd uio leds_powernv ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear tg3 crct10dif_vpmsum crc32c_vpmsum ipr [last unloaded: kvm_hv] [345523.706030] CPU: 24 PID: 64413 Comm: CPU 0/KVM Tainted: G W E 5.5.0+ #1 [345523.706031] NIP: c0080000072cb9c0 LR: c0080000072b5e80 CTR: c0080000085c7850 [345523.706034] REGS: c000000399467680 TRAP: 0700 Tainted: G W E (5.5.0+) [345523.706034] MSR: 900000010282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]> CR: 24022428 XER: 00000000 [345523.706042] CFAR: c0080000072b5e7c IRQMASK: 0 GPR00: c0080000072b5e80 c000000399467910 c0080000072db500 c000000375ccc720 GPR04: c000000375ccc720 00000003fbec0000 0000a10395dda5a6 0000000000000000 GPR08: 000000007cfe9ddc 7cfe9ddc000005dc 7cfe9ddc7c0005dc c0080000072cd530 GPR12: c0080000085c7850 c0000003fffeb800 0000000000000001 00007dfb737f0000 GPR16: c0002001edcca558 0000000000000000 0000000000000000 0000000000000001 GPR20: c000000001b21258 c0002001edcca558 0000000000000018 0000000000000000 GPR24: 0000000001000000 ffffffffffffffff 0000000000000001 0000000000001500 GPR28: c0002001edcc4278 c00000037dd80000 800000050280f033 c000000375ccc720 [345523.706062] NIP [c0080000072cb9c0] kvmhv_p9_tm_emulation+0x68/0x620 [kvm_hv] [345523.706065] LR [c0080000072b5e80] kvmppc_handle_exit_hv.isra.53+0x3e8/0x798 [kvm_hv] [345523.706066] Call Trace: [345523.706069] [c000000399467910] [c000000399467940] 0xc000000399467940 (unreliable) [345523.706071] [c000000399467950] [c000000399467980] 0xc000000399467980 [345523.706075] [c0000003994679f0] [c0080000072bd1c4] kvmhv_run_single_vcpu+0xa1c/0xb80 [kvm_hv] [345523.706079] [c000000399467ac0] [c0080000072bd8e0] kvmppc_vcpu_run_hv+0x5b8/0xb00 [kvm_hv] [345523.706087] [c000000399467b90] [c0080000085c93cc] kvmppc_vcpu_run+0x34/0x48 [kvm] [345523.706095] [c000000399467bb0] [c0080000085c582c] kvm_arch_vcpu_ioctl_run+0x244/0x420 [kvm] [345523.706101] [c000000399467c40] [c0080000085b7498] kvm_vcpu_ioctl+0x3d0/0x7b0 [kvm] [345523.706105] [c000000399467db0] [c0000000004adf9c] ksys_ioctl+0x13c/0x170 [345523.706107] [c000000399467e00] [c0000000004adff8] sys_ioctl+0x28/0x80 [345523.706111] [c000000399467e20] [c00000000000b278] system_call+0x5c/0x68 [345523.706112] Instruction dump: [345523.706114] 419e0390 7f8a4840 409d0048 6d497c00 2f89075d 419e021c 6d497c00 2f8907dd [345523.706119] 419e01c0 6d497c00 2f8905dd 419e00a4 <0fe00000> 38210040 38600000 ebc1fff0 and then treats the executed instruction as a 'nop'. However the POWER9 User's Manual, in section "4.6.10 Book II Invalid Forms", informs that for TM instructions bit 31 is in fact ignored, thus for the TM-related invalid forms ignoring bit 31 and handling them like the valid forms is an acceptable way to handle them. POWER8 behaves the same way too. This commit changes the handling of the cases here described by treating the TM-related invalid forms that can generate a softpatch interrupt just like their valid forms (w/ bit 31 = 1) instead of as a 'nop' and by gently reporting any other unrecognized case to the host and treating it as illegal instruction instead of throwing a trace and treating it as a 'nop'. Signed-off-by: Gustavo Romero <[email protected]> Reviewed-by: Segher Boessenkool <[email protected]> Acked-By: Michael Neuling <[email protected]> Reviewed-by: Leonardo Bras <[email protected]> Signed-off-by: Paul Mackerras <[email protected]>
Code in the amdgpu driver triggers a bug when using clang to build an arm64 kernel: /tmp/sdma_v4_0-f95fd3.s: Assembler messages: /tmp/sdma_v4_0-f95fd3.s:44: Error: selected processor does not support `bfc w0,#1,#5' I expect this to be fixed in llvm soon, but we can also work around it by inserting a barrier() that prevents the optimization. Link: https://bugs.llvm.org/show_bug.cgi?id=42576 Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
commit e14aec2 upstream. Fix kernel crash in AP bus code caused by very early invocation of the config change callback function via SCLP. After a fresh IML of the machine the crypto cards are still offline and will get switched online only with activation of any LPAR which has the card in it's configuration. A crypto card coming online is reported to the LPAR via SCLP and the AP bus offers a callback function to get this kind of information. However, it may happen that the callback is invoked before the AP bus init function is complete. As the callback triggers a synchronous AP bus scan, the scan may already run but some internal states are not initialized by the AP bus init function resulting in a crash like this: [ 11.635859] Unable to handle kernel pointer dereference in virtual kernel address space [ 11.635861] Failing address: 0000000000000000 TEID: 0000000000000887 [ 11.635862] Fault in home space mode while using kernel ASCE. [ 11.635864] AS:00000000894c4007 R3:00000001fece8007 S:00000001fece7800 P:000000000000013d [ 11.635879] Oops: 0004 ilc:1 [#1] SMP [ 11.635882] Modules linked in: [ 11.635884] CPU: 5 PID: 42 Comm: kworker/5:0 Not tainted 6.6.0-rc3-00003-g4dbf7cdc6b42 grate-driver#12 [ 11.635886] Hardware name: IBM 3931 A01 751 (LPAR) [ 11.635887] Workqueue: events_long ap_scan_bus [ 11.635891] Krnl PSW : 0704c00180000000 0000000000000000 (0x0) [ 11.635895] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 11.635897] Krnl GPRS: 0000000001000a00 0000000000000000 0000000000000006 0000000089591940 [ 11.635899] 0000000080000000 0000000000000a00 0000000000000000 0000000000000000 [ 11.635901] 0000000081870c00 0000000089591000 000000008834e4e2 0000000002625a00 [ 11.635903] 0000000081734200 0000038000913c18 000000008834c6d6 0000038000913ac8 [ 11.635906] Krnl Code:>0000000000000000: 0000 illegal [ 11.635906] 0000000000000002: 0000 illegal [ 11.635906] 0000000000000004: 0000 illegal [ 11.635906] 0000000000000006: 0000 illegal [ 11.635906] 0000000000000008: 0000 illegal [ 11.635906] 000000000000000a: 0000 illegal [ 11.635906] 000000000000000c: 0000 illegal [ 11.635906] 000000000000000e: 0000 illegal [ 11.635915] Call Trace: [ 11.635916] [<0000000000000000>] 0x0 [ 11.635918] [<000000008834e4e2>] ap_queue_init_state+0x82/0xb8 [ 11.635921] [<000000008834ba1c>] ap_scan_domains+0x6fc/0x740 [ 11.635923] [<000000008834c092>] ap_scan_adapter+0x632/0x8b0 [ 11.635925] [<000000008834c3e4>] ap_scan_bus+0xd4/0x288 [ 11.635927] [<00000000879a33ba>] process_one_work+0x19a/0x410 [ 11.635930] Discipline DIAG cannot be used without z/VM [ 11.635930] [<00000000879a3a2c>] worker_thread+0x3fc/0x560 [ 11.635933] [<00000000879aea60>] kthread+0x120/0x128 [ 11.635936] [<000000008792afa4>] __ret_from_fork+0x3c/0x58 [ 11.635938] [<00000000885ebe62>] ret_from_fork+0xa/0x30 [ 11.635942] Last Breaking-Event-Address: [ 11.635942] [<000000008834c6d4>] ap_wait+0xcc/0x148 This patch improves the ap_bus_force_rescan() function which is invoked by the config change callback by checking if a first initial AP bus scan has been done. If not, the force rescan request is simple ignored. Anyhow it does not make sense to trigger AP bus re-scans even before the very first bus scan is complete. Cc: [email protected] Reviewed-by: Holger Dengler <[email protected]> Signed-off-by: Harald Freudenberger <[email protected]> Signed-off-by: Vasily Gorbik <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 5a22fbc upstream. When LAN9303 is MDIO-connected two callchains exist into mdio->bus->write(): 1. switch ports 1&2 ("physical" PHYs): virtual (switch-internal) MDIO bus (lan9303_switch_ops->phy_{read|write})-> lan9303_mdio_phy_{read|write} -> mdiobus_{read|write}_nested 2. LAN9303 virtual PHY: virtual MDIO bus (lan9303_phy_{read|write}) -> lan9303_virt_phy_reg_{read|write} -> regmap -> lan9303_mdio_{read|write} If the latter functions just take mutex_lock(&sw_dev->device->bus->mdio_lock) it triggers a LOCKDEP false-positive splat. It's false-positive because the first mdio_lock in the second callchain above belongs to virtual MDIO bus, the second mdio_lock belongs to physical MDIO bus. Consequent annotation in lan9303_mdio_{read|write} as nested lock (similar to lan9303_mdio_phy_{read|write}, it's the same physical MDIO bus) prevents the following splat: WARNING: possible circular locking dependency detected 5.15.71 #1 Not tainted ------------------------------------------------------ kworker/u4:3/609 is trying to acquire lock: ffff000011531c68 (lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock){+.+.}-{3:3}, at: regmap_lock_mutex but task is already holding lock: ffff0000114c44d8 (&bus->mdio_lock){+.+.}-{3:3}, at: mdiobus_read which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&bus->mdio_lock){+.+.}-{3:3}: lock_acquire __mutex_lock mutex_lock_nested lan9303_mdio_read _regmap_read regmap_read lan9303_probe lan9303_mdio_probe mdio_probe really_probe __driver_probe_device driver_probe_device __device_attach_driver bus_for_each_drv __device_attach device_initial_probe bus_probe_device deferred_probe_work_func process_one_work worker_thread kthread ret_from_fork -> #0 (lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock){+.+.}-{3:3}: __lock_acquire lock_acquire.part.0 lock_acquire __mutex_lock mutex_lock_nested regmap_lock_mutex regmap_read lan9303_phy_read dsa_slave_phy_read __mdiobus_read mdiobus_read get_phy_device mdiobus_scan __mdiobus_register dsa_register_switch lan9303_probe lan9303_mdio_probe mdio_probe really_probe __driver_probe_device driver_probe_device __device_attach_driver bus_for_each_drv __device_attach device_initial_probe bus_probe_device deferred_probe_work_func process_one_work worker_thread kthread ret_from_fork other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&bus->mdio_lock); lock(lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock); lock(&bus->mdio_lock); lock(lan9303_mdio:131:(&lan9303_mdio_regmap_config)->lock); *** DEADLOCK *** 5 locks held by kworker/u4:3/609: #0: ffff000002842938 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work #1: ffff80000bacbd60 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work #2: ffff000007645178 (&dev->mutex){....}-{3:3}, at: __device_attach #3: ffff8000096e6e78 (dsa2_mutex){+.+.}-{3:3}, at: dsa_register_switch #4: ffff0000114c44d8 (&bus->mdio_lock){+.+.}-{3:3}, at: mdiobus_read stack backtrace: CPU: 1 PID: 609 Comm: kworker/u4:3 Not tainted 5.15.71 #1 Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace show_stack dump_stack_lvl dump_stack print_circular_bug check_noncircular __lock_acquire lock_acquire.part.0 lock_acquire __mutex_lock mutex_lock_nested regmap_lock_mutex regmap_read lan9303_phy_read dsa_slave_phy_read __mdiobus_read mdiobus_read get_phy_device mdiobus_scan __mdiobus_register dsa_register_switch lan9303_probe lan9303_mdio_probe ... Cc: [email protected] Fixes: dc70058 ("net: dsa: LAN9303: add MDIO managed mode support") Signed-off-by: Alexander Sverdlin <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Paolo Abeni <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit f803982 upstream. Let's allocate the extent_cache tree without dynamic conditions to avoid a missing condition causing a panic as below. # create a file w/ a compressed flag # disable the compression # panic while updating extent_cache F2FS-fs (dm-64): Swapfile: last extent is not aligned to section F2FS-fs (dm-64): Swapfile (3) is not align to section: 1) creat(), 2) ioctl(F2FS_IOC_SET_PIN_FILE), 3) fallocate(2097152 * N) Adding 124996k swap on ./swap-file. Priority:0 extents:2 across:17179494468k ================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read_write out/common/include/linux/instrumented.h:101 [inline] BUG: KASAN: null-ptr-deref in atomic_try_cmpxchg_acquire out/common/include/asm-generic/atomic-instrumented.h:705 [inline] BUG: KASAN: null-ptr-deref in queued_write_lock out/common/include/asm-generic/qrwlock.h:92 [inline] BUG: KASAN: null-ptr-deref in __raw_write_lock out/common/include/linux/rwlock_api_smp.h:211 [inline] BUG: KASAN: null-ptr-deref in _raw_write_lock+0x5a/0x110 out/common/kernel/locking/spinlock.c:295 Write of size 4 at addr 0000000000000030 by task syz-executor154/3327 CPU: 0 PID: 3327 Comm: syz-executor154 Tainted: G O 5.10.185 #1 Hardware name: emulation qemu-x86/qemu-x86, BIOS 2023.01-21885-gb3cc1cd24d 01/01/2023 Call Trace: __dump_stack out/common/lib/dump_stack.c:77 [inline] dump_stack_lvl+0x17e/0x1c4 out/common/lib/dump_stack.c:118 __kasan_report+0x16c/0x260 out/common/mm/kasan/report.c:415 kasan_report+0x51/0x70 out/common/mm/kasan/report.c:428 kasan_check_range+0x2f3/0x340 out/common/mm/kasan/generic.c:186 __kasan_check_write+0x14/0x20 out/common/mm/kasan/shadow.c:37 instrument_atomic_read_write out/common/include/linux/instrumented.h:101 [inline] atomic_try_cmpxchg_acquire out/common/include/asm-generic/atomic-instrumented.h:705 [inline] queued_write_lock out/common/include/asm-generic/qrwlock.h:92 [inline] __raw_write_lock out/common/include/linux/rwlock_api_smp.h:211 [inline] _raw_write_lock+0x5a/0x110 out/common/kernel/locking/spinlock.c:295 __drop_extent_tree+0xdf/0x2f0 out/common/fs/f2fs/extent_cache.c:1155 f2fs_drop_extent_tree+0x17/0x30 out/common/fs/f2fs/extent_cache.c:1172 f2fs_insert_range out/common/fs/f2fs/file.c:1600 [inline] f2fs_fallocate+0x19fd/0x1f40 out/common/fs/f2fs/file.c:1764 vfs_fallocate+0x514/0x9b0 out/common/fs/open.c:310 ksys_fallocate out/common/fs/open.c:333 [inline] __do_sys_fallocate out/common/fs/open.c:341 [inline] __se_sys_fallocate out/common/fs/open.c:339 [inline] __x64_sys_fallocate+0xb8/0x100 out/common/fs/open.c:339 do_syscall_64+0x35/0x50 out/common/arch/x86/entry/common.c:46 Cc: [email protected] Fixes: 72840cc ("f2fs: allocate the extent_cache by default") Reported-and-tested-by: [email protected] Signed-off-by: Jaegeuk Kim <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 28f07f2 upstream. The commit 5721d4e enhanced dm-verity, so that it can verify blocks from tasklets rather than from workqueues. This reportedly improves performance significantly. However, dm-verity was using the flag CRYPTO_TFM_REQ_MAY_SLEEP from tasklets which resulted in warnings about sleeping function being called from non-sleeping context. BUG: sleeping function called from invalid context at crypto/internal.h:206 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 14, name: ksoftirqd/0 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G W 6.7.0-rc1 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x32/0x50 __might_resched+0x110/0x160 crypto_hash_walk_done+0x54/0xb0 shash_ahash_update+0x51/0x60 verity_hash_update.isra.0+0x4a/0x130 [dm_verity] verity_verify_io+0x165/0x550 [dm_verity] ? free_unref_page+0xdf/0x170 ? psi_group_change+0x113/0x390 verity_tasklet+0xd/0x70 [dm_verity] tasklet_action_common.isra.0+0xb3/0xc0 __do_softirq+0xaf/0x1ec ? smpboot_thread_fn+0x1d/0x200 ? sort_range+0x20/0x20 run_ksoftirqd+0x15/0x30 smpboot_thread_fn+0xed/0x200 kthread+0xdc/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x28/0x40 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK> This commit fixes dm-verity so that it doesn't use the flags CRYPTO_TFM_REQ_MAY_SLEEP and CRYPTO_TFM_REQ_MAY_BACKLOG from tasklets. The crypto API would do GFP_ATOMIC allocation instead, it could return -ENOMEM and we catch -ENOMEM in verity_tasklet and requeue the request to the workqueue. Signed-off-by: Mikulas Patocka <[email protected]> Cc: [email protected] # v6.0+ Fixes: 5721d4e ("dm verity: Add optional "try_verify_in_tasklet" feature") Signed-off-by: Mike Snitzer <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
[ Upstream commit fc43e9c ] hid_debug_events_release releases resources bound to the HID device instance. hid_device_release releases the underlying HID device instance potentially before hid_debug_events_release has completed releasing debug resources bound to the same HID device instance. Reference count to prevent the HID device instance from being torn down preemptively when HID debugging support is used. When count reaches zero, release core resources of HID device instance using hiddev_free. The crash: [ 120.728477][ T4396] kernel BUG at lib/list_debug.c:53! [ 120.728505][ T4396] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [ 120.739806][ T4396] Modules linked in: bcmdhd dhd_static_buf 8822cu pcie_mhi r8168 [ 120.747386][ T4396] CPU: 1 PID: 4396 Comm: hidt_bridge Not tainted 5.10.110 #257 [ 120.754771][ T4396] Hardware name: Rockchip RK3588 EVB4 LP4 V10 Board (DT) [ 120.761643][ T4396] pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--) [ 120.768338][ T4396] pc : __list_del_entry_valid+0x98/0xac [ 120.773730][ T4396] lr : __list_del_entry_valid+0x98/0xac [ 120.779120][ T4396] sp : ffffffc01e62bb60 [ 120.783126][ T4396] x29: ffffffc01e62bb60 x28: ffffff818ce3a200 [ 120.789126][ T4396] x27: 0000000000000009 x26: 0000000000980000 [ 120.795126][ T4396] x25: ffffffc012431000 x24: ffffff802c6d4e00 [ 120.801125][ T4396] x23: ffffff8005c66f00 x22: ffffffc01183b5b8 [ 120.807125][ T4396] x21: ffffff819df2f100 x20: 0000000000000000 [ 120.813124][ T4396] x19: ffffff802c3f0700 x18: ffffffc01d2cd058 [ 120.819124][ T4396] x17: 0000000000000000 x16: 0000000000000000 [ 120.825124][ T4396] x15: 0000000000000004 x14: 0000000000003fff [ 120.831123][ T4396] x13: ffffffc012085588 x12: 0000000000000003 [ 120.837123][ T4396] x11: 00000000ffffbfff x10: 0000000000000003 [ 120.843123][ T4396] x9 : 455103d46b329300 x8 : 455103d46b329300 [ 120.849124][ T4396] x7 : 74707572726f6320 x6 : ffffffc0124b8cb5 [ 120.855124][ T4396] x5 : ffffffffffffffff x4 : 0000000000000000 [ 120.861123][ T4396] x3 : ffffffc011cf4f90 x2 : ffffff81fee7b948 [ 120.867122][ T4396] x1 : ffffffc011cf4f90 x0 : 0000000000000054 [ 120.873122][ T4396] Call trace: [ 120.876259][ T4396] __list_del_entry_valid+0x98/0xac [ 120.881304][ T4396] hid_debug_events_release+0x48/0x12c [ 120.886617][ T4396] full_proxy_release+0x50/0xbc [ 120.891323][ T4396] __fput+0xdc/0x238 [ 120.895075][ T4396] ____fput+0x14/0x24 [ 120.898911][ T4396] task_work_run+0x90/0x148 [ 120.903268][ T4396] do_exit+0x1bc/0x8a4 [ 120.907193][ T4396] do_group_exit+0x8c/0xa4 [ 120.911458][ T4396] get_signal+0x468/0x744 [ 120.915643][ T4396] do_signal+0x84/0x280 [ 120.919650][ T4396] do_notify_resume+0xd0/0x218 [ 120.924262][ T4396] work_pending+0xc/0x3f0 [ Rahul Rameshbabu <[email protected]>: rework changelog ] Fixes: cd667ce ("HID: use debugfs for events/reports dumping") Signed-off-by: Charles Yi <[email protected]> Signed-off-by: Jiri Kosina <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 7bf9a6b ] xen_vcpu_info is a percpu area than needs to be mapped by Xen. Currently, it could cross a page boundary resulting in Xen being unable to map it: [ 0.567318] kernel BUG at arch/arm64/xen/../../arm/xen/enlighten.c:164! [ 0.574002] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Fix the issue by using __alloc_percpu and requesting alignment for the memory allocation. Signed-off-by: Stefano Stabellini <[email protected]> Link: https://lore.kernel.org/r/alpine.DEB.2.22.394.2311221501340.2053963@ubuntu-linux-20-04-desktop Fixes: 24d5373 ("arm/xen: Use alloc_percpu rather than __alloc_percpu") Reviewed-by: Juergen Gross <[email protected]> Signed-off-by: Juergen Gross <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
commit 2faac25 upstream. We get a kernel crash about "unable to handle kernel paging request": ```dmesg [368033.032005] BUG: unable to handle kernel paging request at ffffffffad9ae4b5 [368033.032007] PGD fc3a0d067 P4D fc3a0d067 PUD fc3a0e063 PMD 8000000fc38000e1 [368033.032012] Oops: 0003 [#1] SMP PTI [368033.032015] CPU: 23 PID: 55090 Comm: bch_dirtcnt[0] Kdump: loaded Tainted: G OE --------- - - 4.18.0-147.5.1.es8_24.x86_64 #1 [368033.032017] Hardware name: Tsinghua Tongfang THTF Chaoqiang Server/072T6D, BIOS 2.4.3 01/17/2017 [368033.032027] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0 [368033.032029] Code: 8b 02 48 85 c0 74 f6 48 89 c1 eb d0 c1 e9 12 83 e0 03 83 e9 01 48 c1 e0 05 48 63 c9 48 05 c0 3d 02 00 48 03 04 cd 60 68 93 ad <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 02 [368033.032031] RSP: 0018:ffffbb48852abe00 EFLAGS: 00010082 [368033.032032] RAX: ffffffffad9ae4b5 RBX: 0000000000000246 RCX: 0000000000003bf3 [368033.032033] RDX: ffff97b0ff8e3dc0 RSI: 0000000000600000 RDI: ffffbb4884743c68 [368033.032034] RBP: 0000000000000001 R08: 0000000000000000 R09: 000007ffffffffff [368033.032035] R10: ffffbb486bb01000 R11: 0000000000000001 R12: ffffffffc068da70 [368033.032036] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 [368033.032038] FS: 0000000000000000(0000) GS:ffff97b0ff8c0000(0000) knlGS:0000000000000000 [368033.032039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [368033.032040] CR2: ffffffffad9ae4b5 CR3: 0000000fc3a0a002 CR4: 00000000003626e0 [368033.032042] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [368033.032043] bcache: bch_cached_dev_attach() Caching rbd479 as bcache462 on set 8cff3c36-4a76-4242-afaa-7630206bc70b [368033.032045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [368033.032046] Call Trace: [368033.032054] _raw_spin_lock_irqsave+0x32/0x40 [368033.032061] __wake_up_common_lock+0x63/0xc0 [368033.032073] ? bch_ptr_invalid+0x10/0x10 [bcache] [368033.033502] bch_dirty_init_thread+0x14c/0x160 [bcache] [368033.033511] ? read_dirty_submit+0x60/0x60 [bcache] [368033.033516] kthread+0x112/0x130 [368033.033520] ? kthread_flush_work_fn+0x10/0x10 [368033.034505] ret_from_fork+0x35/0x40 ``` The crash occurred when call wake_up(&state->wait), and then we want to look at the value in the state. However, bch_sectors_dirty_init() is not found in the stack of any task. Since state is allocated on the stack, we guess that bch_sectors_dirty_init() has exited, causing bch_dirty_init_thread() to be unable to handle kernel paging request. In order to verify this idea, we added some printing information during wake_up(&state->wait). We find that "wake up" is printed twice, however we only expect the last thread to wake up once. ```dmesg [ 994.641004] alcache: bch_dirty_init_thread() wake up [ 994.641018] alcache: bch_dirty_init_thread() wake up [ 994.641523] alcache: bch_sectors_dirty_init() init exit ``` There is a race. If bch_sectors_dirty_init() exits after the first wake up, the second wake up will trigger this bug("unable to handle kernel paging request"). Proceed as follows: bch_sectors_dirty_init kthread_run ==============> bch_dirty_init_thread(bch_dirtcnt[0]) ... ... atomic_inc(&state.started) ... ... ... atomic_read(&state.enough) ... ... atomic_set(&state->enough, 1) kthread_run ======================================================> bch_dirty_init_thread(bch_dirtcnt[1]) ... atomic_dec_and_test(&state->started) ... atomic_inc(&state.started) ... ... ... wake_up(&state->wait) ... atomic_read(&state.enough) atomic_dec_and_test(&state->started) ... ... wait_event(state.wait, atomic_read(&state.started) == 0) ... return ... wake_up(&state->wait) We believe it is very common to wake up twice if there is no dirty, but crash is an extremely low probability event. It's hard for us to reproduce this issue. We attached and detached continuously for a week, with a total of more than one million attaches and only one crash. Putting atomic_inc(&state.started) before kthread_run() can avoid waking up twice. Fixes: b144e45 ("bcache: make bch_sectors_dirty_init() to be multithreaded") Signed-off-by: Mingzhe Zou <[email protected]> Cc: <[email protected]> Signed-off-by: Coly Li <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 864fb5d upstream. [ 8743.393379] ====================================================== [ 8743.393385] WARNING: possible circular locking dependency detected [ 8743.393391] 6.4.0-rc1+ grate-driver#11 Tainted: G OE [ 8743.393397] ------------------------------------------------------ [ 8743.393402] kworker/0:2/12921 is trying to acquire lock: [ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd] [ 8743.393510] but task is already holding lock: [ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd] [ 8743.393618] which lock already depends on the new lock. [ 8743.393623] the existing dependency chain (in reverse order) is: [ 8743.393628] -> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}: [ 8743.393648] down_write_nested+0x9a/0x1b0 [ 8743.393660] filename_create+0x128/0x270 [ 8743.393670] do_mkdirat+0xab/0x1f0 [ 8743.393680] __x64_sys_mkdir+0x47/0x60 [ 8743.393690] do_syscall_64+0x5d/0x90 [ 8743.393701] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 8743.393711] -> #0 (sb_writers#8){.+.+}-{0:0}: [ 8743.393728] __lock_acquire+0x2201/0x3b80 [ 8743.393737] lock_acquire+0x18f/0x440 [ 8743.393746] mnt_want_write+0x5f/0x240 [ 8743.393755] ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd] [ 8743.393839] ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd] [ 8743.393924] compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd] [ 8743.394010] smb2_open+0x3432/0x3cc0 [ksmbd] [ 8743.394099] handle_ksmbd_work+0x2c9/0x7b0 [ksmbd] [ 8743.394187] process_one_work+0x65a/0xb30 [ 8743.394198] worker_thread+0x2cf/0x700 [ 8743.394209] kthread+0x1ad/0x1f0 [ 8743.394218] ret_from_fork+0x29/0x50 This patch add mnt_want_write() above parent inode lock and remove nested mnt_want_write calls in smb2_open(). Fixes: 40b268d ("ksmbd: add mnt_want_write to ksmbd vfs functions") Cc: [email protected] Reported-by: Marios Makassikis <[email protected]> Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit d8b90d6 upstream. When scanning namespaces, it is possible to get valid data from the first call to nvme_identify_ns() in nvme_alloc_ns(), but not from the second call in nvme_update_ns_info_block(). In particular, if the NSID becomes inactive between the two commands, a storage device may return a buffer filled with zero as per 4.1.5.1. In this case, we can get a kernel crash due to a divide-by-zero in blk_stack_limits() because ns->lba_shift will be set to zero. PID: 326 TASK: ffff95fec3cd8000 CPU: 29 COMMAND: "kworker/u98:10" #0 [ffffad8f8702f9e0] machine_kexec at ffffffff91c76ec7 #1 [ffffad8f8702fa38] __crash_kexec at ffffffff91dea4fa #2 [ffffad8f8702faf8] crash_kexec at ffffffff91deb788 #3 [ffffad8f8702fb00] oops_end at ffffffff91c2e4bb #4 [ffffad8f8702fb20] do_trap at ffffffff91c2a4ce #5 [ffffad8f8702fb70] do_error_trap at ffffffff91c2a595 #6 [ffffad8f8702fbb0] exc_divide_error at ffffffff928506e6 #7 [ffffad8f8702fbd0] asm_exc_divide_error at ffffffff92a00926 [exception RIP: blk_stack_limits+434] RIP: ffffffff92191872 RSP: ffffad8f8702fc80 RFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff95efa0c91800 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: 00000000ffffffff R8: ffff95fec7df35a8 R9: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff95fed33c09a8 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffad8f8702fce0] nvme_update_ns_info_block at ffffffffc06d3533 [nvme_core] grate-driver#9 [ffffad8f8702fd18] nvme_scan_ns at ffffffffc06d6fa7 [nvme_core] This happened when the check for valid data was moved out of nvme_identify_ns() into one of the callers. Fix this by checking in both callers. Link: https://bugzilla.kernel.org/show_bug.cgi?id=218186 Fixes: 0dd6fff ("nvme: bring back auto-removal of deleted namespaces during sequential scan") Cc: [email protected] Signed-off-by: Ewan D. Milne <[email protected]> Signed-off-by: Keith Busch <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 5cf4f52 upstream. mmap_lock nests under uring_lock out of necessity, as we may be doing user copies with uring_lock held. However, for mmap of provided buffer rings, we attempt to grab uring_lock with mmap_lock already held from do_mmap(). This makes lockdep, rightfully, complain: WARNING: possible circular locking dependency detected 6.7.0-rc1-00009-gff3337ebaf94-dirty #4438 Not tainted ------------------------------------------------------ buf-ring.t/442 is trying to acquire lock: ffff00020e1480a8 (&ctx->uring_lock){+.+.}-{3:3}, at: io_uring_validate_mmap_request.isra.0+0x4c/0x140 but task is already holding lock: ffff0000dc226190 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x124/0x264 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&mm->mmap_lock){++++}-{3:3}: __might_fault+0x90/0xbc io_register_pbuf_ring+0x94/0x488 __arm64_sys_io_uring_register+0x8dc/0x1318 invoke_syscall+0x5c/0x17c el0_svc_common.constprop.0+0x108/0x130 do_el0_svc+0x2c/0x38 el0_svc+0x4c/0x94 el0t_64_sync_handler+0x118/0x124 el0t_64_sync+0x168/0x16c -> #0 (&ctx->uring_lock){+.+.}-{3:3}: __lock_acquire+0x19a0/0x2d14 lock_acquire+0x2e0/0x44c __mutex_lock+0x118/0x564 mutex_lock_nested+0x20/0x28 io_uring_validate_mmap_request.isra.0+0x4c/0x140 io_uring_mmu_get_unmapped_area+0x3c/0x98 get_unmapped_area+0xa4/0x158 do_mmap+0xec/0x5b4 vm_mmap_pgoff+0x158/0x264 ksys_mmap_pgoff+0x1d4/0x254 __arm64_sys_mmap+0x80/0x9c invoke_syscall+0x5c/0x17c el0_svc_common.constprop.0+0x108/0x130 do_el0_svc+0x2c/0x38 el0_svc+0x4c/0x94 el0t_64_sync_handler+0x118/0x124 el0t_64_sync+0x168/0x16c From that mmap(2) path, we really just need to ensure that the buffer list doesn't go away from underneath us. For the lower indexed entries, they never go away until the ring is freed and we can always sanely reference those as long as the caller has a file reference. For the higher indexed ones in our xarray, we just need to ensure that the buffer list remains valid while we return the address of it. Free the higher indexed io_buffer_list entries via RCU. With that we can avoid needing ->uring_lock inside mmap(2), and simply hold the RCU read lock around the buffer list lookup and address check. To ensure that the arrayed lookup either returns a valid fully formulated entry via RCU lookup, add an 'is_ready' flag that we access with store and release memory ordering. This isn't needed for the xarray lookups, but doesn't hurt either. Since this isn't a fast path, retain it across both types. Similarly, for the allocated array inside the ctx, ensure we use the proper load/acquire as setup could in theory be running in parallel with mmap. While in there, add a few lockdep checks for documentation purposes. Cc: [email protected] Fixes: c56e022 ("io_uring: add support for user mapped provided buffer ring") Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
[ Upstream commit a524eab ] As of commit b92143d ("net: dsa: mv88e6xxx: add infrastructure for phylink_pcs") probing of a Marvell 88e6350 switch causes a NULL pointer de-reference like this example: ... mv88e6085 d0072004.mdio-mii:11: switch 0x3710 detected: Marvell 88E6350, revision 2 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: CPU: 0 PID: 8 Comm: kworker/u2:0 Not tainted 6.7.0-rc2-dirty grate-driver#26 Hardware name: Marvell Armada 370/XP (Device Tree) Workqueue: events_unbound deferred_probe_work_func PC is at mv88e6xxx_port_setup+0x1c/0x44 LR is at dsa_port_devlink_setup+0x74/0x154 pc : [<c057ea24>] lr : [<c0819598>] psr: a0000013 sp : c184fce0 ip : c542b8f4 fp : 00000000 r10: 00000001 r9 : c542a540 r8 : c542bc00 r7 : c542b838 r6 : c5244580 r5 : 00000005 r4 : c5244580 r3 : 00000000 r2 : c542b840 r1 : 00000005 r0 : c1a02040 ... The Marvell 6350 switch has no SERDES interface and so has no corresponding pcs_ops defined for it. But during probing a call is made to mv88e6xxx_port_setup() which unconditionally expects pcs_ops to exist - though the presence of the pcs_ops->pcs_init function is optional. Modify code to check for pcs_ops first, before checking for and calling pcs_ops->pcs_init. Modify checking and use of pcs_ops->pcs_teardown which may potentially suffer the same problem. Fixes: b92143d ("net: dsa: mv88e6xxx: add infrastructure for phylink_pcs") Signed-off-by: Greg Ungerer <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit a2e36cd ] This allows it to break the following circular locking dependency. Aug 10 07:01:29 dg1test kernel: ====================================================== Aug 10 07:01:29 dg1test kernel: WARNING: possible circular locking dependency detected Aug 10 07:01:29 dg1test kernel: 6.4.0-rc7+ grate-driver#10 Not tainted Aug 10 07:01:29 dg1test kernel: ------------------------------------------------------ Aug 10 07:01:29 dg1test kernel: wireplumber/2236 is trying to acquire lock: Aug 10 07:01:29 dg1test kernel: ffff8fca5320da18 (&fctx->lock){-...}-{2:2}, at: nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau] Aug 10 07:01:29 dg1test kernel: but task is already holding lock: Aug 10 07:01:29 dg1test kernel: ffff8fca41208610 (&event->list_lock#2){-...}-{2:2}, at: nvkm_event_ntfy+0x50/0xf0 [nouveau] Aug 10 07:01:29 dg1test kernel: which lock already depends on the new lock. Aug 10 07:01:29 dg1test kernel: the existing dependency chain (in reverse order) is: Aug 10 07:01:29 dg1test kernel: -> #3 (&event->list_lock#2){-...}-{2:2}: Aug 10 07:01:29 dg1test kernel: _raw_spin_lock_irqsave+0x4b/0x70 Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy+0x50/0xf0 [nouveau] Aug 10 07:01:29 dg1test kernel: ga100_fifo_nonstall_intr+0x24/0x30 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_intr+0x12c/0x240 [nouveau] Aug 10 07:01:29 dg1test kernel: __handle_irq_event_percpu+0x88/0x240 Aug 10 07:01:29 dg1test kernel: handle_irq_event+0x38/0x80 Aug 10 07:01:29 dg1test kernel: handle_edge_irq+0xa3/0x240 Aug 10 07:01:29 dg1test kernel: __common_interrupt+0x72/0x160 Aug 10 07:01:29 dg1test kernel: common_interrupt+0x60/0xe0 Aug 10 07:01:29 dg1test kernel: asm_common_interrupt+0x26/0x40 Aug 10 07:01:29 dg1test kernel: -> #2 (&device->intr.lock){-...}-{2:2}: Aug 10 07:01:29 dg1test kernel: _raw_spin_lock_irqsave+0x4b/0x70 Aug 10 07:01:29 dg1test kernel: nvkm_inth_allow+0x2c/0x80 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy_state+0x181/0x250 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy_allow+0x63/0xd0 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_uevent_mthd+0x4d/0x70 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_ioctl+0x10b/0x250 [nouveau] Aug 10 07:01:29 dg1test kernel: nvif_object_mthd+0xa8/0x1f0 [nouveau] Aug 10 07:01:29 dg1test kernel: nvif_event_allow+0x2a/0xa0 [nouveau] Aug 10 07:01:29 dg1test kernel: nouveau_fence_enable_signaling+0x78/0x80 [nouveau] Aug 10 07:01:29 dg1test kernel: __dma_fence_enable_signaling+0x5e/0x100 Aug 10 07:01:29 dg1test kernel: dma_fence_add_callback+0x4b/0xd0 Aug 10 07:01:29 dg1test kernel: nouveau_cli_work_queue+0xae/0x110 [nouveau] Aug 10 07:01:29 dg1test kernel: nouveau_gem_object_close+0x1d1/0x2a0 [nouveau] Aug 10 07:01:29 dg1test kernel: drm_gem_handle_delete+0x70/0xe0 [drm] Aug 10 07:01:29 dg1test kernel: drm_ioctl_kernel+0xa5/0x150 [drm] Aug 10 07:01:29 dg1test kernel: drm_ioctl+0x256/0x490 [drm] Aug 10 07:01:29 dg1test kernel: nouveau_drm_ioctl+0x5a/0xb0 [nouveau] Aug 10 07:01:29 dg1test kernel: __x64_sys_ioctl+0x91/0xd0 Aug 10 07:01:29 dg1test kernel: do_syscall_64+0x3c/0x90 Aug 10 07:01:29 dg1test kernel: entry_SYSCALL_64_after_hwframe+0x72/0xdc Aug 10 07:01:29 dg1test kernel: -> #1 (&event->refs_lock#4){....}-{2:2}: Aug 10 07:01:29 dg1test kernel: _raw_spin_lock_irqsave+0x4b/0x70 Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy_state+0x37/0x250 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy_allow+0x63/0xd0 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_uevent_mthd+0x4d/0x70 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_ioctl+0x10b/0x250 [nouveau] Aug 10 07:01:29 dg1test kernel: nvif_object_mthd+0xa8/0x1f0 [nouveau] Aug 10 07:01:29 dg1test kernel: nvif_event_allow+0x2a/0xa0 [nouveau] Aug 10 07:01:29 dg1test kernel: nouveau_fence_enable_signaling+0x78/0x80 [nouveau] Aug 10 07:01:29 dg1test kernel: __dma_fence_enable_signaling+0x5e/0x100 Aug 10 07:01:29 dg1test kernel: dma_fence_add_callback+0x4b/0xd0 Aug 10 07:01:29 dg1test kernel: nouveau_cli_work_queue+0xae/0x110 [nouveau] Aug 10 07:01:29 dg1test kernel: nouveau_gem_object_close+0x1d1/0x2a0 [nouveau] Aug 10 07:01:29 dg1test kernel: drm_gem_handle_delete+0x70/0xe0 [drm] Aug 10 07:01:29 dg1test kernel: drm_ioctl_kernel+0xa5/0x150 [drm] Aug 10 07:01:29 dg1test kernel: drm_ioctl+0x256/0x490 [drm] Aug 10 07:01:29 dg1test kernel: nouveau_drm_ioctl+0x5a/0xb0 [nouveau] Aug 10 07:01:29 dg1test kernel: __x64_sys_ioctl+0x91/0xd0 Aug 10 07:01:29 dg1test kernel: do_syscall_64+0x3c/0x90 Aug 10 07:01:29 dg1test kernel: entry_SYSCALL_64_after_hwframe+0x72/0xdc Aug 10 07:01:29 dg1test kernel: -> #0 (&fctx->lock){-...}-{2:2}: Aug 10 07:01:29 dg1test kernel: __lock_acquire+0x14e3/0x2240 Aug 10 07:01:29 dg1test kernel: lock_acquire+0xc8/0x2a0 Aug 10 07:01:29 dg1test kernel: _raw_spin_lock_irqsave+0x4b/0x70 Aug 10 07:01:29 dg1test kernel: nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_client_event+0xf/0x20 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy+0x9b/0xf0 [nouveau] Aug 10 07:01:29 dg1test kernel: ga100_fifo_nonstall_intr+0x24/0x30 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_intr+0x12c/0x240 [nouveau] Aug 10 07:01:29 dg1test kernel: __handle_irq_event_percpu+0x88/0x240 Aug 10 07:01:29 dg1test kernel: handle_irq_event+0x38/0x80 Aug 10 07:01:29 dg1test kernel: handle_edge_irq+0xa3/0x240 Aug 10 07:01:29 dg1test kernel: __common_interrupt+0x72/0x160 Aug 10 07:01:29 dg1test kernel: common_interrupt+0x60/0xe0 Aug 10 07:01:29 dg1test kernel: asm_common_interrupt+0x26/0x40 Aug 10 07:01:29 dg1test kernel: other info that might help us debug this: Aug 10 07:01:29 dg1test kernel: Chain exists of: &fctx->lock --> &device->intr.lock --> &event->list_lock#2 Aug 10 07:01:29 dg1test kernel: Possible unsafe locking scenario: Aug 10 07:01:29 dg1test kernel: CPU0 CPU1 Aug 10 07:01:29 dg1test kernel: ---- ---- Aug 10 07:01:29 dg1test kernel: lock(&event->list_lock#2); Aug 10 07:01:29 dg1test kernel: lock(&device->intr.lock); Aug 10 07:01:29 dg1test kernel: lock(&event->list_lock#2); Aug 10 07:01:29 dg1test kernel: lock(&fctx->lock); Aug 10 07:01:29 dg1test kernel: *** DEADLOCK *** Aug 10 07:01:29 dg1test kernel: 2 locks held by wireplumber/2236: Aug 10 07:01:29 dg1test kernel: #0: ffff8fca53177bf8 (&device->intr.lock){-...}-{2:2}, at: nvkm_intr+0x29/0x240 [nouveau] Aug 10 07:01:29 dg1test kernel: #1: ffff8fca41208610 (&event->list_lock#2){-...}-{2:2}, at: nvkm_event_ntfy+0x50/0xf0 [nouveau] Aug 10 07:01:29 dg1test kernel: stack backtrace: Aug 10 07:01:29 dg1test kernel: CPU: 6 PID: 2236 Comm: wireplumber Not tainted 6.4.0-rc7+ grate-driver#10 Aug 10 07:01:29 dg1test kernel: Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021 Aug 10 07:01:29 dg1test kernel: Call Trace: Aug 10 07:01:29 dg1test kernel: <TASK> Aug 10 07:01:29 dg1test kernel: dump_stack_lvl+0x5b/0x90 Aug 10 07:01:29 dg1test kernel: check_noncircular+0xe2/0x110 Aug 10 07:01:29 dg1test kernel: __lock_acquire+0x14e3/0x2240 Aug 10 07:01:29 dg1test kernel: lock_acquire+0xc8/0x2a0 Aug 10 07:01:29 dg1test kernel: ? nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau] Aug 10 07:01:29 dg1test kernel: ? lock_acquire+0xc8/0x2a0 Aug 10 07:01:29 dg1test kernel: _raw_spin_lock_irqsave+0x4b/0x70 Aug 10 07:01:29 dg1test kernel: ? nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau] Aug 10 07:01:29 dg1test kernel: nouveau_fence_wait_uevent_handler+0x2b/0x100 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_client_event+0xf/0x20 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_event_ntfy+0x9b/0xf0 [nouveau] Aug 10 07:01:29 dg1test kernel: ga100_fifo_nonstall_intr+0x24/0x30 [nouveau] Aug 10 07:01:29 dg1test kernel: nvkm_intr+0x12c/0x240 [nouveau] Aug 10 07:01:29 dg1test kernel: __handle_irq_event_percpu+0x88/0x240 Aug 10 07:01:29 dg1test kernel: handle_irq_event+0x38/0x80 Aug 10 07:01:29 dg1test kernel: handle_edge_irq+0xa3/0x240 Aug 10 07:01:29 dg1test kernel: __common_interrupt+0x72/0x160 Aug 10 07:01:29 dg1test kernel: common_interrupt+0x60/0xe0 Aug 10 07:01:29 dg1test kernel: asm_common_interrupt+0x26/0x40 Aug 10 07:01:29 dg1test kernel: RIP: 0033:0x7fb66174d700 Aug 10 07:01:29 dg1test kernel: Code: c1 e2 05 29 ca 8d 0c 10 0f be 07 84 c0 75 eb 89 c8 c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa e9 d7 0f fc ff 0f 1f 80 00 00 00 00 <f3> 0f 1e fa e9 c7 0f fc> Aug 10 07:01:29 dg1test kernel: RSP: 002b:00007ffdd3c48438 EFLAGS: 00000206 Aug 10 07:01:29 dg1test kernel: RAX: 000055bb758763c0 RBX: 000055bb758752c0 RCX: 00000000000028b0 Aug 10 07:01:29 dg1test kernel: RDX: 000055bb758752c0 RSI: 000055bb75887490 RDI: 000055bb75862950 Aug 10 07:01:29 dg1test kernel: RBP: 00007ffdd3c48490 R08: 000055bb75873b10 R09: 0000000000000001 Aug 10 07:01:29 dg1test kernel: R10: 0000000000000004 R11: 000055bb7587f000 R12: 000055bb75887490 Aug 10 07:01:29 dg1test kernel: R13: 000055bb757f6280 R14: 000055bb758875c0 R15: 000055bb757f6280 Aug 10 07:01:29 dg1test kernel: </TASK> Signed-off-by: Dave Airlie <[email protected]> Tested-by: Danilo Krummrich <[email protected]> Reviewed-by: Danilo Krummrich <[email protected]> Signed-off-by: Danilo Krummrich <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected] Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 2b78832 ] When removing the irdma driver or unplugging its aux device, the ccq queue is released before destorying the cqp_cmpl_wq queue. But in the window, there may still be completion events for wqes. That will cause a UAF in irdma_sc_ccq_get_cqe_info(). [34693.333191] BUG: KASAN: use-after-free in irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma] [34693.333194] Read of size 8 at addr ffff889097f80818 by task kworker/u67:1/26327 [34693.333194] [34693.333199] CPU: 9 PID: 26327 Comm: kworker/u67:1 Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1 [34693.333200] Hardware name: SANGFOR Inspur/NULL, BIOS 4.1.13 08/01/2016 [34693.333211] Workqueue: cqp_cmpl_wq cqp_compl_worker [irdma] [34693.333213] Call Trace: [34693.333220] dump_stack+0x71/0xab [34693.333226] print_address_description+0x6b/0x290 [34693.333238] ? irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma] [34693.333240] kasan_report+0x14a/0x2b0 [34693.333251] irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma] [34693.333264] ? irdma_free_cqp_request+0x151/0x1e0 [irdma] [34693.333274] irdma_cqp_ce_handler+0x1fb/0x3b0 [irdma] [34693.333285] ? irdma_ctrl_init_hw+0x2c20/0x2c20 [irdma] [34693.333290] ? __schedule+0x836/0x1570 [34693.333293] ? strscpy+0x83/0x180 [34693.333296] process_one_work+0x56a/0x11f0 [34693.333298] worker_thread+0x8f/0xf40 [34693.333301] ? __kthread_parkme+0x78/0xf0 [34693.333303] ? rescuer_thread+0xc50/0xc50 [34693.333305] kthread+0x2a0/0x390 [34693.333308] ? kthread_destroy_worker+0x90/0x90 [34693.333310] ret_from_fork+0x1f/0x40 Fixes: 44d9e52 ("RDMA/irdma: Implement device initialization definitions") Signed-off-by: Shifeng Li <[email protected]> Link: https://lore.kernel.org/r/[email protected] Acked-by: Shiraz Saleem <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit e3e82fc ] When creating ceq_0 during probing irdma, cqp.sc_cqp will be sent as a cqp_request to cqp->sc_cqp.sq_ring. If the request is pending when removing the irdma driver or unplugging its aux device, cqp.sc_cqp will be dereferenced as wrong struct in irdma_free_pending_cqp_request(). PID: 3669 TASK: ffff88aef892c000 CPU: 28 COMMAND: "kworker/28:0" #0 [fffffe0000549e38] crash_nmi_callback at ffffffff810e3a34 #1 [fffffe0000549e40] nmi_handle at ffffffff810788b2 #2 [fffffe0000549ea0] default_do_nmi at ffffffff8107938f #3 [fffffe0000549eb8] do_nmi at ffffffff81079582 #4 [fffffe0000549ef0] end_repeat_nmi at ffffffff82e016b4 [exception RIP: native_queued_spin_lock_slowpath+1291] RIP: ffffffff8127e72b RSP: ffff88aa841ef778 RFLAGS: 00000046 RAX: 0000000000000000 RBX: ffff88b01f849700 RCX: ffffffff8127e47e RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff83857ec0 RBP: ffff88afe3e4efc8 R8: ffffed15fc7c9dfa R9: ffffed15fc7c9dfa R10: 0000000000000001 R11: ffffed15fc7c9df9 R12: 0000000000740000 R13: ffff88b01f849708 R14: 0000000000000003 R15: ffffed1603f092e1 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0000 -- <NMI exception stack> -- #5 [ffff88aa841ef778] native_queued_spin_lock_slowpath at ffffffff8127e72b #6 [ffff88aa841ef7b0] _raw_spin_lock_irqsave at ffffffff82c22aa4 #7 [ffff88aa841ef7c8] __wake_up_common_lock at ffffffff81257363 #8 [ffff88aa841ef888] irdma_free_pending_cqp_request at ffffffffa0ba12cc [irdma] grate-driver#9 [ffff88aa841ef958] irdma_cleanup_pending_cqp_op at ffffffffa0ba1469 [irdma] grate-driver#10 [ffff88aa841ef9c0] irdma_ctrl_deinit_hw at ffffffffa0b2989f [irdma] grate-driver#11 [ffff88aa841efa28] irdma_remove at ffffffffa0b252df [irdma] grate-driver#12 [ffff88aa841efae8] auxiliary_bus_remove at ffffffff8219afdb grate-driver#13 [ffff88aa841efb00] device_release_driver_internal at ffffffff821882e6 grate-driver#14 [ffff88aa841efb38] bus_remove_device at ffffffff82184278 grate-driver#15 [ffff88aa841efb88] device_del at ffffffff82179d23 grate-driver#16 [ffff88aa841efc48] ice_unplug_aux_dev at ffffffffa0eb1c14 [ice] grate-driver#17 [ffff88aa841efc68] ice_service_task at ffffffffa0d88201 [ice] grate-driver#18 [ffff88aa841efde8] process_one_work at ffffffff811c589a grate-driver#19 [ffff88aa841efe60] worker_thread at ffffffff811c71ff grate-driver#20 [ffff88aa841eff10] kthread at ffffffff811d87a0 grate-driver#21 [ffff88aa841eff50] ret_from_fork at ffffffff82e0022f Fixes: 44d9e52 ("RDMA/irdma: Implement device initialization definitions") Link: https://lore.kernel.org/r/[email protected] Suggested-by: "Ismail, Mustafa" <[email protected]> Signed-off-by: Shifeng Li <[email protected]> Reviewed-by: Shiraz Saleem <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit ed5b7cf ] We need to probe for IOCP only once during boot stage, as we were probing for IOCP for all the stages this caused the below issue during module-init stage, [9.019104] Unable to handle kernel paging request at virtual address ffffffff8100d3a0 [9.027153] Oops [#1] [9.029421] Modules linked in: rcar_canfd renesas_usbhs i2c_riic can_dev spi_rspi i2c_core [9.037686] CPU: 0 PID: 90 Comm: udevd Not tainted 6.7.0-rc1+ grate-driver#57 [9.043756] Hardware name: Renesas SMARC EVK based on r9a07g043f01 (DT) [9.050339] epc : riscv_noncoherent_supported+0x10/0x3e [9.055558] ra : andes_errata_patch_func+0x4a/0x52 [9.060418] epc : ffffffff8000d8c2 ra : ffffffff8000d95c sp : ffffffc8003abb00 [9.067607] gp : ffffffff814e25a0 tp : ffffffd80361e540 t0 : 0000000000000000 [9.074795] t1 : 000000000900031e t2 : 0000000000000001 s0 : ffffffc8003abb20 [9.081984] s1 : ffffffff015b57c7 a0 : 0000000000000000 a1 : 0000000000000001 [9.089172] a2 : 0000000000000000 a3 : 0000000000000000 a4 : ffffffff8100d8be [9.096360] a5 : 0000000000000001 a6 : 0000000000000001 a7 : 000000000900031e [9.103548] s2 : ffffffff015b57d7 s3 : 0000000000000001 s4 : 000000000000031e [9.110736] s5 : 8000000000008a45 s6 : 0000000000000500 s7 : 000000000000003f [9.117924] s8 : ffffffc8003abd48 s9 : ffffffff015b1140 s10: ffffffff8151a1b0 [9.125113] s11: ffffffff015b1000 t3 : 0000000000000001 t4 : fefefefefefefeff [9.132301] t5 : ffffffff015b57c7 t6 : ffffffd8b63a6000 [9.137587] status: 0000000200000120 badaddr: ffffffff8100d3a0 cause: 000000000000000f [9.145468] [<ffffffff8000d8c2>] riscv_noncoherent_supported+0x10/0x3e [9.151972] [<ffffffff800027e8>] _apply_alternatives+0x84/0x86 [9.157784] [<ffffffff800029be>] apply_module_alternatives+0x10/0x1a [9.164113] [<ffffffff80008fcc>] module_finalize+0x5e/0x7a [9.169583] [<ffffffff80085cd6>] load_module+0xfd8/0x179c [9.174965] [<ffffffff80086630>] init_module_from_file+0x76/0xaa [9.180948] [<ffffffff800867f6>] __riscv_sys_finit_module+0x176/0x2a8 [9.187365] [<ffffffff80889862>] do_trap_ecall_u+0xbe/0x130 [9.192922] [<ffffffff808920bc>] ret_from_exception+0x0/0x64 [9.198573] Code: 0009 b7e9 6797 014d a783 85a7 c799 4785 0717 0100 (0123) aef7 [9.205994] ---[ end trace 0000000000000000 ]--- This is because we called riscv_noncoherent_supported() for all the stages during IOCP probe. riscv_noncoherent_supported() function sets noncoherent_supported variable to true which has an annotation set to "__ro_after_init" due to which we were seeing the above splat. Fix this by probing for IOCP only once in boot stage by having a boolean variable "done" which will be set to true upon IOCP probe in errata_probe_iocp() and we bail out early if "done" is set to true. While at it make return type of errata_probe_iocp() to void as we were not checking the return value in andes_errata_patch_func(). Fixes: e021ae7 ("riscv: errata: Add Andes alternative ports") Signed-off-by: Lad Prabhakar <[email protected]> Reviewed-by: Geert Uytterhoeven <[email protected]> Reviewed-by: Yu Chien Peter Lin <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Palmer Dabbelt <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
commit 2b3a7a3 upstream. The pcm state can be SNDRV_PCM_STATE_DISCONNECTED at disconnect callback, and there is not an entry of SNDRV_PCM_STATE_DISCONNECTED in snd_pcm_state_names. This patch adds the missing entry to resolve this issue. cat /proc/asound/card2/pcm0p/sub0/status That results in stack traces like the following: [ 99.702732][ T5171] Unexpected kernel BRK exception at EL1 [ 99.702774][ T5171] Internal error: BRK handler: f2005512 [#1] PREEMPT SMP [ 99.703858][ T5171] Modules linked in: bcmdhd(E) (...) [ 99.747425][ T5171] CPU: 3 PID: 5171 Comm: cat Tainted: G C OE 5.10.189-android13-4-00003-g4a17384380d8-ab11086999 #1 [ 99.748447][ T5171] Hardware name: Rockchip RK3588 CVTE V10 Board (DT) [ 99.749024][ T5171] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 99.749616][ T5171] pc : snd_pcm_substream_proc_status_read+0x264/0x2bc [ 99.750204][ T5171] lr : snd_pcm_substream_proc_status_read+0xa4/0x2bc [ 99.750778][ T5171] sp : ffffffc0175abae0 [ 99.751132][ T5171] x29: ffffffc0175abb80 x28: ffffffc009a2c498 [ 99.751665][ T5171] x27: 0000000000000001 x26: ffffff810cbae6e8 [ 99.752199][ T5171] x25: 0000000000400cc0 x24: ffffffc0175abc60 [ 99.752729][ T5171] x23: 0000000000000000 x22: ffffff802f558400 [ 99.753263][ T5171] x21: ffffff81d8d8ff00 x20: ffffff81020cdc00 [ 99.753795][ T5171] x19: ffffff802d110000 x18: ffffffc014fbd058 [ 99.754326][ T5171] x17: 0000000000000000 x16: 0000000000000000 [ 99.754861][ T5171] x15: 000000000000c276 x14: ffffffff9a976fda [ 99.755392][ T5171] x13: 0000000065689089 x12: 000000000000d72e [ 99.755923][ T5171] x11: ffffff802d110000 x10: 00000000000000e0 [ 99.756457][ T5171] x9 : 9c431600c8385d00 x8 : 0000000000000008 [ 99.756990][ T5171] x7 : 0000000000000000 x6 : 000000000000003f [ 99.757522][ T5171] x5 : 0000000000000040 x4 : ffffffc0175abb70 [ 99.758056][ T5171] x3 : 0000000000000001 x2 : 0000000000000001 [ 99.758588][ T5171] x1 : 0000000000000000 x0 : 0000000000000000 [ 99.759123][ T5171] Call trace: [ 99.759404][ T5171] snd_pcm_substream_proc_status_read+0x264/0x2bc [ 99.759958][ T5171] snd_info_seq_show+0x54/0xa4 [ 99.760370][ T5171] seq_read_iter+0x19c/0x7d4 [ 99.760770][ T5171] seq_read+0xf0/0x128 [ 99.761117][ T5171] proc_reg_read+0x100/0x1f8 [ 99.761515][ T5171] vfs_read+0xf4/0x354 [ 99.761869][ T5171] ksys_read+0x7c/0x148 [ 99.762226][ T5171] __arm64_sys_read+0x20/0x30 [ 99.762625][ T5171] el0_svc_common+0xd0/0x1e4 [ 99.763023][ T5171] el0_svc+0x28/0x98 [ 99.763358][ T5171] el0_sync_handler+0x8c/0xf0 [ 99.763759][ T5171] el0_sync+0x1b8/0x1c0 [ 99.764118][ T5171] Code: d65f03c0 b9406102 17ffffae 94191565 (d42aa240) [ 99.764715][ T5171] ---[ end trace 1eeffa3e17c58e10 ]--- [ 99.780720][ T5171] Kernel panic - not syncing: BRK handler: Fatal exception Signed-off-by: Jason Zhang <[email protected]> Cc: <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit fe2b122 upstream. When working on LED support for r8169 I got the following lockdep warning. Easiest way to prevent this scenario seems to be to take the RTNL lock before the trigger_data lock in set_device_name(). ====================================================== WARNING: possible circular locking dependency detected 6.7.0-rc2-next-20231124+ #2 Not tainted ------------------------------------------------------ bash/383 is trying to acquire lock: ffff888103aa1c68 (&trigger_data->lock){+.+.}-{3:3}, at: netdev_trig_notify+0xec/0x190 [ledtrig_netdev] but task is already holding lock: ffffffff8cddf808 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x12/0x20 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (rtnl_mutex){+.+.}-{3:3}: __mutex_lock+0x9b/0xb50 mutex_lock_nested+0x16/0x20 rtnl_lock+0x12/0x20 set_device_name+0xa9/0x120 [ledtrig_netdev] netdev_trig_activate+0x1a1/0x230 [ledtrig_netdev] led_trigger_set+0x172/0x2c0 led_trigger_write+0xf1/0x140 sysfs_kf_bin_write+0x5d/0x80 kernfs_fop_write_iter+0x15d/0x210 vfs_write+0x1f0/0x510 ksys_write+0x6c/0xf0 __x64_sys_write+0x14/0x20 do_syscall_64+0x3f/0xf0 entry_SYSCALL_64_after_hwframe+0x6c/0x74 -> #0 (&trigger_data->lock){+.+.}-{3:3}: __lock_acquire+0x1459/0x25a0 lock_acquire+0xc8/0x2d0 __mutex_lock+0x9b/0xb50 mutex_lock_nested+0x16/0x20 netdev_trig_notify+0xec/0x190 [ledtrig_netdev] call_netdevice_register_net_notifiers+0x5a/0x100 register_netdevice_notifier+0x85/0x120 netdev_trig_activate+0x1d4/0x230 [ledtrig_netdev] led_trigger_set+0x172/0x2c0 led_trigger_write+0xf1/0x140 sysfs_kf_bin_write+0x5d/0x80 kernfs_fop_write_iter+0x15d/0x210 vfs_write+0x1f0/0x510 ksys_write+0x6c/0xf0 __x64_sys_write+0x14/0x20 do_syscall_64+0x3f/0xf0 entry_SYSCALL_64_after_hwframe+0x6c/0x74 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(&trigger_data->lock); lock(rtnl_mutex); lock(&trigger_data->lock); *** DEADLOCK *** 8 locks held by bash/383: #0: ffff888103ff33f0 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x6c/0xf0 #1: ffff888103aa1e88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x114/0x210 #2: ffff8881036f1890 (kn->active#82){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x11d/0x210 #3: ffff888108e2c358 (&led_cdev->led_access){+.+.}-{3:3}, at: led_trigger_write+0x30/0x140 #4: ffffffff8cdd9e10 (triggers_list_lock){++++}-{3:3}, at: led_trigger_write+0x75/0x140 #5: ffff888108e2c270 (&led_cdev->trigger_lock){++++}-{3:3}, at: led_trigger_write+0xe3/0x140 #6: ffffffff8cdde3d0 (pernet_ops_rwsem){++++}-{3:3}, at: register_netdevice_notifier+0x1c/0x120 #7: ffffffff8cddf808 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x12/0x20 stack backtrace: CPU: 0 PID: 383 Comm: bash Not tainted 6.7.0-rc2-next-20231124+ #2 Hardware name: Default string Default string/Default string, BIOS ADLN.M6.SODIMM.ZB.CY.015 08/08/2023 Call Trace: <TASK> dump_stack_lvl+0x5c/0xd0 dump_stack+0x10/0x20 print_circular_bug+0x2dd/0x410 check_noncircular+0x131/0x150 __lock_acquire+0x1459/0x25a0 lock_acquire+0xc8/0x2d0 ? netdev_trig_notify+0xec/0x190 [ledtrig_netdev] __mutex_lock+0x9b/0xb50 ? netdev_trig_notify+0xec/0x190 [ledtrig_netdev] ? __this_cpu_preempt_check+0x13/0x20 ? netdev_trig_notify+0xec/0x190 [ledtrig_netdev] ? __cancel_work_timer+0x11c/0x1b0 ? __mutex_lock+0x123/0xb50 mutex_lock_nested+0x16/0x20 ? mutex_lock_nested+0x16/0x20 netdev_trig_notify+0xec/0x190 [ledtrig_netdev] call_netdevice_register_net_notifiers+0x5a/0x100 register_netdevice_notifier+0x85/0x120 netdev_trig_activate+0x1d4/0x230 [ledtrig_netdev] led_trigger_set+0x172/0x2c0 ? preempt_count_add+0x49/0xc0 led_trigger_write+0xf1/0x140 sysfs_kf_bin_write+0x5d/0x80 kernfs_fop_write_iter+0x15d/0x210 vfs_write+0x1f0/0x510 ksys_write+0x6c/0xf0 __x64_sys_write+0x14/0x20 do_syscall_64+0x3f/0xf0 entry_SYSCALL_64_after_hwframe+0x6c/0x74 RIP: 0033:0x7f269055d034 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d 35 c3 0d 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 48 89 54 24 18 48 RSP: 002b:00007ffddb7ef748 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f269055d034 RDX: 0000000000000007 RSI: 000055bf5f4af3c0 RDI: 0000000000000001 RBP: 000055bf5f4af3c0 R08: 0000000000000073 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000007 R13: 00007f26906325c0 R14: 00007f269062ff20 R15: 0000000000000000 </TASK> Fixes: d5e0126 ("leds: trigger: netdev: add additional specific link speed mode") Cc: [email protected] Signed-off-by: Heiner Kallweit <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Acked-by: Lee Jones <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 187da0f upstream. The routine __vma_private_lock tests for the existence of a reserve map associated with a private hugetlb mapping. A pointer to the reserve map is in vma->vm_private_data. __vma_private_lock was checking the pointer for NULL. However, it is possible that the low bits of the pointer could be used as flags. In such instances, vm_private_data is not NULL and not a valid pointer. This results in the null-ptr-deref reported by syzbot: general protection fault, probably for non-canonical address 0xdffffc000000001d: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000e8-0x00000000000000ef] CPU: 0 PID: 5048 Comm: syz-executor139 Not tainted 6.6.0-rc7-syzkaller-00142-g88 8cf78c29e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 1 0/09/2023 RIP: 0010:__lock_acquire+0x109/0x5de0 kernel/locking/lockdep.c:5004 ... Call Trace: <TASK> lock_acquire kernel/locking/lockdep.c:5753 [inline] lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718 down_write+0x93/0x200 kernel/locking/rwsem.c:1573 hugetlb_vma_lock_write mm/hugetlb.c:300 [inline] hugetlb_vma_lock_write+0xae/0x100 mm/hugetlb.c:291 __hugetlb_zap_begin+0x1e9/0x2b0 mm/hugetlb.c:5447 hugetlb_zap_begin include/linux/hugetlb.h:258 [inline] unmap_vmas+0x2f4/0x470 mm/memory.c:1733 exit_mmap+0x1ad/0xa60 mm/mmap.c:3230 __mmput+0x12a/0x4d0 kernel/fork.c:1349 mmput+0x62/0x70 kernel/fork.c:1371 exit_mm kernel/exit.c:567 [inline] do_exit+0x9ad/0x2a20 kernel/exit.c:861 __do_sys_exit kernel/exit.c:991 [inline] __se_sys_exit kernel/exit.c:989 [inline] __x64_sys_exit+0x42/0x50 kernel/exit.c:989 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Mask off low bit flags before checking for NULL pointer. In addition, the reserve map only 'belongs' to the OWNER (parent in parent/child relationships) so also check for the OWNER flag. Link: https://lkml.kernel.org/r/[email protected] Reported-by: [email protected] Closes: https://lore.kernel.org/linux-mm/[email protected]/ Fixes: bf49169 ("hugetlbfs: extend hugetlb_vma_lock to private VMAs") Signed-off-by: Mike Kravetz <[email protected]> Reviewed-by: Rik van Riel <[email protected]> Cc: Edward Adam Davis <[email protected]> Cc: Muchun Song <[email protected]> Cc: Nathan Chancellor <[email protected]> Cc: Nick Desaulniers <[email protected]> Cc: Tom Rix <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
[ Upstream commit 287e82c ] Partially revert the change in commit 6148652 ("coresight: Enable and disable helper devices adjacent to the path") which changed the bare call from source_ops(csdev)->enable() to coresight_enable_source() for Perf sessions. It was missed that coresight_enable_source() is specifically for the sysfs interface, rather than being a generic call. This interferes with the sysfs reference counting to cause the following crash: $ perf record -e cs_etm/@tmc_etr0/ -C 0 & $ echo 1 > /sys/bus/coresight/devices/tmc_etr0/enable_sink $ echo 1 > /sys/bus/coresight/devices/etm0/enable_source $ echo 0 > /sys/bus/coresight/devices/etm0/enable_source Unable to handle kernel NULL pointer dereference at virtual address 00000000000001d0 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP ... Call trace: etm4_disable+0x54/0x150 [coresight_etm4x] coresight_disable_source+0x6c/0x98 [coresight] coresight_disable+0x74/0x1c0 [coresight] enable_source_store+0x88/0xa0 [coresight] dev_attr_store+0x20/0x40 sysfs_kf_write+0x4c/0x68 kernfs_fop_write_iter+0x120/0x1b8 vfs_write+0x2dc/0x3b0 ksys_write+0x70/0x108 __arm64_sys_write+0x24/0x38 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x104/0x130 do_el0_svc+0x40/0xb8 el0_svc+0x2c/0xb8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x1a4/0x1a8 Code: d53cd042 91002000 b9402a81 b8626800 (f940ead5) ---[ end trace 0000000000000000 ]--- This commit linked below also fixes the issue, but has unlocked updates to the mode which could potentially race. So until we come up with a more complete solution that takes all locking and interaction between both modes into account, just revert back to the old behavior for Perf. Reported-by: Junhao He <[email protected]> Closes: https://lore.kernel.org/linux-arm-kernel/[email protected]/ Fixes: 6148652 ("coresight: Enable and disable helper devices adjacent to the path") Tested-by: Junhao He <[email protected]> Signed-off-by: James Clark <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit b841128 ] When we to enable the SMB by perf, the perf sched will call perf_ctx_lock() to close system preempt in event_function_call(). But SMB::enable_smb() use mutex to lock the critical section, which may sleep. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 153023, name: perf preempt_count: 2, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffa2983f5c5f40>] copy_process+0xae8/0x2b48 softirqs last enabled at (0): [<ffffa2983f5c5f40>] copy_process+0xae8/0x2b48 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 2 PID: 153023 Comm: perf Kdump: loaded Tainted: G W O 6.5.0-rc4+ #1 Call trace: ... __mutex_lock+0xbc/0xa70 mutex_lock_nested+0x34/0x48 smb_update_buffer+0x58/0x360 [ultrasoc_smb] etm_event_stop+0x204/0x2d8 [coresight] etm_event_del+0x1c/0x30 [coresight] event_sched_out+0x17c/0x3b8 group_sched_out.part.0+0x5c/0x208 __perf_event_disable+0x15c/0x210 event_function+0xe0/0x230 remote_function+0xb4/0xe8 generic_exec_single+0x160/0x268 smp_call_function_single+0x20c/0x2a0 event_function_call+0x20c/0x220 _perf_event_disable+0x5c/0x90 perf_event_for_each_child+0x58/0xc0 _perf_ioctl+0x34c/0x1250 perf_ioctl+0x64/0x98 ... Use spinlock to replace mutex to control driver data access to one at a time. The function copy_to_user() may sleep, it cannot be in a spinlock context, so we can't simply replace it in smb_read(). But we can ensure that only one user gets the SMB device fd by smb_open(), so remove the locks from smb_read() and buffer synchronization is guaranteed by the user. Fixes: 06f5c29 ("drivers/coresight: Add UltraSoc System Memory Buffer driver") Signed-off-by: Junhao He <[email protected]> Reviewed-by: James Clark <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit fe57575 ] The `cgrp_local_storage` test triggers a kernel panic like: # ./test_progs -t cgrp_local_storage Can't find bpf_testmod.ko kernel module: -2 WARNING! Selftests relying on bpf_testmod.ko will be skipped. [ 550.930632] CPU 1 Unable to handle kernel paging request at virtual address 0000000000000080, era == ffff80000200be34, ra == ffff80000200be00 [ 550.931781] Oops[#1]: [ 550.931966] CPU: 1 PID: 1303 Comm: test_progs Not tainted 6.7.0-rc2-loong-devel-g2f56bb0d2327 grate-driver#35 a896aca3f4164f09cc346f89f2e09832e07be5f6 [ 550.932215] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 550.932403] pc ffff80000200be34 ra ffff80000200be00 tp 9000000108350000 sp 9000000108353dc0 [ 550.932545] a0 0000000000000000 a1 0000000000000517 a2 0000000000000118 a3 00007ffffbb15558 [ 550.932682] a4 00007ffffbb15620 a5 90000001004e7700 a6 0000000000000021 a7 0000000000000118 [ 550.932824] t0 ffff80000200bdc0 t1 0000000000000517 t2 0000000000000517 t3 00007ffff1c06ee0 [ 550.932961] t4 0000555578ae04d0 t5 fffffffffffffff8 t6 0000000000000004 t7 0000000000000020 [ 550.933097] t8 0000000000000040 u0 00000000000007b8 s9 9000000108353e00 s0 90000001004e7700 [ 550.933241] s1 9000000004005000 s2 0000000000000001 s3 0000000000000000 s4 0000555555eb2ec8 [ 550.933379] s5 00007ffffbb15bb8 s6 00007ffff1dafd60 s7 000055555663f610 s8 00007ffff1db0050 [ 550.933520] ra: ffff80000200be00 bpf_prog_98f1b9e767be2a84_on_enter+0x40/0x200 [ 550.933911] ERA: ffff80000200be34 bpf_prog_98f1b9e767be2a84_on_enter+0x74/0x200 [ 550.934105] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 550.934596] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 550.934712] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 550.934836] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 550.934976] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 550.935097] BADV: 0000000000000080 [ 550.935181] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 550.935291] Modules linked in: [ 550.935391] Process test_progs (pid: 1303, threadinfo=000000006c3b1c41, task=0000000061f84a55) [ 550.935643] Stack : 00007ffffbb15bb8 0000555555eb2ec8 0000000000000000 0000000000000001 [ 550.935844] 9000000004005000 ffff80001b864000 00007ffffbb15450 90000000029aa034 [ 550.935990] 0000000000000000 9000000108353ec0 0000000000000118 d07d9dfb09721a09 [ 550.936175] 0000000000000001 0000000000000000 9000000108353ec0 0000000000000118 [ 550.936314] 9000000101d46ad0 900000000290abf0 000055555663f610 0000000000000000 [ 550.936479] 0000000000000003 9000000108353ec0 00007ffffbb15450 90000000029d7288 [ 550.936635] 00007ffff1dafd60 000055555663f610 0000000000000000 0000000000000003 [ 550.936779] 9000000108353ec0 90000000035dd1f0 00007ffff1dafd58 9000000002841c5c [ 550.936939] 0000000000000119 0000555555eea5a8 00007ffff1d78780 00007ffffbb153e0 [ 550.937083] ffffffffffffffda 00007ffffbb15518 0000000000000040 00007ffffbb15558 [ 550.937224] ... [ 550.937299] Call Trace: [ 550.937521] [<ffff80000200be34>] bpf_prog_98f1b9e767be2a84_on_enter+0x74/0x200 [ 550.937910] [<90000000029aa034>] bpf_trace_run2+0x90/0x154 [ 550.938105] [<900000000290abf0>] syscall_trace_enter.isra.0+0x1cc/0x200 [ 550.938224] [<90000000035dd1f0>] do_syscall+0x48/0x94 [ 550.938319] [<9000000002841c5c>] handle_syscall+0xbc/0x158 [ 550.938477] [ 550.938607] Code: 580009ae 50016000 262402e4 <28c20085> 14092084 03a00084 16000024 03240084 00150006 [ 550.938851] [ 550.939021] ---[ end trace 0000000000000000 ]--- Further investigation shows that this panic is triggered by memory load operations: ptr = bpf_cgrp_storage_get(&map_a, task->cgroups->dfl_cgrp, 0, BPF_LOCAL_STORAGE_GET_F_CREATE); The expression `task->cgroups->dfl_cgrp` involves two memory load. Since the field offset fits in imm12 or imm14, we use ldd or ldptrd instructions. But both instructions have the side effect that it will signed-extended the imm operand. Finally, we got the wrong addresses and panics is inevitable. Use a generic ldxd instruction to avoid this kind of issues. With this change, we have: # ./test_progs -t cgrp_local_storage Can't find bpf_testmod.ko kernel module: -2 WARNING! Selftests relying on bpf_testmod.ko will be skipped. test_cgrp_local_storage:PASS:join_cgroup /cgrp_local_storage 0 nsec grate-driver#48/1 cgrp_local_storage/tp_btf:OK test_attach_cgroup:PASS:skel_open 0 nsec test_attach_cgroup:PASS:prog_attach 0 nsec test_attach_cgroup:PASS:prog_attach 0 nsec libbpf: prog 'update_cookie_tracing': failed to attach: ERROR: strerror_r(-524)=22 test_attach_cgroup:FAIL:prog_attach unexpected error: -524 grate-driver#48/2 cgrp_local_storage/attach_cgroup:FAIL test_recursion:PASS:skel_open_and_load 0 nsec libbpf: prog 'on_lookup': failed to attach: ERROR: strerror_r(-524)=22 libbpf: prog 'on_lookup': failed to auto-attach: -524 test_recursion:FAIL:skel_attach unexpected error: -524 (errno 524) grate-driver#48/3 cgrp_local_storage/recursion:FAIL grate-driver#48/4 cgrp_local_storage/negative:OK grate-driver#48/5 cgrp_local_storage/cgroup_iter_sleepable:OK test_yes_rcu_lock:PASS:skel_open 0 nsec test_yes_rcu_lock:PASS:skel_load 0 nsec libbpf: prog 'yes_rcu_lock': failed to attach: ERROR: strerror_r(-524)=22 libbpf: prog 'yes_rcu_lock': failed to auto-attach: -524 test_yes_rcu_lock:FAIL:skel_attach unexpected error: -524 (errno 524) grate-driver#48/6 cgrp_local_storage/yes_rcu_lock:FAIL grate-driver#48/7 cgrp_local_storage/no_rcu_lock:OK grate-driver#48 cgrp_local_storage:FAIL All error logs: test_cgrp_local_storage:PASS:join_cgroup /cgrp_local_storage 0 nsec test_attach_cgroup:PASS:skel_open 0 nsec test_attach_cgroup:PASS:prog_attach 0 nsec test_attach_cgroup:PASS:prog_attach 0 nsec libbpf: prog 'update_cookie_tracing': failed to attach: ERROR: strerror_r(-524)=22 test_attach_cgroup:FAIL:prog_attach unexpected error: -524 grate-driver#48/2 cgrp_local_storage/attach_cgroup:FAIL test_recursion:PASS:skel_open_and_load 0 nsec libbpf: prog 'on_lookup': failed to attach: ERROR: strerror_r(-524)=22 libbpf: prog 'on_lookup': failed to auto-attach: -524 test_recursion:FAIL:skel_attach unexpected error: -524 (errno 524) grate-driver#48/3 cgrp_local_storage/recursion:FAIL test_yes_rcu_lock:PASS:skel_open 0 nsec test_yes_rcu_lock:PASS:skel_load 0 nsec libbpf: prog 'yes_rcu_lock': failed to attach: ERROR: strerror_r(-524)=22 libbpf: prog 'yes_rcu_lock': failed to auto-attach: -524 test_yes_rcu_lock:FAIL:skel_attach unexpected error: -524 (errno 524) grate-driver#48/6 cgrp_local_storage/yes_rcu_lock:FAIL grate-driver#48 cgrp_local_storage:FAIL Summary: 0/4 PASSED, 0 SKIPPED, 1 FAILED No panics any more (The test still failed because lack of BPF trampoline which I am actively working on). Fixes: 5dc6155 ("LoongArch: Add BPF JIT support") Signed-off-by: Hengqi Chen <[email protected]> Signed-off-by: Huacai Chen <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 5d47ec2 ] The `cls_redirect` test triggers a kernel panic like: # ./test_progs -t cls_redirect Can't find bpf_testmod.ko kernel module: -2 WARNING! Selftests relying on bpf_testmod.ko will be skipped. [ 30.938489] CPU 3 Unable to handle kernel paging request at virtual address fffffffffd814de0, era == ffff800002009fb8, ra == ffff800002009f9c [ 30.939331] Oops[#1]: [ 30.939513] CPU: 3 PID: 1260 Comm: test_progs Not tainted 6.7.0-rc2-loong-devel-g2f56bb0d2327 grate-driver#35 a896aca3f4164f09cc346f89f2e09832e07be5f6 [ 30.939732] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 30.939901] pc ffff800002009fb8 ra ffff800002009f9c tp 9000000104da4000 sp 9000000104da7ab0 [ 30.940038] a0 fffffffffd814de0 a1 9000000104da7a68 a2 0000000000000000 a3 9000000104da7c10 [ 30.940183] a4 9000000104da7c14 a5 0000000000000002 a6 0000000000000021 a7 00005555904d7f90 [ 30.940321] t0 0000000000000110 t1 0000000000000000 t2 fffffffffd814de0 t3 0004c4b400000000 [ 30.940456] t4 ffffffffffffffff t5 00000000c3f63600 t6 0000000000000000 t7 0000000000000000 [ 30.940590] t8 000000000006d803 u0 0000000000000020 s9 9000000104da7b10 s0 900000010504c200 [ 30.940727] s1 fffffffffd814de0 s2 900000010504c200 s3 9000000104da7c10 s4 9000000104da7ad0 [ 30.940866] s5 0000000000000000 s6 90000000030e65bc s7 9000000104da7b44 s8 90000000044f6fc0 [ 30.941015] ra: ffff800002009f9c bpf_prog_846803e5ae81417f_cls_redirect+0xa0/0x590 [ 30.941535] ERA: ffff800002009fb8 bpf_prog_846803e5ae81417f_cls_redirect+0xbc/0x590 [ 30.941696] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 30.942224] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 30.942330] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 30.942453] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 30.942612] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 30.942764] BADV: fffffffffd814de0 [ 30.942854] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 30.942974] Modules linked in: [ 30.943078] Process test_progs (pid: 1260, threadinfo=00000000ce303226, task=000000007d10bb76) [ 30.943306] Stack : 900000010a064000 90000000044f6fc0 9000000104da7b48 0000000000000000 [ 30.943495] 0000000000000000 9000000104da7c14 9000000104da7c10 900000010504c200 [ 30.943626] 0000000000000001 ffff80001b88c000 9000000104da7b70 90000000030e6668 [ 30.943785] 0000000000000000 9000000104da7b58 ffff80001b88c048 9000000003d05000 [ 30.943936] 900000000303ac88 0000000000000000 0000000000000000 9000000104da7b70 [ 30.944091] 0000000000000000 0000000000000001 0000000731eeab00 0000000000000000 [ 30.944245] ffff80001b88c000 0000000000000000 0000000000000000 54b99959429f83b8 [ 30.944402] ffff80001b88c000 90000000044f6fc0 9000000101d70000 ffff80001b88c000 [ 30.944538] 000000000000005a 900000010504c200 900000010a064000 900000010a067000 [ 30.944697] 9000000104da7d88 0000000000000000 9000000003d05000 90000000030e794c [ 30.944852] ... [ 30.944924] Call Trace: [ 30.945120] [<ffff800002009fb8>] bpf_prog_846803e5ae81417f_cls_redirect+0xbc/0x590 [ 30.945650] [<90000000030e6668>] bpf_test_run+0x1ec/0x2f8 [ 30.945958] [<90000000030e794c>] bpf_prog_test_run_skb+0x31c/0x684 [ 30.946065] [<90000000026d4f68>] __sys_bpf+0x678/0x2724 [ 30.946159] [<90000000026d7288>] sys_bpf+0x20/0x2c [ 30.946253] [<90000000032dd224>] do_syscall+0x7c/0x94 [ 30.946343] [<9000000002541c5c>] handle_syscall+0xbc/0x158 [ 30.946492] [ 30.946549] Code: 0015030e 5c0009c0 5001d000 <28c00304> 02c00484 29c00304 00150009 2a42d2e4 0280200d [ 30.946793] [ 30.946971] ---[ end trace 0000000000000000 ]--- [ 32.093225] Kernel panic - not syncing: Fatal exception in interrupt [ 32.093526] Kernel relocated by 0x2320000 [ 32.093630] .text @ 0x9000000002520000 [ 32.093725] .data @ 0x9000000003400000 [ 32.093792] .bss @ 0x9000000004413200 [ 34.971998] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is because we signed-extend function return values. When subprog mode is enabled, we have: cls_redirect() -> get_global_metrics() returns pcpu ptr 0xfffffefffc00b480 The pointer returned is later signed-extended to 0xfffffffffc00b480 at `BPF_JMP | BPF_EXIT`. During BPF prog run, this triggers unhandled page fault and a kernel panic. Drop the unnecessary signed-extension on return values like other architectures do. With this change, we have: # ./test_progs -t cls_redirect Can't find bpf_testmod.ko kernel module: -2 WARNING! Selftests relying on bpf_testmod.ko will be skipped. grate-driver#51/1 cls_redirect/cls_redirect_inlined:OK grate-driver#51/2 cls_redirect/IPv4 TCP accept unknown (no hops, flags: SYN):OK grate-driver#51/3 cls_redirect/IPv6 TCP accept unknown (no hops, flags: SYN):OK grate-driver#51/4 cls_redirect/IPv4 TCP accept unknown (no hops, flags: ACK):OK grate-driver#51/5 cls_redirect/IPv6 TCP accept unknown (no hops, flags: ACK):OK grate-driver#51/6 cls_redirect/IPv4 TCP forward unknown (one hop, flags: ACK):OK grate-driver#51/7 cls_redirect/IPv6 TCP forward unknown (one hop, flags: ACK):OK grate-driver#51/8 cls_redirect/IPv4 TCP accept known (one hop, flags: ACK):OK grate-driver#51/9 cls_redirect/IPv6 TCP accept known (one hop, flags: ACK):OK grate-driver#51/10 cls_redirect/IPv4 UDP accept unknown (no hops, flags: none):OK grate-driver#51/11 cls_redirect/IPv6 UDP accept unknown (no hops, flags: none):OK grate-driver#51/12 cls_redirect/IPv4 UDP forward unknown (one hop, flags: none):OK grate-driver#51/13 cls_redirect/IPv6 UDP forward unknown (one hop, flags: none):OK grate-driver#51/14 cls_redirect/IPv4 UDP accept known (one hop, flags: none):OK grate-driver#51/15 cls_redirect/IPv6 UDP accept known (one hop, flags: none):OK grate-driver#51/16 cls_redirect/cls_redirect_subprogs:OK grate-driver#51/17 cls_redirect/IPv4 TCP accept unknown (no hops, flags: SYN):OK grate-driver#51/18 cls_redirect/IPv6 TCP accept unknown (no hops, flags: SYN):OK grate-driver#51/19 cls_redirect/IPv4 TCP accept unknown (no hops, flags: ACK):OK grate-driver#51/20 cls_redirect/IPv6 TCP accept unknown (no hops, flags: ACK):OK grate-driver#51/21 cls_redirect/IPv4 TCP forward unknown (one hop, flags: ACK):OK grate-driver#51/22 cls_redirect/IPv6 TCP forward unknown (one hop, flags: ACK):OK grate-driver#51/23 cls_redirect/IPv4 TCP accept known (one hop, flags: ACK):OK grate-driver#51/24 cls_redirect/IPv6 TCP accept known (one hop, flags: ACK):OK grate-driver#51/25 cls_redirect/IPv4 UDP accept unknown (no hops, flags: none):OK grate-driver#51/26 cls_redirect/IPv6 UDP accept unknown (no hops, flags: none):OK grate-driver#51/27 cls_redirect/IPv4 UDP forward unknown (one hop, flags: none):OK grate-driver#51/28 cls_redirect/IPv6 UDP forward unknown (one hop, flags: none):OK grate-driver#51/29 cls_redirect/IPv4 UDP accept known (one hop, flags: none):OK grate-driver#51/30 cls_redirect/IPv6 UDP accept known (one hop, flags: none):OK grate-driver#51/31 cls_redirect/cls_redirect_dynptr:OK grate-driver#51/32 cls_redirect/IPv4 TCP accept unknown (no hops, flags: SYN):OK grate-driver#51/33 cls_redirect/IPv6 TCP accept unknown (no hops, flags: SYN):OK grate-driver#51/34 cls_redirect/IPv4 TCP accept unknown (no hops, flags: ACK):OK grate-driver#51/35 cls_redirect/IPv6 TCP accept unknown (no hops, flags: ACK):OK grate-driver#51/36 cls_redirect/IPv4 TCP forward unknown (one hop, flags: ACK):OK grate-driver#51/37 cls_redirect/IPv6 TCP forward unknown (one hop, flags: ACK):OK grate-driver#51/38 cls_redirect/IPv4 TCP accept known (one hop, flags: ACK):OK grate-driver#51/39 cls_redirect/IPv6 TCP accept known (one hop, flags: ACK):OK grate-driver#51/40 cls_redirect/IPv4 UDP accept unknown (no hops, flags: none):OK grate-driver#51/41 cls_redirect/IPv6 UDP accept unknown (no hops, flags: none):OK grate-driver#51/42 cls_redirect/IPv4 UDP forward unknown (one hop, flags: none):OK grate-driver#51/43 cls_redirect/IPv6 UDP forward unknown (one hop, flags: none):OK grate-driver#51/44 cls_redirect/IPv4 UDP accept known (one hop, flags: none):OK grate-driver#51/45 cls_redirect/IPv6 UDP accept known (one hop, flags: none):OK grate-driver#51 cls_redirect:OK Summary: 1/45 PASSED, 0 SKIPPED, 0 FAILED Fixes: 5dc6155 ("LoongArch: Add BPF JIT support") Signed-off-by: Hengqi Chen <[email protected]> Signed-off-by: Huacai Chen <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
…o HEAD KVM/riscv changes for 6.8 part #1 - KVM_GET_REG_LIST improvement for vector registers - Generate ISA extension reg_list using macros in get-reg-list selftest - Steal time account support along with selftest
…te_call_indirect kprobe_emulate_call_indirect currently uses int3_emulate_call to emulate indirect calls. However, int3_emulate_call always assumes the size of the call to be 5 bytes when calculating the return address. This is incorrect for register-based indirect calls in x86, which can be either 2 or 3 bytes depending on whether REX prefix is used. At kprobe runtime, the incorrect return address causes control flow to land onto the wrong place after return -- possibly not a valid instruction boundary. This can lead to a panic like the following: [ 7.308204][ C1] BUG: unable to handle page fault for address: 000000000002b4d8 [ 7.308883][ C1] #PF: supervisor read access in kernel mode [ 7.309168][ C1] #PF: error_code(0x0000) - not-present page [ 7.309461][ C1] PGD 0 P4D 0 [ 7.309652][ C1] Oops: 0000 [#1] SMP [ 7.309929][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.7.0-rc5-trace-for-next #6 [ 7.310397][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 [ 7.311068][ C1] RIP: 0010:__common_interrupt+0x52/0xc0 [ 7.311349][ C1] Code: 01 00 4d 85 f6 74 39 49 81 fe 00 f0 ff ff 77 30 4c 89 f7 4d 8b 5e 68 41 ba 91 76 d8 42 45 03 53 fc 74 02 0f 0b cc ff d3 65 48 <8b> 05 30 c7 ff 7e 65 4c 89 3d 28 c7 ff 7e 5b 41 5c 41 5e 41 5f c3 [ 7.312512][ C1] RSP: 0018:ffffc900000e0fd0 EFLAGS: 00010046 [ 7.312899][ C1] RAX: 0000000000000001 RBX: 0000000000000023 RCX: 0000000000000001 [ 7.313334][ C1] RDX: 00000000000003cd RSI: 0000000000000001 RDI: ffff888100d302a4 [ 7.313702][ C1] RBP: 0000000000000001 R08: 0ef439818636191f R09: b1621ff338a3b482 [ 7.314146][ C1] R10: ffffffff81e5127b R11: ffffffff81059810 R12: 0000000000000023 [ 7.314509][ C1] R13: 0000000000000000 R14: ffff888100d30200 R15: 0000000000000000 [ 7.314951][ C1] FS: 0000000000000000(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000 [ 7.315396][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.315691][ C1] CR2: 000000000002b4d8 CR3: 0000000003028003 CR4: 0000000000370ef0 [ 7.316153][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7.316508][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 7.316948][ C1] Call Trace: [ 7.317123][ C1] <IRQ> [ 7.317279][ C1] ? __die_body+0x64/0xb0 [ 7.317482][ C1] ? page_fault_oops+0x248/0x370 [ 7.317712][ C1] ? __wake_up+0x96/0xb0 [ 7.317964][ C1] ? exc_page_fault+0x62/0x130 [ 7.318211][ C1] ? asm_exc_page_fault+0x22/0x30 [ 7.318444][ C1] ? __cfi_native_send_call_func_single_ipi+0x10/0x10 [ 7.318860][ C1] ? default_idle+0xb/0x10 [ 7.319063][ C1] ? __common_interrupt+0x52/0xc0 [ 7.319330][ C1] common_interrupt+0x78/0x90 [ 7.319546][ C1] </IRQ> [ 7.319679][ C1] <TASK> [ 7.319854][ C1] asm_common_interrupt+0x22/0x40 [ 7.320082][ C1] RIP: 0010:default_idle+0xb/0x10 [ 7.320309][ C1] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 66 90 0f 00 2d 09 b9 3b 00 fb f4 <fa> c3 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 e9 [ 7.321449][ C1] RSP: 0018:ffffc9000009bee8 EFLAGS: 00000256 [ 7.321808][ C1] RAX: ffff88813bca8b68 RBX: 0000000000000001 RCX: 000000000001ef0c [ 7.322227][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000001ef0c [ 7.322656][ C1] RBP: ffffc9000009bef8 R08: 8000000000000000 R09: 00000000000008c2 [ 7.323083][ C1] R10: 0000000000000000 R11: ffffffff81058e70 R12: 0000000000000000 [ 7.323530][ C1] R13: ffff8881002b30c0 R14: 0000000000000000 R15: 0000000000000000 [ 7.323948][ C1] ? __cfi_lapic_next_deadline+0x10/0x10 [ 7.324239][ C1] default_idle_call+0x31/0x50 [ 7.324464][ C1] do_idle+0xd3/0x240 [ 7.324690][ C1] cpu_startup_entry+0x25/0x30 [ 7.324983][ C1] start_secondary+0xb4/0xc0 [ 7.325217][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 7.325498][ C1] </TASK> [ 7.325641][ C1] Modules linked in: [ 7.325906][ C1] CR2: 000000000002b4d8 [ 7.326104][ C1] ---[ end trace 0000000000000000 ]--- [ 7.326354][ C1] RIP: 0010:__common_interrupt+0x52/0xc0 [ 7.326614][ C1] Code: 01 00 4d 85 f6 74 39 49 81 fe 00 f0 ff ff 77 30 4c 89 f7 4d 8b 5e 68 41 ba 91 76 d8 42 45 03 53 fc 74 02 0f 0b cc ff d3 65 48 <8b> 05 30 c7 ff 7e 65 4c 89 3d 28 c7 ff 7e 5b 41 5c 41 5e 41 5f c3 [ 7.327570][ C1] RSP: 0018:ffffc900000e0fd0 EFLAGS: 00010046 [ 7.327910][ C1] RAX: 0000000000000001 RBX: 0000000000000023 RCX: 0000000000000001 [ 7.328273][ C1] RDX: 00000000000003cd RSI: 0000000000000001 RDI: ffff888100d302a4 [ 7.328632][ C1] RBP: 0000000000000001 R08: 0ef439818636191f R09: b1621ff338a3b482 [ 7.329223][ C1] R10: ffffffff81e5127b R11: ffffffff81059810 R12: 0000000000000023 [ 7.329780][ C1] R13: 0000000000000000 R14: ffff888100d30200 R15: 0000000000000000 [ 7.330193][ C1] FS: 0000000000000000(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000 [ 7.330632][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.331050][ C1] CR2: 000000000002b4d8 CR3: 0000000003028003 CR4: 0000000000370ef0 [ 7.331454][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7.331854][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 7.332236][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 7.332730][ C1] Kernel Offset: disabled [ 7.333044][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- The relevant assembly code is (from objdump, faulting address highlighted): ffffffff8102ed9d: 41 ff d3 call *%r11 ffffffff8102eda0: 65 48 <8b> 05 30 c7 ff mov %gs:0x7effc730(%rip),%rax The emulation incorrectly sets the return address to be ffffffff8102ed9d + 0x5 = ffffffff8102eda2, which is the 8b byte in the middle of the next mov. This in turn causes incorrect subsequent instruction decoding and eventually triggers the page fault above. Instead of invoking int3_emulate_call, perform push and jmp emulation directly in kprobe_emulate_call_indirect. At this point we can obtain the instruction size from p->ainsn.size so that we can calculate the correct return address. Link: https://lore.kernel.org/all/[email protected]/ Fixes: 6256e66 ("x86/kprobes: Use int3 instead of debug trap for single-step") Cc: [email protected] Signed-off-by: Jinghao Jia <[email protected]> Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
The lock_class_key is still registered and can be found in lock_keys_hash hlist after subsys_private is freed in error handler path.A task who iterate over the lock_keys_hash later may cause use-after-free.So fix that up and unregister the lock_class_key before kfree(cp). On our platform, a driver fails to kset_register because of creating duplicate filename '/class/xxx'.With Kasan enabled, it prints a invalid-access bug report. KASAN bug report: BUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc Write of size 8 at addr 15ffff808b8c0368 by task modprobe/252 Pointer tag: [15], memory tag: [fe] CPU: 7 PID: 252 Comm: modprobe Tainted: G W 6.6.0-mainline-maybe-dirty #1 Call trace: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x88/0x98 lockdep_register_key+0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Memory state around the buggy address: ffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe >ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 As CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access not use-after-free here.In this case, modprobe is manipulating the corrupted lock_keys_hash hlish where lock_class_key is already freed before. It's worth noting that this only can happen if lockdep is enabled, which is not true for normal system. Fixes: dcfbb67 ("driver core: class: use lock_class_key already present in struct subsys_private") Cc: stable <[email protected]> Signed-off-by: Jing Xia <[email protected]> Signed-off-by: Xuewen Yan <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ #1 Not tainted ------------------------------------------------------ kworker/u5:5/793427 is trying to acquire lock: ffff88813256d028 (&cache->lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130 but task is already holding lock: ffff88810a23a318 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}: ... -> #0 (&cache->lock){+.+.}-{2:2}: ... This is because we take fs_info->zone_active_bgs_lock after a block_group's lock in btrfs_zone_activate() while doing the opposite in other places. Fix the issue by expanding the fs_info->zone_active_bgs_lock's critical section and taking it before a block_group's lock. Fixes: a7e1ac7 ("btrfs: zoned: reserve zones for an active metadata/system block group") CC: [email protected] # 6.6 Signed-off-by: Naohiro Aota <[email protected]> Reviewed-by: David Sterba <[email protected]> Signed-off-by: David Sterba <[email protected]>
act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph which is not straightforward. However when frags arrive out of order, nobody unref the last frag, and all frags are leaked. The situation is even worse, as initiating packet capture can lead to a crash[0] when skb has been cloned and shared at the same time. Fix the issue by removing skb_get() before defragmentation. act_ct returns TC_ACT_CONSUMED when defrag failed or in progress. [0]: [ 843.804823] ------------[ cut here ]------------ [ 843.809659] kernel BUG at net/core/skbuff.c:2091! [ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP [ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2 [ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022 [ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300 [ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89 [ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202 [ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820 [ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00 [ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000 [ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880 [ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900 [ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000 [ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0 [ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 843.894229] PKRU: 55555554 [ 843.898539] Call Trace: [ 843.902772] <IRQ> [ 843.906922] ? __die_body+0x1e/0x60 [ 843.911032] ? die+0x3c/0x60 [ 843.915037] ? do_trap+0xe2/0x110 [ 843.918911] ? pskb_expand_head+0x2ac/0x300 [ 843.922687] ? do_error_trap+0x65/0x80 [ 843.926342] ? pskb_expand_head+0x2ac/0x300 [ 843.929905] ? exc_invalid_op+0x50/0x60 [ 843.933398] ? pskb_expand_head+0x2ac/0x300 [ 843.936835] ? asm_exc_invalid_op+0x1a/0x20 [ 843.940226] ? pskb_expand_head+0x2ac/0x300 [ 843.943580] inet_frag_reasm_prepare+0xd1/0x240 [ 843.946904] ip_defrag+0x5d4/0x870 [ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack] [ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct] [ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred] [ 843.959657] tcf_action_exec+0xa1/0x160 [ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower] [ 843.966010] ? skb_clone+0x53/0xc0 [ 843.969173] tcf_classify+0x24d/0x420 [ 843.972333] tc_run+0x8f/0xf0 [ 843.975465] __netif_receive_skb_core+0x67a/0x1080 [ 843.978634] ? dev_gro_receive+0x249/0x730 [ 843.981759] __netif_receive_skb_list_core+0x12d/0x260 [ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0 [ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core] [ 843.991170] napi_complete_done+0x72/0x1a0 [ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core] [ 843.997501] __napi_poll+0x25/0x1b0 [ 844.000627] net_rx_action+0x256/0x330 [ 844.003705] __do_softirq+0xb3/0x29b [ 844.006718] irq_exit_rcu+0x9e/0xc0 [ 844.009672] common_interrupt+0x86/0xa0 [ 844.012537] </IRQ> [ 844.015285] <TASK> [ 844.017937] asm_common_interrupt+0x26/0x40 [ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20 [ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb f4 <fa> c3 0f 1f 00 89 fa ec 48 8b 05 ee 88 ed 00 a9 00 00 00 80 75 11 [ 844.028900] RSP: 0018:ffffc90000533e70 EFLAGS: 00000246 [ 844.031725] RAX: 0000000000004000 RBX: 0000000000000001 RCX: 0000000000000000 [ 844.034553] RDX: ffff889ffffc0000 RSI: ffffffff828b7f20 RDI: ffff88a090f45c64 [ 844.037368] RBP: ffff88a0901a2800 R08: ffff88a090f45c00 R09: 00000000000317c0 [ 844.040155] R10: 00ec812281150475 R11: ffff889fffff0e04 R12: ffffffff828b7fa0 [ 844.042962] R13: ffffffff828b7f20 R14: 0000000000000001 R15: 0000000000000000 [ 844.045819] acpi_idle_enter+0x7b/0xc0 [ 844.048621] cpuidle_enter_state+0x7f/0x430 [ 844.051451] cpuidle_enter+0x2d/0x40 [ 844.054279] do_idle+0x1d4/0x240 [ 844.057096] cpu_startup_entry+0x2a/0x30 [ 844.059934] start_secondary+0x104/0x130 [ 844.062787] secondary_startup_64_no_verify+0x16b/0x16b [ 844.065674] </TASK> Fixes: b57dc7c ("net/sched: Introduce action ct") Signed-off-by: Tao Liu <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
Use raw_spinlock functions to avoid this warning: ============================= [ BUG: Invalid wait context ] 6.7.0-rc3-64bit+ #1032 Tainted: G W ----------------------------- swapper/0/0 is trying to lock: 0000000041c1b250 (pdc_lock){....}-{3:3}, at: pdc_iodc_print+0x64/0x180 other info that might help us debug this: context-{2:2} 3 locks held by swapper/0/0: #0: 0000000041c22060 (console_lock){....}-{0:0}, at: vprintk_emit+0x1ac/0x4a8 #1: 0000000041c22098 (console_srcu){....}-{0:0}, at: rcu_lock_acquire+0x0/0x68 #2: 0000000041c21ea8 (console_owner){-...}-{0:0}, at: console_flush_all+0x304/0x638 stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.7.0-rc3-64bit+ #1032 Hardware name: 9000/785/C3700 Backtrace: [<000000004030b544>] show_stack+0x8c/0xa8 [<00000000412cb768>] dump_stack_lvl+0x148/0x1c8 [<00000000412cb81c>] dump_stack+0x34/0x48 [<00000000403d4324>] __lock_acquire+0x674/0x1cf8 [<00000000403d68d4>] lock_acquire+0x36c/0x3a8 [<00000000412cfba0>] _raw_spin_lock_irqsave+0xa0/0xe8 [<000000004031121c>] pdc_iodc_print+0x64/0x180 [<000000004031d0d8>] pdc_console_write+0x60/0x98 [<00000000403e76c4>] console_flush_all+0x414/0x638 [<00000000403e79e4>] console_unlock+0xfc/0x2a8 [<00000000403e95a8>] vprintk_emit+0x490/0x4a8 [<00000000403e95fc>] vprintk_default+0x3c/0x50 [<00000000403e9c74>] vprintk+0x94/0xb8 [<0000000041296cd0>] _printk+0x58/0x70 [<000000004125a624>] report_bug+0x1f4/0x2b8 [<000000004030bcac>] handle_interruption+0x3c4/0xbd8 [<000000004030307c>] intr_check_sig+0x0/0x3c Signed-off-by: Helge Deller <[email protected]>
====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-fkuehlin #276 Not tainted ------------------------------------------------------ kworker/8:2/2676 is trying to acquire lock: ffff9435aae95c88 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}, at: __flush_work+0x52/0x550 but task is already holding lock: ffff9435cd8e1720 (&svms->lock){+.+.}-{3:3}, at: svm_range_deferred_list_work+0xe8/0x340 [amdgpu] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&svms->lock){+.+.}-{3:3}: __mutex_lock+0x97/0xd30 kfd_ioctl_alloc_memory_of_gpu+0x6d/0x3c0 [amdgpu] kfd_ioctl+0x1b2/0x5d0 [amdgpu] __x64_sys_ioctl+0x86/0xc0 do_syscall_64+0x39/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #1 (&mm->mmap_lock){++++}-{3:3}: down_read+0x42/0x160 svm_range_evict_svm_bo_worker+0x8b/0x340 [amdgpu] process_one_work+0x27a/0x540 worker_thread+0x53/0x3e0 kthread+0xeb/0x120 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x11/0x20 -> #0 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}: __lock_acquire+0x1426/0x2200 lock_acquire+0xc1/0x2b0 __flush_work+0x80/0x550 __cancel_work_timer+0x109/0x190 svm_range_bo_release+0xdc/0x1c0 [amdgpu] svm_range_free+0x175/0x180 [amdgpu] svm_range_deferred_list_work+0x15d/0x340 [amdgpu] process_one_work+0x27a/0x540 worker_thread+0x53/0x3e0 kthread+0xeb/0x120 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x11/0x20 other info that might help us debug this: Chain exists of: (work_completion)(&svm_bo->eviction_work) --> &mm->mmap_lock --> &svms->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&svms->lock); lock(&mm->mmap_lock); lock(&svms->lock); lock((work_completion)(&svm_bo->eviction_work)); I believe this cannot really lead to a deadlock in practice, because svm_range_evict_svm_bo_worker only takes the mmap_read_lock if the BO refcount is non-0. That means it's impossible that svm_range_bo_release is running concurrently. However, there is no good way to annotate this. To avoid the problem, take a BO reference in svm_range_schedule_evict_svm_bo instead of in the worker. That way it's impossible for a BO to get freed while eviction work is pending and the cancel_work_sync call in svm_range_bo_release can be eliminated. v2: Use svm_bo_ref_unless_zero and explained why that's safe. Also removed redundant checks that are already done in amdkfd_fence_enable_signaling. Signed-off-by: Felix Kuehling <[email protected]> Reviewed-by: Philip Yang <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted ------------------------------------------------------ kworker/0:2/996 is trying to acquire lock: (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0 but task is already holding lock: ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at: process_one_work+0x211/0x560 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0 svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu] svm_range_set_attr+0xd6/0x14c0 [amdgpu] kfd_ioctl+0x1d1/0x630 [amdgpu] __x64_sys_ioctl+0x88/0xc0 -> #2 (&info->lock#2){+.+.}-{3:3}: __mutex_lock+0x99/0xc70 amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu] restore_process_helper+0x22/0x80 [amdgpu] restore_process_worker+0x2d/0xa0 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0 -> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0 __cancel_work_timer+0x12c/0x1c0 kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu] __mmu_notifier_release+0xad/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 do_exit+0x322/0xb90 do_group_exit+0x37/0xa0 __x64_sys_exit_group+0x18/0x20 do_syscall_64+0x38/0x80 -> #0 (srcu){.+.+}-{0:0}: __lock_acquire+0x1521/0x2510 lock_sync+0x5f/0x90 __synchronize_srcu+0x4f/0x1a0 __mmu_notifier_release+0x128/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 svm_range_deferred_list_work+0x19f/0x350 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0 other info that might help us debug this: Chain exists of: srcu --> &info->lock#2 --> (work_completion)(&svms->deferred_list_work) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((work_completion)(&svms->deferred_list_work)); lock(&info->lock#2); lock((work_completion)(&svms->deferred_list_work)); sync(srcu); Signed-off-by: Philip Yang <[email protected]> Reviewed-by: Felix Kuehling <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Based on TF300T DTS