Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1239222pxa; Thu, 20 Aug 2020 06:29:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyG8L78oxkf6qwBPbxT8cGat7Z5AbL3u1ffX/8zS+gHASjH91CCvFvRlNwO/RC6qlZ50Qni X-Received: by 2002:a17:906:3b8d:: with SMTP id u13mr3144656ejf.383.1597930164656; Thu, 20 Aug 2020 06:29:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597930164; cv=none; d=google.com; s=arc-20160816; b=fVldMgRE9tKC7dJ7tJxtFY6lUvmMdGq4hDrSS2H8ziBuBcBKzSnMXHzeTHOXHp2hKL aKVsfEcJK1TcfSzFAI+DzAYDUjnWwxz+ilmzVOCQRvvEE/05G+SP1NmFiiyI5DPBErW3 vstL68E654xxLjeHWo2nnJl1B814XHvgI7VvmshOC9ITGgG3cUuO8oyxMyw7/mHgZdsb yECY5gLlMAi7oEzNw+R9xUUmHT0UIQ8hxSfiobP0NrZASWxDIEA8WhctE2LJTK54gxfM NjA9u+H2VM6ulso36aWi/h/p5afxH5P3fjc7fisc3UNqRouUb82kb1JNNAD91SEJ/mlN z/Nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/m2rANu55O2aBXzr5rz2dE3NzHMlYUDzV5imtZWhIbE=; b=PPneA6lsVf8A2RmmAzur3F6/v2PtF/IjvnKyVpyERZFBTBfB/o+Etr0fFcNc23W7sQ OLR5NMU/m5LkywylxJZx2G0gbvLzif6Bip8oLmQpaO93ZyZKY1EsvRaev4ewPYqh6zEm /zUKGpHmTnFi65y0vYiQWpa1veymy6InWVdSpNhOi91yuSs//hyzsxabZROab3J2Plo4 7YvJWedDFEmFU3iTPMQP9P+F87bBF9SH8HMqz0PRf/aOl2XWA8JRGwI22NgCGCTbChDw fEI8Z/XFrSOeUXGsCxn86APUduQthn7hNrBMLu/jTOtZe1sBPmao07EKllpqHwHH2KIQ QkMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=r49PWMxU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mm22si1202628ejb.735.2020.08.20.06.29.00; Thu, 20 Aug 2020 06:29:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=r49PWMxU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730720AbgHTNXC (ORCPT + 99 others); Thu, 20 Aug 2020 09:23:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:45376 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728425AbgHTJeG (ORCPT ); Thu, 20 Aug 2020 05:34:06 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 51F7422B4B; Thu, 20 Aug 2020 09:33:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597916007; bh=TT6DbZYcI6OjD+XU96hy4Tpdh1TkN3Jidi8nyMpo5Gs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r49PWMxUjThf82ljm29trZ85bSJH5p+HLNlm9mNo0YmS9GoGMvpGcmbtsAzkrbdEe Sd32X3JvvjulzsFd4ViQaLWyUkC/jf1nU9O83+9Ou1OZHlFzDZ3lVmaYcHVAN0AX2k zXQMQIYGjwFsxLWM/Kdt0i7VuLjmFvbS3V53/af8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dhananjay Phadke , Florian Fainelli , Ray Jui , Wolfram Sang , Sasha Levin Subject: [PATCH 5.8 211/232] i2c: iproc: fix race between client unreg and isr Date: Thu, 20 Aug 2020 11:21:02 +0200 Message-Id: <20200820091623.025837505@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200820091612.692383444@linuxfoundation.org> References: <20200820091612.692383444@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dhananjay Phadke [ Upstream commit b1eef236f50ba6afea680da039ef3a2ca9c43d11 ] When i2c client unregisters, synchronize irq before setting iproc_i2c->slave to NULL. (1) disable_irq() (2) Mask event enable bits in control reg (3) Erase slave address (avoid further writes to rx fifo) (4) Flush tx and rx FIFOs (5) Clear pending event (interrupt) bits in status reg (6) enable_irq() (7) Set client pointer to NULL Unable to handle kernel NULL pointer dereference at virtual address 0000000000000318 [ 371.020421] pc : bcm_iproc_i2c_isr+0x530/0x11f0 [ 371.025098] lr : __handle_irq_event_percpu+0x6c/0x170 [ 371.030309] sp : ffff800010003e40 [ 371.033727] x29: ffff800010003e40 x28: 0000000000000060 [ 371.039206] x27: ffff800010ca9de0 x26: ffff800010f895df [ 371.044686] x25: ffff800010f18888 x24: ffff0008f7ff3600 [ 371.050165] x23: 0000000000000003 x22: 0000000001600000 [ 371.055645] x21: ffff800010f18888 x20: 0000000001600000 [ 371.061124] x19: ffff0008f726f080 x18: 0000000000000000 [ 371.066603] x17: 0000000000000000 x16: 0000000000000000 [ 371.072082] x15: 0000000000000000 x14: 0000000000000000 [ 371.077561] x13: 0000000000000000 x12: 0000000000000001 [ 371.083040] x11: 0000000000000000 x10: 0000000000000040 [ 371.088519] x9 : ffff800010f317c8 x8 : ffff800010f317c0 [ 371.093999] x7 : ffff0008f805b3b0 x6 : 0000000000000000 [ 371.099478] x5 : ffff0008f7ff36a4 x4 : ffff8008ee43d000 [ 371.104957] x3 : 0000000000000000 x2 : ffff8000107d64c0 [ 371.110436] x1 : 00000000c00000af x0 : 0000000000000000 [ 371.115916] Call trace: [ 371.118439] bcm_iproc_i2c_isr+0x530/0x11f0 [ 371.122754] __handle_irq_event_percpu+0x6c/0x170 [ 371.127606] handle_irq_event_percpu+0x34/0x88 [ 371.132189] handle_irq_event+0x40/0x120 [ 371.136234] handle_fasteoi_irq+0xcc/0x1a0 [ 371.140459] generic_handle_irq+0x24/0x38 [ 371.144594] __handle_domain_irq+0x60/0xb8 [ 371.148820] gic_handle_irq+0xc0/0x158 [ 371.152687] el1_irq+0xb8/0x140 [ 371.155927] arch_cpu_idle+0x10/0x18 [ 371.159615] do_idle+0x204/0x290 [ 371.162943] cpu_startup_entry+0x24/0x60 [ 371.166990] rest_init+0xb0/0xbc [ 371.170322] arch_call_rest_init+0xc/0x14 [ 371.174458] start_kernel+0x404/0x430 Fixes: c245d94ed106 ("i2c: iproc: Add multi byte read-write support for slave mode") Signed-off-by: Dhananjay Phadke Reviewed-by: Florian Fainelli Acked-by: Ray Jui Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin --- drivers/i2c/busses/i2c-bcm-iproc.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-bcm-iproc.c b/drivers/i2c/busses/i2c-bcm-iproc.c index 8a3c98866fb7e..688e928188214 100644 --- a/drivers/i2c/busses/i2c-bcm-iproc.c +++ b/drivers/i2c/busses/i2c-bcm-iproc.c @@ -1078,7 +1078,7 @@ static int bcm_iproc_i2c_unreg_slave(struct i2c_client *slave) if (!iproc_i2c->slave) return -EINVAL; - iproc_i2c->slave = NULL; + disable_irq(iproc_i2c->irq); /* disable all slave interrupts */ tmp = iproc_i2c_rd_reg(iproc_i2c, IE_OFFSET); @@ -1091,6 +1091,17 @@ static int bcm_iproc_i2c_unreg_slave(struct i2c_client *slave) tmp &= ~BIT(S_CFG_EN_NIC_SMB_ADDR3_SHIFT); iproc_i2c_wr_reg(iproc_i2c, S_CFG_SMBUS_ADDR_OFFSET, tmp); + /* flush TX/RX FIFOs */ + tmp = (BIT(S_FIFO_RX_FLUSH_SHIFT) | BIT(S_FIFO_TX_FLUSH_SHIFT)); + iproc_i2c_wr_reg(iproc_i2c, S_FIFO_CTRL_OFFSET, tmp); + + /* clear all pending slave interrupts */ + iproc_i2c_wr_reg(iproc_i2c, IS_OFFSET, ISR_MASK_SLAVE); + + iproc_i2c->slave = NULL; + + enable_irq(iproc_i2c->irq); + return 0; } -- 2.25.1