Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9088389pxu; Mon, 28 Dec 2020 06:20:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJypFOu4HPCUYe9B2N15AYmSJi8gx9lRXkfYHKhp7FSng2gTVqVNaGwD/iuDZlt01bjfbRSf X-Received: by 2002:a17:906:85cf:: with SMTP id i15mr43758443ejy.373.1609165251029; Mon, 28 Dec 2020 06:20:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609165251; cv=none; d=google.com; s=arc-20160816; b=0X0oOc26/jPNHbKmHwbcVh9Oe1goCKwDrl/AUqcM9gMSBqFC+STIihAMhG3A2lXOeb Mqc5FR/OveaKcxzWsd+oo6gS+sM7/D7fJxnIV3Ozws5v6VVIUvmle0a7KUcUzuhtC1jc 9hHKxRgHbpaZ7E7FF7EtmlMyoMPa4NsRBczE+MrWhGQ1obZbeuYQzdLrUPVhIZdyOuwR q/mC2kbwBP+/m/1Z0V+HYdiA/Yu3/jjUigbFGu63/DXhGP67taPrGgVUSFIbfJ8k8QE4 7KIse1LgiwXkn4chrXgOIh+06j1fSdH3ubZKKbxcbekm0BHRTHcg1PjRu2q8nizkTN6U BhFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=BmTDr7wcC0w9ShXj5iROL25FsW7vYld0l4gNkCeyZdo=; b=yhxJH9YIdAErXgG6QhHsOJ2fIRHOnm8t+yZ7poTT5Hj3akue7UppOUTBcBw4Ae5JFQ +xWnUeHtPK5ICHH2iVBtExUJd/PnGTUhLcp4093n5qerUKUDiqGcj+ax6BwOFxDt5Myd t9I1rAq7KdHJ+oT9QfzCPc91JLumoKEvtMZ/NeSiEoEwJuaEn6Qk74OQJgUOfwMMeoqD z/H1/vSwBM9kV0lDZbXeC4n/74Zv0z/0p/4aD20QMNwCiBQDjd87QIfaVG8k1HtfR2eB WQsdoCn2PwiMERYqgYJZBkcBaprq/y5AOJ/1EQNwpIWywKaTE7tYFj7QfhVL1c5syO1W WQeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ntox8Gl4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b16si18452901eju.94.2020.12.28.06.20.25; Mon, 28 Dec 2020 06:20:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ntox8Gl4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2440667AbgL1OP1 (ORCPT + 99 others); Mon, 28 Dec 2020 09:15:27 -0500 Received: from mail.kernel.org ([198.145.29.99]:50348 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2440655AbgL1OPZ (ORCPT ); Mon, 28 Dec 2020 09:15:25 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id F054520791; Mon, 28 Dec 2020 14:14:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609164884; bh=IrbmXb/o4P1fVDB+f5BWqDuRb5dThD2u1inhrivjWuU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ntox8Gl4CJVt4mJ1T5jdheEMIhqQCO/ha2RkmOWKNahhGSHzVPJQ6+JFQPno5sjNu sd379n5mvFYg4rQWggnHdNwB8RP5eOcmsCX9cZ9y28cgcUdIlaEOrnE8RMHvzTkxSZ Dx7B5gicMMbmxES0Rd2CDeMb610YIdeZiUOQBf2o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Joshua Thompson , Stan Johnson , Finn Thain , Geert Uytterhoeven , Sasha Levin Subject: [PATCH 5.10 333/717] macintosh/adb-iop: Always wait for reply message from IOP Date: Mon, 28 Dec 2020 13:45:31 +0100 Message-Id: <20201228125036.978731208@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228125020.963311703@linuxfoundation.org> References: <20201228125020.963311703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Finn Thain [ Upstream commit 2c9cfbadfa234b03473f1ef54e6f4772cc07a371 ] A recent patch incorrectly altered the adb-iop state machine behaviour and introduced a regression that can appear intermittently as a malfunctioning ADB input device. This seems to be caused when reply packets from different ADB commands become mixed up, especially during the adb bus scan. Fix this by unconditionally entering the awaiting_reply state after sending an explicit command, even when the ADB command won't generate a reply from the ADB device. It turns out that the IOP always generates reply messages, even when the ADB command does not produce a reply packet (e.g. ADB Listen command). So it's not really the ADB reply packets that are being mixed up, it's the IOP messages that enclose them. The bug goes like this: 1. CPU sends a message to the IOP, expecting no response because this message contains an ADB Listen command. The ADB command is now considered complete. 2. CPU sends a second message to the IOP, this time expecting a response because this message contains an ADB Talk command. This ADB command needs a reply before it can be completed. 3. adb-iop driver receives an IOP message and assumes that it relates to the Talk command. It's actually an empty one (with flags == ADB_IOP_EXPLICIT|ADB_IOP_TIMEOUT) for the previous command. The Talk command is now considered complete but it gets the wrong reply data. 4. adb-iop driver gets another IOP response message, which contains the actual reply data for the Talk command, but this is dropped (the driver is no longer in awaiting_reply state). Cc: Joshua Thompson Fixes: e2954e5f727f ("macintosh/adb-iop: Implement sending -> idle state transition") Tested-by: Stan Johnson Signed-off-by: Finn Thain Link: https://lore.kernel.org/r/0f0a25855391e7eaa53a50f651aea0124e8525dd.1605847196.git.fthain@telegraphics.com.au Signed-off-by: Geert Uytterhoeven Signed-off-by: Sasha Levin --- drivers/macintosh/adb-iop.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/macintosh/adb-iop.c b/drivers/macintosh/adb-iop.c index f3d1a460fbce1..422abd1d48e18 100644 --- a/drivers/macintosh/adb-iop.c +++ b/drivers/macintosh/adb-iop.c @@ -78,10 +78,7 @@ static void adb_iop_complete(struct iop_msg *msg) local_irq_save(flags); - if (current_req->reply_expected) - adb_iop_state = awaiting_reply; - else - adb_iop_done(); + adb_iop_state = awaiting_reply; local_irq_restore(flags); } @@ -89,8 +86,9 @@ static void adb_iop_complete(struct iop_msg *msg) /* * Listen for ADB messages from the IOP. * - * This will be called when unsolicited messages (usually replies to TALK - * commands or autopoll packets) are received. + * This will be called when unsolicited IOP messages are received. + * These IOP messages can carry ADB autopoll responses and also occur + * after explicit ADB commands. */ static void adb_iop_listen(struct iop_msg *msg) @@ -110,8 +108,10 @@ static void adb_iop_listen(struct iop_msg *msg) if (adb_iop_state == awaiting_reply) { struct adb_request *req = current_req; - req->reply_len = amsg->count + 1; - memcpy(req->reply, &amsg->cmd, req->reply_len); + if (req->reply_expected) { + req->reply_len = amsg->count + 1; + memcpy(req->reply, &amsg->cmd, req->reply_len); + } req_done = true; } -- 2.27.0