Searched +hist:2 +hist:e124b4a (Results 101 - 105 of 105) sorted by relevance
| /linux-master/drivers/tty/ | ||
| H A D | n_gsm.c | diff e6b3d55b Thu Oct 26 23:39:03 MDT 2023 Daniel Starke <daniel.starke@siemens.com> tty: n_gsm: add copyright Siemens Mobility GmbH More than 1/3 of the n_gsm code has been contributed by us in the last 1.5 years, completing conformance with the standard and stabilizing the driver: - added UI (unnumbered information) frame support - added PN (parameter negotiation) message handling and function support - added optional keep-alive control link supervision via test messages - added TIOCM_OUT1 and TIOCM_OUT2 to allow responder to operate as modem - added TIOCMIWAIT support on virtual ttys - added additional ioctls and parameters to configure the new functions - added overall locking mechanism to avoid data race conditions - added outgoing data flow to decouple physical from virtual tty handling for better performance and to avoid dead-locks - fixed advanced option mode implementation - fixed convergence layer type 2 implementation - fixed handling of CLD (multiplexer close down) messages - fixed broken muxer close down procedure - and many more bug fixes With this most of our initial RFC has been implemented. It gives the driver a quality boost unseen in the decade before. Add a copyright notice to the n_gsm files to highlight this contribution. Link: https://lore.kernel.org/all/20220225080758.2869-1-daniel.starke@siemens.com/ Signed-off-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20231027053903.1886-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff e74c048a Thu Aug 17 03:32:28 MDT 2023 Daniel Starke <daniel.starke@siemens.com> tty: n_gsm: increase gsm_mux unsupported counted where appropriate The structure gsm_mux contains the 'unsupported' field. However, there is currently no place in the code which increases this counter. Increase the 'unsupported' statistics counter in the following case: - an unsupported frame type has been requested by the peer via parameter negotiation - a control frame with an unsupported but known command has been received Note that we have no means to detect an inconsistent/unsupported adaptation sufficient accuracy as this changes the structure of the UI/UIH frames. E.g. a one byte header is added in case of convergence layer type 2 instead of 1 and contains the modem signal octet with the state of the signal lines. There is no checksum or other value which indicates of this field is correct or should be present. Therefore, we can only assume protocol correctness here. See also 'gsm_dlci_data()' where this is handled. Signed-off-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20230817093231.2317-6-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 2b3174c9 Tue Apr 11 10:45:32 MDT 2023 Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> n_gsm: Use array_index_nospec() with index that comes from userspace dc.channel used for indexing comes directly from copy_from_user(). Use array_index_nospec() to mitigate speculative side-channel. Link: https://lore.kernel.org/linux-serial/64306d13.ONswMlyWlVKLGkKR%25lkp@intel.com/ Cc: stable <stable@kernel.org> Fixes: afe3154ba87e ("tty: n_gsm: add ioctl for DLC config via ldisc handle") Reported-by: kernel test robot <lkp@intel.com> Reviewed-by: Daniel Starke <daniel.starke@siemens.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20230411164532.64175-1-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 8629745c Wed Mar 15 04:53:53 MDT 2023 Daniel Starke <daniel.starke@siemens.com> tty: n_gsm: allow window size configuration n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010. See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516 The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to the newer 27.010 here. Chapter 6 describes the error recovery mode option which is based on I frames. The k parameter defines the maximum number of I frames that a DLC can have unacknowledged as described in chapter 5.7.4. The current n_gsm implementation does not support the error recovery mode option. However, the k parameter is also part of the parameter negotiation message as described in chapter 5.4.6.3.1. Chapter 5.7.4 also notes that the allowed value range for k is 1-7. That means a 0 is counted as invalid here. This means that the user needs to configure a valid value here even if the function itself is not supported. Otherwise, parameter negotiation may fail. Allow setting of k via ioctl in gsm_config(). Range checks are already included. Signed-off-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20230315105354.6234-2-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 515be7ba Tue Jan 17 02:03:47 MST 2023 Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> tty: Cleanup tty_port_set_initialized() bool parameter Make callers pass true/false consistently for bool val. Reviewed-by: Samuel Iglesias Gonsalvez <siglesias@igalia.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20230117090358.4796-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 2ec7a802 Thu Nov 03 03:17:42 MDT 2022 Daniel Starke <daniel.starke@siemens.com> tty: n_gsm: add parameters used with parameter negotiation n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010. See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516 The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to the newer 27.010 here. Chapter 5.4.6.3.1 describes the encoding of the parameter negotiation messages. Add the parameters used there to 'gsm_mux' and 'gsm_dlci' and initialize both according to the value ranges and recommended defaults defined in chapter 5.7. Replace the use of the DLC default values from the 'gsm_mux' fields with the DLC specific values from the 'gsm_dlci' fields where applicable. Signed-off-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20221103091743.2119-2-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 2ec7a802 Thu Nov 03 03:17:42 MDT 2022 Daniel Starke <daniel.starke@siemens.com> tty: n_gsm: add parameters used with parameter negotiation n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010. See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516 The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to the newer 27.010 here. Chapter 5.4.6.3.1 describes the encoding of the parameter negotiation messages. Add the parameters used there to 'gsm_mux' and 'gsm_dlci' and initialize both according to the value ranges and recommended defaults defined in chapter 5.7. Replace the use of the DLC default values from the 'gsm_mux' fields with the DLC specific values from the 'gsm_dlci' fields where applicable. Signed-off-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20221103091743.2119-2-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff acdab4cb Sat Oct 08 05:02:20 MDT 2022 Fedor Pchelkin <pchelkin@ispras.ru> Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" This reverts commit 902e02ea9385373ce4b142576eef41c642703955. The above commit is reverted as the usage of tx_mutex seems not to solve the problem described in 902e02ea9385 ("tty: n_gsm: avoid call of sleeping functions from atomic context") and just moves the bug to another place. Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Reviewed-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20221008110221.13645-2-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 796492de Wed Aug 31 01:37:56 MDT 2022 Daniel Starke <daniel.starke@siemens.com> tty: n_gsm: name gsm tty device minors Add a macro which defines the possible number of virtual devices for n_gsm to improve code readability. Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Daniel Starke <daniel.starke@siemens.com> Link: https://lore.kernel.org/r/20220831073800.7459-2-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 902e02ea Mon Aug 29 07:16:40 MDT 2022 Fedor Pchelkin <pchelkin@ispras.ru> tty: n_gsm: avoid call of sleeping functions from atomic context Syzkaller reports the following problem: BUG: sleeping function called from invalid context at kernel/printk/printk.c:2347 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1105, name: syz-executor423 3 locks held by syz-executor423/1105: #0: ffff8881468b9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x90 drivers/tty/tty_ldisc.c:266 #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:952 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: do_tty_write drivers/tty/tty_io.c:975 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x2a8/0x8e0 drivers/tty/tty_io.c:1118 #2: ffff88801b06c398 (&gsm->tx_lock){....}-{2:2}, at: gsmld_write+0x5e/0x150 drivers/tty/n_gsm.c:2717 irq event stamp: 3482 hardirqs last enabled at (3481): [<ffffffff81d13343>] __get_reqs_available+0x143/0x2f0 fs/aio.c:946 hardirqs last disabled at (3482): [<ffffffff87d39722>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (3482): [<ffffffff87d39722>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:159 softirqs last enabled at (3408): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (3401): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 2 PID: 1105 Comm: syz-executor423 Not tainted 5.10.137-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:118 ___might_sleep.cold+0x1e8/0x22e kernel/sched/core.c:7304 console_lock+0x19/0x80 kernel/printk/printk.c:2347 do_con_write+0x113/0x1de0 drivers/tty/vt/vt.c:2909 con_write+0x22/0xc0 drivers/tty/vt/vt.c:3296 gsmld_write+0xd0/0x150 drivers/tty/n_gsm.c:2720 do_tty_write drivers/tty/tty_io.c:1028 [inline] file_tty_write.constprop.0+0x502/0x8e0 drivers/tty/tty_io.c:1118 call_write_iter include/linux/fs.h:1903 [inline] aio_write+0x355/0x7b0 fs/aio.c:1580 __io_submit_one fs/aio.c:1952 [inline] io_submit_one+0xf45/0x1a90 fs/aio.c:1999 __do_sys_io_submit fs/aio.c:2058 [inline] __se_sys_io_submit fs/aio.c:2028 [inline] __x64_sys_io_submit+0x18c/0x2f0 fs/aio.c:2028 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 The problem happens in the following control flow: gsmld_write(...) spin_lock_irqsave(&gsm->tx_lock, flags) // taken a spinlock on TX data con_write(...) do_con_write(...) console_lock() might_sleep() // -> bug As far as console_lock() might sleep it should not be called with spinlock held. The patch replaces tx_lock spinlock with mutex in order to avoid the problem. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 32dd59f96924 ("tty: n_gsm: fix race condition in gsmld_write()") Cc: stable <stable@kernel.org> Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Link: https://lore.kernel.org/r/20220829131640.69254-3-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 902e02ea Mon Aug 29 07:16:40 MDT 2022 Fedor Pchelkin <pchelkin@ispras.ru> tty: n_gsm: avoid call of sleeping functions from atomic context Syzkaller reports the following problem: BUG: sleeping function called from invalid context at kernel/printk/printk.c:2347 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1105, name: syz-executor423 3 locks held by syz-executor423/1105: #0: ffff8881468b9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x90 drivers/tty/tty_ldisc.c:266 #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:952 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: do_tty_write drivers/tty/tty_io.c:975 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x2a8/0x8e0 drivers/tty/tty_io.c:1118 #2: ffff88801b06c398 (&gsm->tx_lock){....}-{2:2}, at: gsmld_write+0x5e/0x150 drivers/tty/n_gsm.c:2717 irq event stamp: 3482 hardirqs last enabled at (3481): [<ffffffff81d13343>] __get_reqs_available+0x143/0x2f0 fs/aio.c:946 hardirqs last disabled at (3482): [<ffffffff87d39722>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (3482): [<ffffffff87d39722>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:159 softirqs last enabled at (3408): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (3401): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 2 PID: 1105 Comm: syz-executor423 Not tainted 5.10.137-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:118 ___might_sleep.cold+0x1e8/0x22e kernel/sched/core.c:7304 console_lock+0x19/0x80 kernel/printk/printk.c:2347 do_con_write+0x113/0x1de0 drivers/tty/vt/vt.c:2909 con_write+0x22/0xc0 drivers/tty/vt/vt.c:3296 gsmld_write+0xd0/0x150 drivers/tty/n_gsm.c:2720 do_tty_write drivers/tty/tty_io.c:1028 [inline] file_tty_write.constprop.0+0x502/0x8e0 drivers/tty/tty_io.c:1118 call_write_iter include/linux/fs.h:1903 [inline] aio_write+0x355/0x7b0 fs/aio.c:1580 __io_submit_one fs/aio.c:1952 [inline] io_submit_one+0xf45/0x1a90 fs/aio.c:1999 __do_sys_io_submit fs/aio.c:2058 [inline] __se_sys_io_submit fs/aio.c:2028 [inline] __x64_sys_io_submit+0x18c/0x2f0 fs/aio.c:2028 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 The problem happens in the following control flow: gsmld_write(...) spin_lock_irqsave(&gsm->tx_lock, flags) // taken a spinlock on TX data con_write(...) do_con_write(...) console_lock() might_sleep() // -> bug As far as console_lock() might sleep it should not be called with spinlock held. The patch replaces tx_lock spinlock with mutex in order to avoid the problem. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 32dd59f96924 ("tty: n_gsm: fix race condition in gsmld_write()") Cc: stable <stable@kernel.org> Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Link: https://lore.kernel.org/r/20220829131640.69254-3-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 902e02ea Mon Aug 29 07:16:40 MDT 2022 Fedor Pchelkin <pchelkin@ispras.ru> tty: n_gsm: avoid call of sleeping functions from atomic context Syzkaller reports the following problem: BUG: sleeping function called from invalid context at kernel/printk/printk.c:2347 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1105, name: syz-executor423 3 locks held by syz-executor423/1105: #0: ffff8881468b9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x90 drivers/tty/tty_ldisc.c:266 #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:952 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: do_tty_write drivers/tty/tty_io.c:975 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x2a8/0x8e0 drivers/tty/tty_io.c:1118 #2: ffff88801b06c398 (&gsm->tx_lock){....}-{2:2}, at: gsmld_write+0x5e/0x150 drivers/tty/n_gsm.c:2717 irq event stamp: 3482 hardirqs last enabled at (3481): [<ffffffff81d13343>] __get_reqs_available+0x143/0x2f0 fs/aio.c:946 hardirqs last disabled at (3482): [<ffffffff87d39722>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (3482): [<ffffffff87d39722>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:159 softirqs last enabled at (3408): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (3401): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 2 PID: 1105 Comm: syz-executor423 Not tainted 5.10.137-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:118 ___might_sleep.cold+0x1e8/0x22e kernel/sched/core.c:7304 console_lock+0x19/0x80 kernel/printk/printk.c:2347 do_con_write+0x113/0x1de0 drivers/tty/vt/vt.c:2909 con_write+0x22/0xc0 drivers/tty/vt/vt.c:3296 gsmld_write+0xd0/0x150 drivers/tty/n_gsm.c:2720 do_tty_write drivers/tty/tty_io.c:1028 [inline] file_tty_write.constprop.0+0x502/0x8e0 drivers/tty/tty_io.c:1118 call_write_iter include/linux/fs.h:1903 [inline] aio_write+0x355/0x7b0 fs/aio.c:1580 __io_submit_one fs/aio.c:1952 [inline] io_submit_one+0xf45/0x1a90 fs/aio.c:1999 __do_sys_io_submit fs/aio.c:2058 [inline] __se_sys_io_submit fs/aio.c:2028 [inline] __x64_sys_io_submit+0x18c/0x2f0 fs/aio.c:2028 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 The problem happens in the following control flow: gsmld_write(...) spin_lock_irqsave(&gsm->tx_lock, flags) // taken a spinlock on TX data con_write(...) do_con_write(...) console_lock() might_sleep() // -> bug As far as console_lock() might sleep it should not be called with spinlock held. The patch replaces tx_lock spinlock with mutex in order to avoid the problem. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 32dd59f96924 ("tty: n_gsm: fix race condition in gsmld_write()") Cc: stable <stable@kernel.org> Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Link: https://lore.kernel.org/r/20220829131640.69254-3-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 902e02ea Mon Aug 29 07:16:40 MDT 2022 Fedor Pchelkin <pchelkin@ispras.ru> tty: n_gsm: avoid call of sleeping functions from atomic context Syzkaller reports the following problem: BUG: sleeping function called from invalid context at kernel/printk/printk.c:2347 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1105, name: syz-executor423 3 locks held by syz-executor423/1105: #0: ffff8881468b9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x90 drivers/tty/tty_ldisc.c:266 #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:952 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: do_tty_write drivers/tty/tty_io.c:975 [inline] #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x2a8/0x8e0 drivers/tty/tty_io.c:1118 #2: ffff88801b06c398 (&gsm->tx_lock){....}-{2:2}, at: gsmld_write+0x5e/0x150 drivers/tty/n_gsm.c:2717 irq event stamp: 3482 hardirqs last enabled at (3481): [<ffffffff81d13343>] __get_reqs_available+0x143/0x2f0 fs/aio.c:946 hardirqs last disabled at (3482): [<ffffffff87d39722>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (3482): [<ffffffff87d39722>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:159 softirqs last enabled at (3408): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (3401): [<ffffffff87e01002>] asm_call_irq_on_stack+0x12/0x20 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 2 PID: 1105 Comm: syz-executor423 Not tainted 5.10.137-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:118 ___might_sleep.cold+0x1e8/0x22e kernel/sched/core.c:7304 console_lock+0x19/0x80 kernel/printk/printk.c:2347 do_con_write+0x113/0x1de0 drivers/tty/vt/vt.c:2909 con_write+0x22/0xc0 drivers/tty/vt/vt.c:3296 gsmld_write+0xd0/0x150 drivers/tty/n_gsm.c:2720 do_tty_write drivers/tty/tty_io.c:1028 [inline] file_tty_write.constprop.0+0x502/0x8e0 drivers/tty/tty_io.c:1118 call_write_iter include/linux/fs.h:1903 [inline] aio_write+0x355/0x7b0 fs/aio.c:1580 __io_submit_one fs/aio.c:1952 [inline] io_submit_one+0xf45/0x1a90 fs/aio.c:1999 __do_sys_io_submit fs/aio.c:2058 [inline] __se_sys_io_submit fs/aio.c:2028 [inline] __x64_sys_io_submit+0x18c/0x2f0 fs/aio.c:2028 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 The problem happens in the following control flow: gsmld_write(...) spin_lock_irqsave(&gsm->tx_lock, flags) // taken a spinlock on TX data con_write(...) do_con_write(...) console_lock() might_sleep() // -> bug As far as console_lock() might sleep it should not be called with spinlock held. The patch replaces tx_lock spinlock with mutex in order to avoid the problem. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 32dd59f96924 ("tty: n_gsm: fix race condition in gsmld_write()") Cc: stable <stable@kernel.org> Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Link: https://lore.kernel.org/r/20220829131640.69254-3-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| /linux-master/drivers/usb/serial/ | ||
| H A D | ftdi_sio.c | diff c5a80540 Thu Apr 22 01:58:52 MDT 2021 Dominik Andreas Schorpp <dominik.a.schorpp@ids.de> USB: serial: ftdi_sio: add IDs for IDS GmbH Products Add the IDS GmbH Vendor ID and the Product IDs for SI31A (2xRS232) and CM31A (LoRaWAN Modem). Signed-off-by: Dominik Andreas Schorpp <dominik.a.schorpp@ids.de> Signed-off-by: Juergen Borleis <jbe@pengutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold <johan@kernel.org> diff 2ab58361 Tue Apr 06 16:39:05 MDT 2021 Johan Hovold <johan@kernel.org> USB: serial: ftdi_sio: fix TIOCGSERIAL implementation TIOCSSERIAL is a horrid, underspecified, legacy interface which for most serial devices is only useful for setting the close_delay and closing_wait parameters. The FTDI driver is the only USB serial driver supporting the deprecated ASYNC_SPD flags, which are reported back as they should by TIOCGSERIAL, but the returned parameters did not include the line number. The close_delay and closing_wait parameters returned by TIOCGSERIAL are specified in centiseconds. The driver does not yet support changing these, but let's report back the default values actually used (0.5 and 30 seconds, respectively). Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hovold <johan@kernel.org> diff c5d1448f Mon Feb 08 07:31:49 MST 2021 Uwe Kleine-König <uwe@kleine-koenig.org> USB: serial: make remove callback return void All usb_serial drivers return 0 in their remove callbacks and driver core ignores the value returned by usb_serial_device_remove(). So change the remove callback to return void and return 0 unconditionally in usb_serial_device_remove(). Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org> Link: https://lore.kernel.org/r/20210208143149.963644-2-uwe@kleine-koenig.org Signed-off-by: Johan Hovold <johan@kernel.org> diff a8eda9fa Mon Jan 14 05:30:03 MST 2019 Karoly Pados <pados@pados.hu> USB: serial: ftdi_sio: fix GPIO not working in autosuspend There is a bug in the current GPIO code for ftdi_sio: it failed to take USB autosuspend into account. If the device is in autosuspend, calls to usb_control_msg() fail with -EHOSTUNREACH. Because the standard value for autosuspend timeout is usually 2-5 seconds, this made it almost impossible to use the GPIOs on machines that have USB autosuspend enabled. This patch fixes the issue by acquiring a PM lock on the device for the duration of the USB transfers. Tested on an FT231X device. Signed-off-by: Karoly Pados <pados@pados.hu> [ johan: simplify code somewhat ] Fixes: ba93cc7da896 ("USB: serial: ftdi_sio: implement GPIO support for FT-X devices") Cc: stable <stable@vger.kernel.org> # 4.20 Signed-off-by: Johan Hovold <johan@kernel.org> diff 31c5d192 Tue Apr 18 12:07:56 MDT 2017 Marek Vasut <marex@denx.de> USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit This development kit has an FT4232 on it with a custom USB VID/PID. The FT4232 provides four UARTs, but only two are used. The UART 0 is used by the FlashPro5 programmer and UART 2 is connected to the SmartFusion2 CortexM3 SoC UART port. Note that the USB VID is registered to Actel according to Linux USB VID database, but that was acquired by Microsemi. Signed-off-by: Marek Vasut <marex@denx.de> Cc: stable <stable@vger.kernel.org> Signed-off-by: Johan Hovold <johan@kernel.org> diff 2dea7cd7 Wed Mar 08 09:02:57 MST 2017 Ian Abbott <abbotti@mev.co.uk> USB: serial: ftdi_sio: don't access latency timer on old chips The latency timer was introduced with the FT232BM and FT245BM chips. Do not bother attempting to read or write it for older chip versions. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Johan Hovold <johan@kernel.org> diff 2fbd69c4 Tue Nov 08 05:26:50 MST 2016 Johan Hovold <johan@kernel.org> USB: serial: fix invalid user-pointer checks Drop invalid user-pointer checks from ioctl handlers. A NULL-pointer can be valid in user space and copy_to_user() takes care of sanity checking. Signed-off-by: Johan Hovold <johan@kernel.org> diff c7d373c3 Mon Mar 02 18:38:02 MST 2015 Max Mansfield <max.m.mansfield@gmail.com> usb: ftdi_sio: Add jtag quirk support for Cyber Cortex AV boards This patch integrates Cyber Cortex AV boards with the existing ftdi_jtag_quirk in order to use serial port 0 with JTAG which is required by the manufacturers' software. Steps: 2 [ftdi_sio_ids.h] 1. Defined the device PID [ftdi_sio.c] 2. Added a macro declaration to the ids array, in order to enable the jtag quirk for the device. Signed-off-by: Max Mansfield <max.m.mansfield@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Johan Hovold <johan@kernel.org> diff c7d373c3 Mon Mar 02 18:38:02 MST 2015 Max Mansfield <max.m.mansfield@gmail.com> usb: ftdi_sio: Add jtag quirk support for Cyber Cortex AV boards This patch integrates Cyber Cortex AV boards with the existing ftdi_jtag_quirk in order to use serial port 0 with JTAG which is required by the manufacturers' software. Steps: 2 [ftdi_sio_ids.h] 1. Defined the device PID [ftdi_sio.c] 2. Added a macro declaration to the ids array, in order to enable the jtag quirk for the device. Signed-off-by: Max Mansfield <max.m.mansfield@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Johan Hovold <johan@kernel.org> diff d8279a40 Thu Jul 10 06:00:34 MDT 2014 Michal Sojka <sojkam1@fel.cvut.cz> USB: serial: ftdi_sio: Add Infineon Triboard This adds support for Infineon TriBoard TC1798 [1]. Only interface 1 is used as serial line (see [2], Figure 8-6). [1] http://www.infineon.com/cms/de/product/microcontroller/development-tools-software-and-kits/tricore-tm-development-tools-software-and-kits/starterkits-and-evaluation-boards/starter-kit-tc1798/channel.html?channel=db3a304333b8a7ca0133cfa3d73e4268 [2] http://www.infineon.com/dgdl/TriBoardManual-TC1798-V10.pdf?folderId=db3a304412b407950112b409ae7c0343&fileId=db3a304333b8a7ca0133cfae99fe426a Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> Cc: Johan Hovold <johan@kernel.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff d8279a40 Thu Jul 10 06:00:34 MDT 2014 Michal Sojka <sojkam1@fel.cvut.cz> USB: serial: ftdi_sio: Add Infineon Triboard This adds support for Infineon TriBoard TC1798 [1]. Only interface 1 is used as serial line (see [2], Figure 8-6). [1] http://www.infineon.com/cms/de/product/microcontroller/development-tools-software-and-kits/tricore-tm-development-tools-software-and-kits/starterkits-and-evaluation-boards/starter-kit-tc1798/channel.html?channel=db3a304333b8a7ca0133cfa3d73e4268 [2] http://www.infineon.com/dgdl/TriBoardManual-TC1798-V10.pdf?folderId=db3a304412b407950112b409ae7c0343&fileId=db3a304333b8a7ca0133cfae99fe426a Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> Cc: Johan Hovold <johan@kernel.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| /linux-master/include/linux/ | ||
| H A D | tty.h | diff 4ff4379c Sun Nov 26 16:03:08 MST 2023 Florian Eckert <fe@dev.tdt.de> tty: add new helper function tty_get_tiocm There is no in-kernel function to get the status register of a tty device like the TIOCMGET ioctl returns to userspace. Create a new function, tty_get_tiocm(), to obtain the status register that other portions of the kernel can call if they need this information, and move the existing internal tty_tiocmget() function to use this interface. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Link: https://lore.kernel.org/r/20231127110311.3583957-2-fe@dev.tdt.de Signed-off-by: Lee Jones <lee@kernel.org> diff ebf05c7d Fri Aug 25 09:28:20 MDT 2023 Greg Kroah-Hartman <gregkh@linuxfoundation.org> tty: shrink the size of struct tty_struct by 40 bytes It's been a long time since anyone has looked at what struct tty_struct looks like in memory, turns out there was a ton of holes. So move things around a bit, change one variable (closing) from being an int to a bool (it is only being tested for 0/1), and we end up saving 40 bytes per structure overall on x86-64 systems. Before this patch: /* size: 696, cachelines: 11, members: 37 */ /* sum members: 665, holes: 8, sum holes: 31 */ /* forced alignments: 2, forced holes: 1, sum forced holes: 4 */ /* last cacheline: 56 bytes */ After this change: /* size: 656, cachelines: 11, members: 37 */ /* sum members: 654, holes: 1, sum holes: 2 */ /* forced alignments: 2 */ /* last cacheline: 16 bytes */ Cc: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/2023082519-cobbler-unholy-8d1f@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff ebf05c7d Fri Aug 25 09:28:20 MDT 2023 Greg Kroah-Hartman <gregkh@linuxfoundation.org> tty: shrink the size of struct tty_struct by 40 bytes It's been a long time since anyone has looked at what struct tty_struct looks like in memory, turns out there was a ton of holes. So move things around a bit, change one variable (closing) from being an int to a bool (it is only being tested for 0/1), and we end up saving 40 bytes per structure overall on x86-64 systems. Before this patch: /* size: 696, cachelines: 11, members: 37 */ /* sum members: 665, holes: 8, sum holes: 31 */ /* forced alignments: 2, forced holes: 1, sum forced holes: 4 */ /* last cacheline: 56 bytes */ After this change: /* size: 656, cachelines: 11, members: 37 */ /* sum members: 654, holes: 1, sum holes: 2 */ /* forced alignments: 2 */ /* last cacheline: 16 bytes */ Cc: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/2023082519-cobbler-unholy-8d1f@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff ebf05c7d Fri Aug 25 09:28:20 MDT 2023 Greg Kroah-Hartman <gregkh@linuxfoundation.org> tty: shrink the size of struct tty_struct by 40 bytes It's been a long time since anyone has looked at what struct tty_struct looks like in memory, turns out there was a ton of holes. So move things around a bit, change one variable (closing) from being an int to a bool (it is only being tested for 0/1), and we end up saving 40 bytes per structure overall on x86-64 systems. Before this patch: /* size: 696, cachelines: 11, members: 37 */ /* sum members: 665, holes: 8, sum holes: 31 */ /* forced alignments: 2, forced holes: 1, sum forced holes: 4 */ /* last cacheline: 56 bytes */ After this change: /* size: 656, cachelines: 11, members: 37 */ /* sum members: 654, holes: 1, sum holes: 2 */ /* forced alignments: 2 */ /* last cacheline: 16 bytes */ Cc: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/2023082519-cobbler-unholy-8d1f@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 87888fb9 Tue Aug 16 05:57:32 MDT 2022 Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> tty: Remove baudrate dead code & make ktermios params const With the architectures currently in-tree, either: 1) CBAUDEX is zero 2) The earlier BOTHER if check covers cbaud < 1 case 3) All CBAUD bits are covered by the baud_table Thus, the check for cbaud being out-of-range for CBAUDEX case cannot ever be true. The ktermios parameters can now be made const. Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20220816115739.10928-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 87888fb9 Tue Aug 16 05:57:32 MDT 2022 Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> tty: Remove baudrate dead code & make ktermios params const With the architectures currently in-tree, either: 1) CBAUDEX is zero 2) The earlier BOTHER if check covers cbaud < 1 case 3) All CBAUD bits are covered by the baud_table Thus, the check for cbaud being out-of-range for CBAUDEX case cannot ever be true. The ktermios parameters can now be made const. Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20220816115739.10928-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 18e6c075 Fri Nov 26 01:15:49 MST 2021 Jiri Slaby <jirislaby@kernel.org> tty: finish kernel-doc of tty_struct members There are already pieces of kernel-doc documentation for struct tty_struct in tty.h. Finish the documentation for the members which were undocumented yet. It also includes tuning the already existing pieces like flow and ctrl, especially adding highlights to them. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211126081611.11001-2-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 4d3d9478 Thu Jul 22 16:31:40 MDT 2021 Jiri Slaby <jirislaby@kernel.org> tty: move tty_driver related prototypes to tty_driver.h We already have tty_driver.h, so cleanup tty.h a bit by moving out tty_driver-related function prototypes into tty_driver.h. Note that tty.h already includes tty_driver.h. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210723103147.18250-2-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 64d608db Wed May 05 03:19:06 MDT 2021 Jiri Slaby <jirislaby@kernel.org> tty: cumulate and document tty_struct::ctrl* members Group the ctrl members under a single struct called ctrl. The new struct contains 'pgrp', 'session', 'pktstatus', and 'packet'. 'pktstatus' and 'packet' used to be bits in a bitfield. The struct also contains the lock protecting them to share the same cache line. Note that commit c545b66c6922b (tty: Serialize tcflow() with other tty flow control changes) added a padding to the original bitfield. It was for the bitfield to occupy a whole 64b word to avoid interferring stores on Alpha (cannot we evaporate this arch with weird implications to C code yet?). But it doesn't work as expected as the padding (tty_struct::ctrl_unused) is aligned to a 8B boundary too and occupies some bytes from the next word. So make it reliable by: 1) setting __aligned of the struct -- that aligns the start, and 2) making 'unsigned long unused[0]' as the last member of the struct -- pads the end. Add a kerneldoc comment for this grouped members. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: netdev@vger.kernel.org Link: https://lore.kernel.org/r/20210505091928.22010-14-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 6e94dbc7 Wed May 05 03:19:05 MDT 2021 Jiri Slaby <jirislaby@kernel.org> tty: cumulate and document tty_struct::flow* members Group the flow flags under a single struct called flow. The new struct contains 'stopped' and 'tco_stopped' bools which used to be bits in a bitfield. The struct also contains the lock protecting them to potentially share the same cache line. Note that commit c545b66c6922b (tty: Serialize tcflow() with other tty flow control changes) added a padding to the original bitfield. It was for the bitfield to occupy a whole 64b word to avoid interferring stores on Alpha (cannot we evaporate this arch with weird implications to C code yet?). But it doesn't work as expected as the padding (tty_struct::unused) is aligned to a 8B boundary too and occupies some bytes from the next word. So make it reliable by: 1) setting __aligned of the struct -- that aligns the start, and 2) making 'unsigned long unused[0]' as the last member of the struct -- pads the end. This is also the perfect time to start the documentation of tty_struct where all this lives. So we start by documenting what these bools actually serve for. And why we do all the alignment dances. Only the few up-to-date information from the Theodore's comment made it into this new Kerneldoc comment. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Ulf Hansson <ulf.hansson@linaro.org> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Shawn Guo <shawnguo@kernel.org> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: Vineet Gupta <vgupta@synopsys.com> Cc: "Maciej W. Rozycki" <macro@orcam.me.uk> Link: https://lore.kernel.org/r/20210505091928.22010-13-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| /linux-master/drivers/tty/serial/ | ||
| H A D | imx.c | diff 07c30ea5 Tue Jan 02 23:18:12 MST 2024 Lino Sanfilippo <l.sanfilippo@kunbus.com> serial: Do not hold the port lock when setting rx-during-tx GPIO Both the imx and stm32 driver set the rx-during-tx GPIO in rs485_config(). Since this function is called with the port lock held, this can be a problem in case that setting the GPIO line can sleep (e.g. if a GPIO expander is used which is connected via SPI or I2C). Avoid this issue by moving the GPIO setting outside of the port lock into the serial core and thus making it a generic feature. Also with commit c54d48543689 ("serial: stm32: Add support for rs485 RX_DURING_TX output GPIO") the SER_RS485_RX_DURING_TX flag is only set if a rx-during-tx GPIO is _not_ available, which is wrong. Fix this, too. Furthermore reset old GPIO settings in case that changing the RS485 configuration failed. Fixes: c54d48543689 ("serial: stm32: Add support for rs485 RX_DURING_TX output GPIO") Fixes: ca530cfa968c ("serial: imx: Add support for RS485 RX_DURING_TX output GPIO") Cc: Shawn Guo <shawnguo@kernel.org> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: <stable@vger.kernel.org> Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com> Link: https://lore.kernel.org/r/20240103061818.564-2-l.sanfilippo@kunbus.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff bb5ab77e Thu Sep 28 00:43:20 MDT 2023 Sascha Hauer <s.hauer@pengutronix.de> serial: imx: Put DMA enabled UART in separate lock subclass Lockdep complains about possible circular locking dependencies when the i.MX SDMA driver issues console messages under its spinlock. While the SDMA driver calls back into the UART when issuing a message, the i.MX UART driver will never call back into the SDMA driver for this UART, because DMA is explicitly not used for UARTs providing the console. To avoid the lockdep warnings put the UART port lock for console devices into a separate subclass. This fixes possible deadlock warnings like the following which was provoked by adding a printk to the i.MX SDMA driver at a place where the driver holds its spinlock. ====================================================== WARNING: possible circular locking dependency detected 6.6.0-rc3-00045-g517852be693b-dirty #110 Not tainted ------------------------------------------------------ swapper/0/0 is trying to acquire lock: c1818e04 (console_owner){-...}-{0:0}, at: console_flush_all+0x1c4/0x634 but task is already holding lock: c44649e0 (&vc->lock){-...}-{3:3}, at: sdma_int_handler+0xc4/0x368 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&vc->lock){-...}-{3:3}: _raw_spin_lock_irqsave+0x4c/0x68 sdma_prep_dma_cyclic+0x1a8/0x21c imx_uart_startup+0x44c/0x5d4 uart_startup+0x120/0x2b0 uart_port_activate+0x44/0x98 tty_port_open+0x80/0xd0 uart_open+0x18/0x20 tty_open+0x120/0x664 chrdev_open+0xc0/0x214 do_dentry_open+0x1d0/0x544 path_openat+0xbb0/0xea0 do_filp_open+0x5c/0xd4 do_sys_openat2+0xb8/0xf0 sys_openat+0x8c/0xd8 ret_fast_syscall+0x0/0x1c -> #1 (&port_lock_key){-.-.}-{3:3}: _raw_spin_lock_irqsave+0x4c/0x68 imx_uart_console_write+0x164/0x1a0 console_flush_all+0x220/0x634 console_unlock+0x64/0x164 vprintk_emit+0xb0/0x390 vprintk_default+0x24/0x2c _printk+0x2c/0x5c register_console+0x244/0x478 serial_core_register_port+0x5c4/0x618 imx_uart_probe+0x4e0/0x7d4 platform_probe+0x58/0xb0 really_probe+0xc4/0x2e0 __driver_probe_device+0x84/0x1a0 driver_probe_device+0x2c/0x108 __driver_attach+0x94/0x17c bus_for_each_dev+0x7c/0xd0 bus_add_driver+0xc4/0x1cc driver_register+0x7c/0x114 imx_uart_init+0x20/0x40 do_one_initcall+0x7c/0x3c4 kernel_init_freeable+0x17c/0x228 kernel_init+0x14/0x140 ret_from_fork+0x14/0x24 -> #0 (console_owner){-...}-{0:0}: __lock_acquire+0x14b0/0x29a0 lock_acquire.part.0+0xb4/0x264 console_flush_all+0x20c/0x634 console_unlock+0x64/0x164 vprintk_emit+0xb0/0x390 vprintk_default+0x24/0x2c _printk+0x2c/0x5c sdma_int_handler+0xcc/0x368 __handle_irq_event_percpu+0x94/0x2d0 handle_irq_event+0x38/0xd0 handle_fasteoi_irq+0x98/0x248 handle_irq_desc+0x1c/0x2c gic_handle_irq+0x6c/0x90 generic_handle_arch_irq+0x2c/0x64 __irq_svc+0x90/0xbc cpuidle_enter_state+0x1a0/0x4f4 cpuidle_enter+0x30/0x40 do_idle+0x210/0x2b4 cpu_startup_entry+0x28/0x2c rest_init+0xd0/0x184 arch_post_acpi_subsys_init+0x0/0x8 other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &vc->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&vc->lock); lock(&port_lock_key); lock(&vc->lock); lock(console_owner); *** DEADLOCK *** 3 locks held by swapper/0/0: #0: c44649e0 (&vc->lock){-...}-{3:3}, at: sdma_int_handler+0xc4/0x368 #1: c1818d50 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x24/0x2c #2: c1818d08 (console_srcu){....}-{0:0}, at: console_flush_all+0x44/0x634 stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.0-rc3-00045-g517852be693b-dirty #110 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x60/0x90 dump_stack_lvl from check_noncircular+0x184/0x1b8 check_noncircular from __lock_acquire+0x14b0/0x29a0 __lock_acquire from lock_acquire.part.0+0xb4/0x264 lock_acquire.part.0 from console_flush_all+0x20c/0x634 console_flush_all from console_unlock+0x64/0x164 console_unlock from vprintk_emit+0xb0/0x390 vprintk_emit from vprintk_default+0x24/0x2c vprintk_default from _printk+0x2c/0x5c _printk from sdma_int_handler+0xcc/0x368 sdma_int_handler from __handle_irq_event_percpu+0x94/0x2d0 __handle_irq_event_percpu from handle_irq_event+0x38/0xd0 handle_irq_event from handle_fasteoi_irq+0x98/0x248 handle_fasteoi_irq from handle_irq_desc+0x1c/0x2c handle_irq_desc from gic_handle_irq+0x6c/0x90 gic_handle_irq from generic_handle_arch_irq+0x2c/0x64 generic_handle_arch_irq from __irq_svc+0x90/0xbc Exception stack(0xc1801ee8 to 0xc1801f30) 1ee0: ffffffff ffffffff 00000001 00030349 00000000 00000012 1f00: 00000000 d7e45f4b 00000012 00000000 d7e16d63 c1810828 00000000 c1801f38 1f20: c108125c c1081260 60010013 ffffffff __irq_svc from cpuidle_enter_state+0x1a0/0x4f4 cpuidle_enter_state from cpuidle_enter+0x30/0x40 cpuidle_enter from do_idle+0x210/0x2b4 do_idle from cpu_startup_entry+0x28/0x2c cpu_startup_entry from rest_init+0xd0/0x184 rest_init from arch_post_acpi_subsys_init+0x0/0x8 Reported-by: Tim van der Staaij <Tim.vanderstaaij@zigngroup.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Link: https://lore.kernel.org/r/20230928064320.711603-1-s.hauer@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff bb5ab77e Thu Sep 28 00:43:20 MDT 2023 Sascha Hauer <s.hauer@pengutronix.de> serial: imx: Put DMA enabled UART in separate lock subclass Lockdep complains about possible circular locking dependencies when the i.MX SDMA driver issues console messages under its spinlock. While the SDMA driver calls back into the UART when issuing a message, the i.MX UART driver will never call back into the SDMA driver for this UART, because DMA is explicitly not used for UARTs providing the console. To avoid the lockdep warnings put the UART port lock for console devices into a separate subclass. This fixes possible deadlock warnings like the following which was provoked by adding a printk to the i.MX SDMA driver at a place where the driver holds its spinlock. ====================================================== WARNING: possible circular locking dependency detected 6.6.0-rc3-00045-g517852be693b-dirty #110 Not tainted ------------------------------------------------------ swapper/0/0 is trying to acquire lock: c1818e04 (console_owner){-...}-{0:0}, at: console_flush_all+0x1c4/0x634 but task is already holding lock: c44649e0 (&vc->lock){-...}-{3:3}, at: sdma_int_handler+0xc4/0x368 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&vc->lock){-...}-{3:3}: _raw_spin_lock_irqsave+0x4c/0x68 sdma_prep_dma_cyclic+0x1a8/0x21c imx_uart_startup+0x44c/0x5d4 uart_startup+0x120/0x2b0 uart_port_activate+0x44/0x98 tty_port_open+0x80/0xd0 uart_open+0x18/0x20 tty_open+0x120/0x664 chrdev_open+0xc0/0x214 do_dentry_open+0x1d0/0x544 path_openat+0xbb0/0xea0 do_filp_open+0x5c/0xd4 do_sys_openat2+0xb8/0xf0 sys_openat+0x8c/0xd8 ret_fast_syscall+0x0/0x1c -> #1 (&port_lock_key){-.-.}-{3:3}: _raw_spin_lock_irqsave+0x4c/0x68 imx_uart_console_write+0x164/0x1a0 console_flush_all+0x220/0x634 console_unlock+0x64/0x164 vprintk_emit+0xb0/0x390 vprintk_default+0x24/0x2c _printk+0x2c/0x5c register_console+0x244/0x478 serial_core_register_port+0x5c4/0x618 imx_uart_probe+0x4e0/0x7d4 platform_probe+0x58/0xb0 really_probe+0xc4/0x2e0 __driver_probe_device+0x84/0x1a0 driver_probe_device+0x2c/0x108 __driver_attach+0x94/0x17c bus_for_each_dev+0x7c/0xd0 bus_add_driver+0xc4/0x1cc driver_register+0x7c/0x114 imx_uart_init+0x20/0x40 do_one_initcall+0x7c/0x3c4 kernel_init_freeable+0x17c/0x228 kernel_init+0x14/0x140 ret_from_fork+0x14/0x24 -> #0 (console_owner){-...}-{0:0}: __lock_acquire+0x14b0/0x29a0 lock_acquire.part.0+0xb4/0x264 console_flush_all+0x20c/0x634 console_unlock+0x64/0x164 vprintk_emit+0xb0/0x390 vprintk_default+0x24/0x2c _printk+0x2c/0x5c sdma_int_handler+0xcc/0x368 __handle_irq_event_percpu+0x94/0x2d0 handle_irq_event+0x38/0xd0 handle_fasteoi_irq+0x98/0x248 handle_irq_desc+0x1c/0x2c gic_handle_irq+0x6c/0x90 generic_handle_arch_irq+0x2c/0x64 __irq_svc+0x90/0xbc cpuidle_enter_state+0x1a0/0x4f4 cpuidle_enter+0x30/0x40 do_idle+0x210/0x2b4 cpu_startup_entry+0x28/0x2c rest_init+0xd0/0x184 arch_post_acpi_subsys_init+0x0/0x8 other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &vc->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&vc->lock); lock(&port_lock_key); lock(&vc->lock); lock(console_owner); *** DEADLOCK *** 3 locks held by swapper/0/0: #0: c44649e0 (&vc->lock){-...}-{3:3}, at: sdma_int_handler+0xc4/0x368 #1: c1818d50 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x24/0x2c #2: c1818d08 (console_srcu){....}-{0:0}, at: console_flush_all+0x44/0x634 stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.0-rc3-00045-g517852be693b-dirty #110 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x60/0x90 dump_stack_lvl from check_noncircular+0x184/0x1b8 check_noncircular from __lock_acquire+0x14b0/0x29a0 __lock_acquire from lock_acquire.part.0+0xb4/0x264 lock_acquire.part.0 from console_flush_all+0x20c/0x634 console_flush_all from console_unlock+0x64/0x164 console_unlock from vprintk_emit+0xb0/0x390 vprintk_emit from vprintk_default+0x24/0x2c vprintk_default from _printk+0x2c/0x5c _printk from sdma_int_handler+0xcc/0x368 sdma_int_handler from __handle_irq_event_percpu+0x94/0x2d0 __handle_irq_event_percpu from handle_irq_event+0x38/0xd0 handle_irq_event from handle_fasteoi_irq+0x98/0x248 handle_fasteoi_irq from handle_irq_desc+0x1c/0x2c handle_irq_desc from gic_handle_irq+0x6c/0x90 gic_handle_irq from generic_handle_arch_irq+0x2c/0x64 generic_handle_arch_irq from __irq_svc+0x90/0xbc Exception stack(0xc1801ee8 to 0xc1801f30) 1ee0: ffffffff ffffffff 00000001 00030349 00000000 00000012 1f00: 00000000 d7e45f4b 00000012 00000000 d7e16d63 c1810828 00000000 c1801f38 1f20: c108125c c1081260 60010013 ffffffff __irq_svc from cpuidle_enter_state+0x1a0/0x4f4 cpuidle_enter_state from cpuidle_enter+0x30/0x40 cpuidle_enter from do_idle+0x210/0x2b4 do_idle from cpu_startup_entry+0x28/0x2c cpu_startup_entry from rest_init+0xd0/0x184 rest_init from arch_post_acpi_subsys_init+0x0/0x8 Reported-by: Tim van der Staaij <Tim.vanderstaaij@zigngroup.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Link: https://lore.kernel.org/r/20230928064320.711603-1-s.hauer@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 639949a7 Thu Jun 15 16:47:23 MDT 2023 Martin Fuzzey <martin.fuzzey@flowbird.group> tty: serial: imx: fix rs485 rx after tx Since commit 79d0224f6bf2 ("tty: serial: imx: Handle RS485 DE signal active high") RS485 reception no longer works after a transmission. The following scenario shows the problem: 1) Open a port in RS485 mode 2) Receive data from remote (OK) 3) Transmit data to remote (OK) 4) Receive data from remote (Nothing received) In RS485 mode, imx_uart_start_tx() calls imx_uart_stop_rx() and, when the transmission is complete, imx_uart_stop_tx() calls imx_uart_start_rx(). Since the above commit imx_uart_stop_rx() now sets the loopback bit but imx_uart_start_rx() does not clear it causing the hardware to remain in loopback mode and not receive external data. Fix this by moving the existing loopback disable code to a helper function and calling it from imx_uart_start_rx() too. Fixes: 79d0224f6bf2 ("tty: serial: imx: Handle RS485 DE signal active high") Cc: stable@vger.kernel.org Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20230616104838.2729694-1-martin.fuzzey@flowbird.group Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 2af4b918 Wed Feb 01 07:27:00 MST 2023 Sergey Organov <sorganov@gmail.com> serial: imx: refine local variables in rxint() The 'rx' is chip register, similar to 'usr2', so let it be of 'u32' type as well. Move 'flg' to be FIFO read loop local as it's not used outside. Signed-off-by: Sergey Organov <sorganov@gmail.com> Link: https://lore.kernel.org/r/20230201142700.4346-8-sorganov@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff d45fb2e4 Wed Feb 01 07:26:54 MST 2023 Sergey Organov <sorganov@gmail.com> serial: imx: factor-out common code to imx_uart_soft_reset() We perform soft reset in 2 places, slightly differently for no sufficient reasons, so move more generic variant to a function, and re-use the code. Out of 2 repeat counters, 10 and 100, select 10, as the code works at interrupts disabled, and in practice the reset happens immediately. Signed-off-by: Sergey Organov <sorganov@gmail.com> Link: https://lore.kernel.org/r/20230201142700.4346-2-sorganov@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff d45fb2e4 Wed Feb 01 07:26:54 MST 2023 Sergey Organov <sorganov@gmail.com> serial: imx: factor-out common code to imx_uart_soft_reset() We perform soft reset in 2 places, slightly differently for no sufficient reasons, so move more generic variant to a function, and re-use the code. Out of 2 repeat counters, 10 and 100, select 10, as the code works at interrupts disabled, and in practice the reset happens immediately. Signed-off-by: Sergey Organov <sorganov@gmail.com> Link: https://lore.kernel.org/r/20230201142700.4346-2-sorganov@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff d45fb2e4 Wed Feb 01 07:26:54 MST 2023 Sergey Organov <sorganov@gmail.com> serial: imx: factor-out common code to imx_uart_soft_reset() We perform soft reset in 2 places, slightly differently for no sufficient reasons, so move more generic variant to a function, and re-use the code. Out of 2 repeat counters, 10 and 100, select 10, as the code works at interrupts disabled, and in practice the reset happens immediately. Signed-off-by: Sergey Organov <sorganov@gmail.com> Link: https://lore.kernel.org/r/20230201142700.4346-2-sorganov@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff ef25e16e Sun Feb 05 18:30:16 MST 2023 Peng Fan <peng.fan@nxp.com> tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.816950] EA = 0, S1PTW = 0 [ 0.819950] FSC = 0x04: level 0 translation fault [ 0.824617] Data abort info: [ 0.827367] ISV = 0, ISS = 0x00000004 [ 0.831033] CM = 0, WnR = 0 [ 0.833866] [0000000000000080] user address but active_mm is swapper [ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.845953] Modules linked in: [ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1 [ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT) [ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0 [ 0.872283] lr : imx_uart_int+0xf8/0x1ec The issue only happends in the inmate linux when Jailhouse hypervisor enabled. The test procedure is: while true; do jailhouse enable imx8mp.cell jailhouse cell linux xxxx sleep 10 jailhouse cell destroy 1 jailhouse disable sleep 5 done And during the upper test, press keys to the 2nd linux console. When `jailhouse cell destroy 1`, the 2nd linux has no chance to put the uart to a quiese state, so USR1/2 may has pending interrupts. Then when `jailhosue cell linux xx` to start 2nd linux again, the issue trigger. In order to disable irqs before requesting them, both UCR1 and UCR2 irqs should be disabled, so here fix that, disable the Ageing Timer interrupt in UCR2 as UCR1 does. Fixes: 8a61f0c70ae6 ("serial: imx: Disable irqs before requesting them") Suggested-by: Sherry Sun <sherry.sun@nxp.com> Reviewed-by: Sherry Sun <sherry.sun@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> Acked-by: Jason Liu <jason.hui.liu@nxp.com> Link: https://lore.kernel.org/r/20230206013016.29352-1-sherry.sun@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff ef25e16e Sun Feb 05 18:30:16 MST 2023 Peng Fan <peng.fan@nxp.com> tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.816950] EA = 0, S1PTW = 0 [ 0.819950] FSC = 0x04: level 0 translation fault [ 0.824617] Data abort info: [ 0.827367] ISV = 0, ISS = 0x00000004 [ 0.831033] CM = 0, WnR = 0 [ 0.833866] [0000000000000080] user address but active_mm is swapper [ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.845953] Modules linked in: [ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1 [ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT) [ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0 [ 0.872283] lr : imx_uart_int+0xf8/0x1ec The issue only happends in the inmate linux when Jailhouse hypervisor enabled. The test procedure is: while true; do jailhouse enable imx8mp.cell jailhouse cell linux xxxx sleep 10 jailhouse cell destroy 1 jailhouse disable sleep 5 done And during the upper test, press keys to the 2nd linux console. When `jailhouse cell destroy 1`, the 2nd linux has no chance to put the uart to a quiese state, so USR1/2 may has pending interrupts. Then when `jailhosue cell linux xx` to start 2nd linux again, the issue trigger. In order to disable irqs before requesting them, both UCR1 and UCR2 irqs should be disabled, so here fix that, disable the Ageing Timer interrupt in UCR2 as UCR1 does. Fixes: 8a61f0c70ae6 ("serial: imx: Disable irqs before requesting them") Suggested-by: Sherry Sun <sherry.sun@nxp.com> Reviewed-by: Sherry Sun <sherry.sun@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> Acked-by: Jason Liu <jason.hui.liu@nxp.com> Link: https://lore.kernel.org/r/20230206013016.29352-1-sherry.sun@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff ef25e16e Sun Feb 05 18:30:16 MST 2023 Peng Fan <peng.fan@nxp.com> tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.816950] EA = 0, S1PTW = 0 [ 0.819950] FSC = 0x04: level 0 translation fault [ 0.824617] Data abort info: [ 0.827367] ISV = 0, ISS = 0x00000004 [ 0.831033] CM = 0, WnR = 0 [ 0.833866] [0000000000000080] user address but active_mm is swapper [ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.845953] Modules linked in: [ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1 [ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT) [ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0 [ 0.872283] lr : imx_uart_int+0xf8/0x1ec The issue only happends in the inmate linux when Jailhouse hypervisor enabled. The test procedure is: while true; do jailhouse enable imx8mp.cell jailhouse cell linux xxxx sleep 10 jailhouse cell destroy 1 jailhouse disable sleep 5 done And during the upper test, press keys to the 2nd linux console. When `jailhouse cell destroy 1`, the 2nd linux has no chance to put the uart to a quiese state, so USR1/2 may has pending interrupts. Then when `jailhosue cell linux xx` to start 2nd linux again, the issue trigger. In order to disable irqs before requesting them, both UCR1 and UCR2 irqs should be disabled, so here fix that, disable the Ageing Timer interrupt in UCR2 as UCR1 does. Fixes: 8a61f0c70ae6 ("serial: imx: Disable irqs before requesting them") Suggested-by: Sherry Sun <sherry.sun@nxp.com> Reviewed-by: Sherry Sun <sherry.sun@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> Acked-by: Jason Liu <jason.hui.liu@nxp.com> Link: https://lore.kernel.org/r/20230206013016.29352-1-sherry.sun@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff ef25e16e Sun Feb 05 18:30:16 MST 2023 Peng Fan <peng.fan@nxp.com> tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.816950] EA = 0, S1PTW = 0 [ 0.819950] FSC = 0x04: level 0 translation fault [ 0.824617] Data abort info: [ 0.827367] ISV = 0, ISS = 0x00000004 [ 0.831033] CM = 0, WnR = 0 [ 0.833866] [0000000000000080] user address but active_mm is swapper [ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.845953] Modules linked in: [ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1 [ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT) [ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0 [ 0.872283] lr : imx_uart_int+0xf8/0x1ec The issue only happends in the inmate linux when Jailhouse hypervisor enabled. The test procedure is: while true; do jailhouse enable imx8mp.cell jailhouse cell linux xxxx sleep 10 jailhouse cell destroy 1 jailhouse disable sleep 5 done And during the upper test, press keys to the 2nd linux console. When `jailhouse cell destroy 1`, the 2nd linux has no chance to put the uart to a quiese state, so USR1/2 may has pending interrupts. Then when `jailhosue cell linux xx` to start 2nd linux again, the issue trigger. In order to disable irqs before requesting them, both UCR1 and UCR2 irqs should be disabled, so here fix that, disable the Ageing Timer interrupt in UCR2 as UCR1 does. Fixes: 8a61f0c70ae6 ("serial: imx: Disable irqs before requesting them") Suggested-by: Sherry Sun <sherry.sun@nxp.com> Reviewed-by: Sherry Sun <sherry.sun@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> Acked-by: Jason Liu <jason.hui.liu@nxp.com> Link: https://lore.kernel.org/r/20230206013016.29352-1-sherry.sun@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| H A D | sh-sci.c | diff 1707ce2d Wed Apr 12 08:50:51 MDT 2023 Biju Das <biju.das.jz@bp.renesas.com> tty: serial: sh-sci: Fix TE setting on SCI IP As per the RZ/G2L users hardware manual (Rev.1.20 Sep, 2022), section 23.3.7 Serial Data Transmission (Asynchronous Mode) it is mentioned that the TE (transmit enable) must be set after setting TIE (transmit interrupt enable) or these 2 bits are set to 1 simultaneously by a single instruction. So set these 2 bits in single instruction. Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com> Link: https://lore.kernel.org/r/20230412145053.114847-4-biju.das.jz@bp.renesas.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 1707ce2d Wed Apr 12 08:50:51 MDT 2023 Biju Das <biju.das.jz@bp.renesas.com> tty: serial: sh-sci: Fix TE setting on SCI IP As per the RZ/G2L users hardware manual (Rev.1.20 Sep, 2022), section 23.3.7 Serial Data Transmission (Asynchronous Mode) it is mentioned that the TE (transmit enable) must be set after setting TIE (transmit interrupt enable) or these 2 bits are set to 1 simultaneously by a single instruction. So set these 2 bits in single instruction. Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com> Link: https://lore.kernel.org/r/20230412145053.114847-4-biju.das.jz@bp.renesas.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 8749061b Wed Apr 12 08:50:49 MDT 2023 Biju Das <biju.das.jz@bp.renesas.com> tty: serial: sh-sci: Add RZ/G2L SCIFA DMA tx support SCIFA IP on RZ/G2L SoC has the same signal for both interrupt and DMA transfer request. Setting DMARS register for DMA transfer makes the signal to work as a DMA transfer request signal and subsequent interrupt requests to the interrupt controller are masked. Similarly clearing DMARS register makes signal to work as interrupt signal and subsequent interrupt requests to the interrupt controller are unmasked. Add SCIFA DMA tx support for RZ/G2L alike SoCs by disabling TXI line interrupt and setting DMARS registers by DMA api for DMA transfer request. Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com> Link: https://lore.kernel.org/r/20230412145053.114847-2-biju.das.jz@bp.renesas.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 575ca2cb Tue Aug 23 08:18:38 MDT 2022 Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> serial: sh-sci: tail is already on valid range There is no need to and tail with UART_XMIT_SIZE - 1 because tail is already on valid range. Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20220823141839.165244-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 2ea2e019 Mon May 10 06:07:55 MDT 2021 Geert Uytterhoeven <geert+renesas@glider.be> serial: sh-sci: Fix off-by-one error in FIFO threshold register setting The Receive FIFO Data Count Trigger field (RTRG[6:0]) in the Receive FIFO Data Count Trigger Register (HSRTRGR) of HSCIF can only hold values ranging from 0-127. As the FIFO size is equal to 128 on HSCIF, the user can write an out-of-range value, touching reserved bits. Fix this by limiting the trigger value to the FIFO size minus one. Reverse the order of the checks, to avoid rx_trig becoming zero if the FIFO size is one. Note that this change has no impact on other SCIF variants, as their maximum supported trigger value is lower than the FIFO size anyway, and the code below takes care of enforcing these limits. Fixes: a380ed461f66d1b8 ("serial: sh-sci: implement FIFO threshold register setting") Reported-by: Linh Phung <linh.phung.jy@renesas.com> Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Reviewed-by: Ulrich Hecht <uli+renesas@fpond.eu> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/5eff320aef92ffb33d00e57979fd3603bbb4a70f.1620648218.git.geert+renesas@glider.be Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 507fd01d Thu Oct 03 03:29:12 MDT 2019 Bartosz Golaszewski <bgolaszewski@baylibre.com> drivers: move the early platform device support to arch/sh SuperH is the only user of the current implementation of early platform device support. We want to introduce a more robust approach to early probing. As the first step - move all the current early platform code to arch/sh. In order not to export internal drivers/base functions to arch code for this temporary solution - copy the two needed routines for driver matching from drivers/base/platform.c to arch/sh/drivers/platform_early.c. Also: call early_platform_cleanup() from subsys_initcall() so that it's called after all early devices are probed. Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Cc: Rich Felker <dalias@libc.org> Link: https://lore.kernel.org/r/20191003092913.10731-2-brgl@bgdev.pl Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 392fb8df Tue Oct 01 12:07:43 MDT 2019 Geert Uytterhoeven <geert+renesas@glider.be> serial: sh-sci: Use platform_get_irq_optional() for optional interrupts As platform_get_irq() now prints an error when the interrupt does not exist, scary warnings may be printed for optional interrupts: sh-sci e6550000.serial: IRQ index 1 not found sh-sci e6550000.serial: IRQ index 2 not found sh-sci e6550000.serial: IRQ index 3 not found sh-sci e6550000.serial: IRQ index 4 not found sh-sci e6550000.serial: IRQ index 5 not found Fix this by calling platform_get_irq_optional() instead for all but the first interrupts, which are optional. Fixes: 7723f4c5ecdb8d83 ("driver core: platform: Add an error message to platform_get_irq*()") Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Link: https://lore.kernel.org/r/20191001180743.1041-1-geert+renesas@glider.be Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 8493eab0 Mon Jun 24 06:35:39 MDT 2019 Geert Uytterhoeven <geert+renesas@glider.be> serial: sh-sci: Fix TX DMA buffer flushing and workqueue races When uart_flush_buffer() is called, the .flush_buffer() callback zeroes the tx_dma_len field. This may race with the work queue function handling transmit DMA requests: 1. If the buffer is flushed before the first DMA API call, dmaengine_prep_slave_single() may be called with a zero length, causing the DMA request to never complete, leading to messages like: rcar-dmac e7300000.dma-controller: Channel Address Error happen and, with debug enabled: sh-sci e6e88000.serial: sci_dma_tx_work_fn: ffff800639b55000: 0...0, cookie 126 and DMA timeouts. 2. If the buffer is flushed after the first DMA API call, but before the second, dma_sync_single_for_device() may be called with a zero length, causing the transmit data not to be flushed to RAM, and leading to stale data being output. Fix this by: 1. Letting sci_dma_tx_work_fn() return immediately if the transmit buffer is empty, 2. Extending the critical section to cover all DMA preparational work, so tx_dma_len stays consistent for all of it, 3. Using local copies of circ_buf.head and circ_buf.tail, to make sure they match the actual operation above. Reported-by: Eugeniu Rosca <erosca@de.adit-jv.com> Suggested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Eugeniu Rosca <erosca@de.adit-jv.com> Tested-by: Eugeniu Rosca <erosca@de.adit-jv.com> Link: https://lore.kernel.org/r/20190624123540.20629-2-geert+renesas@glider.be Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 8493eab0 Mon Jun 24 06:35:39 MDT 2019 Geert Uytterhoeven <geert+renesas@glider.be> serial: sh-sci: Fix TX DMA buffer flushing and workqueue races When uart_flush_buffer() is called, the .flush_buffer() callback zeroes the tx_dma_len field. This may race with the work queue function handling transmit DMA requests: 1. If the buffer is flushed before the first DMA API call, dmaengine_prep_slave_single() may be called with a zero length, causing the DMA request to never complete, leading to messages like: rcar-dmac e7300000.dma-controller: Channel Address Error happen and, with debug enabled: sh-sci e6e88000.serial: sci_dma_tx_work_fn: ffff800639b55000: 0...0, cookie 126 and DMA timeouts. 2. If the buffer is flushed after the first DMA API call, but before the second, dma_sync_single_for_device() may be called with a zero length, causing the transmit data not to be flushed to RAM, and leading to stale data being output. Fix this by: 1. Letting sci_dma_tx_work_fn() return immediately if the transmit buffer is empty, 2. Extending the critical section to cover all DMA preparational work, so tx_dma_len stays consistent for all of it, 3. Using local copies of circ_buf.head and circ_buf.tail, to make sure they match the actual operation above. Reported-by: Eugeniu Rosca <erosca@de.adit-jv.com> Suggested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Eugeniu Rosca <erosca@de.adit-jv.com> Tested-by: Eugeniu Rosca <erosca@de.adit-jv.com> Link: https://lore.kernel.org/r/20190624123540.20629-2-geert+renesas@glider.be Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> diff 8493eab0 Mon Jun 24 06:35:39 MDT 2019 Geert Uytterhoeven <geert+renesas@glider.be> serial: sh-sci: Fix TX DMA buffer flushing and workqueue races When uart_flush_buffer() is called, the .flush_buffer() callback zeroes the tx_dma_len field. This may race with the work queue function handling transmit DMA requests: 1. If the buffer is flushed before the first DMA API call, dmaengine_prep_slave_single() may be called with a zero length, causing the DMA request to never complete, leading to messages like: rcar-dmac e7300000.dma-controller: Channel Address Error happen and, with debug enabled: sh-sci e6e88000.serial: sci_dma_tx_work_fn: ffff800639b55000: 0...0, cookie 126 and DMA timeouts. 2. If the buffer is flushed after the first DMA API call, but before the second, dma_sync_single_for_device() may be called with a zero length, causing the transmit data not to be flushed to RAM, and leading to stale data being output. Fix this by: 1. Letting sci_dma_tx_work_fn() return immediately if the transmit buffer is empty, 2. Extending the critical section to cover all DMA preparational work, so tx_dma_len stays consistent for all of it, 3. Using local copies of circ_buf.head and circ_buf.tail, to make sure they match the actual operation above. Reported-by: Eugeniu Rosca <erosca@de.adit-jv.com> Suggested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Eugeniu Rosca <erosca@de.adit-jv.com> Tested-by: Eugeniu Rosca <erosca@de.adit-jv.com> Link: https://lore.kernel.org/r/20190624123540.20629-2-geert+renesas@glider.be Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
Completed in 482 milliseconds