| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We need DMA for this, otherwise the build breaks, so fix this up.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Cc: Stephen Warren <swarren@wwwdotorg.org>
Cc: Lee Jones <lee@kernel.org>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The raspberrypi-firmware driver may be built as a loadable module,
which causes a link-time failure if the vc04_services driver is
built-in during compile-testing:
drivers/staging/vc04_services/vchiq.o: In function `vchiq_probe':
vchiq_connected.c:(.text.vchiq_probe+0x2c): undefined reference to `rpi_firmware_get'
drivers/staging/vc04_services/vchiq.o: In function `vchiq_platform_init':
vchiq_connected.c:(.text.vchiq_platform_init+0x1f0): undefined reference to `rpi_firmware_property'
This extends the dependency list to ensure the firmware is either
reachable, or completely disabled in case of compile-testing.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The driver tries to redefine mutex_lock_interruptible as an open-coded
mutex_lock_killable, but that definition clashes with the normal
mutex_lock_interruptible definition when CONFIG_DEBUG_LOCK_ALLOC
is set:
staging/vc04_services/interface/vchiq_arm/vchiq_killable.h:67:0: error: "mutex_lock_interruptible" redefined [-Werror]
#define mutex_lock_interruptible mutex_lock_interruptible_killable
include/linux/mutex.h:161:0: note: this is the location of the previous definition
This simply removes the private implementation and uses the
normal mutex_lock_killable directly.
We could do the same for the down_interruptible_killable here, but
it's better to just remove the semaphores entirely from the driver,
which also takes care of that.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_util.c:65:2-7: WARNING: NULL check before freeing functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb is not needed. Maybe consider reorganizing relevant code to avoid passing NULL values.
NULL check before some freeing functions is not needed.
Based on checkpatch warning
"kfree(NULL) is safe this check is probably not required"
and kfreeaddr.cocci by Julia Lawall.
Generated by: scripts/coccinelle/free/ifnullfree.cocci
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:193:39-40: WARNING: Use ARRAY_SIZE
Use ARRAY_SIZE instead of dividing sizeof array with sizeof an element
Semantic patch information:
This makes an effort to find cases where ARRAY_SIZE can be used such as
where there is a division of sizeof the array by the sizeof its first
element or by any indexed element or the element type. It replaces the
division of the two sizeofs by ARRAY_SIZE.
Generated by: scripts/coccinelle/misc/array_size.cocci
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:1788:16-22: Unneeded variable: "status". Return "VCHIQ_SUCCESS" on line 1824
Remove unneeded variable used to store return value.
Generated by: scripts/coccinelle/misc/returnvar.cocci
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:1817:2-12: Use setup_timer function for function on line 1818.
Use setup_timer function instead of initializing timer with the function
and data fields
Generated by: scripts/coccinelle/api/setup_timer.cocci
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
It would be nice to be able to build this code on other platforms other
than only the RPi, so add some empty macros to allow this to happen, and
turn off BROKEN as the code can now build properly thanks to Michael's
work.
Cc: Michael Zoran <mzoran@crowfest.net>
Cc: Daniel Stone <daniels@collabora.com>
Cc: "Noralf Trønnes" <noralf@tronnes.org>
Cc: Pranith Kumar <bobby.prani@gmail.com>
Cc: popcornmix <popcornmix@gmail.com>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The current dma_map_sg based implementation for bulk messages
computes many offsets into a single allocation multiple times in
both the create and free code paths. This is inefficient,
error prone and in fact still has a few lingering issues
with arm64.
This change replaces a small portion of that inplementation with
new code that uses a new struct vchiq_pagelist_info to store the
needed information rather then complex offset calculations.
This improved implementation should be more efficient and easier
to understand and maintain.
Tests Run(Both Pass):
vchiq_test -p 1
vchiq_test -f 10
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Some more printk warnings snuck in recently, no one seems to be building
this on 64bit machines...
Cc: Stephen Warren <swarren@wwwdotorg.org>
Cc: Lee Jones <lee@kernel.org>
Cc: Eric Anholt <eric@anholt.net>
Cc: Michael Zoran <mzoran@crowfest.net>
Cc: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The current order during module probe is prone to race conditions:
* debugfs entries, sysfs entries, platform code
So fix this by swapping the steps debugfs entries and platform code.
As a benefit this saves us a clean up step in the error path.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This removes the debugfs entries on module unload and fix one
of the many kernel oops after loading the module again.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
It's possible that get_user_pages() could fail. So evaluate its
return code and handle this error case properly.
This issue has been found by Cppcheck.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
We better use sizeof instead of hardcoding buffer length multiple
times. This make it easier to increase the buffer in the future.
In order to keep below 80 chars limit make the variable name shorter.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
After device_node usage the refcount must be decremented with
of_node_put().
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The member localport and remoteport are unsigned. So fix the format
string accordingly.
The issue has been found by Cppcheck.
Signed-off-by: Stefam Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The service state is dereferenced before BUG_ON and outside of the
spin lock. So in order to avoid possible NULL pointer dereferences or
races move the whole scope at a safer place.
This issue has been found by Cppcheck.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
vc04_services contains a debug logging mechanism. The log is
maintained in a shared memory area between the kernel and the
firmware. Changing the sizes of the data in this area would
require a firmware change which is distributed independently
from the kernel binary.
One of the items logged is the address of received messages.
This address is a pointer, but the debugging slot used to store
the information is a 32 bit integer.
Luckily, this value is never interpreted by anything other
then debug tools and it is expected that a human debugging
the kernel interpret it.
This change adds a cast to long before the original cast
to int to silence the warning.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The vchiq_copy_from_user function is not portable
and is consider "bad practice." Replace this function
with a callback based mechanism that is passed downward
on the stack. When it is actually time to copy the data,
the callback is called to copy the data into the message.
This callback is provided internally for userland calls
through ioctls on the device.
NOTE: Internal clients will need to be modified to work
with the new internal API.
Test Run:
vchiq_test -p 1
vchiq_test -f 10
Both tests pass.
Internal API Changes:
Change vchi_msg_queue to:
int32_t
vchi_msg_queue(VCHI_SERVICE_HANDLE_T handle,
ssize_t (*copy_callback)(void *context, void *dest,
size_t offset, size_t maxsize),
void *context,
uint32_t data_size );
Remove:
vchi_msg_queuev_ex
vchi_msg_queuev
These functions were not implemented anyway so no need to fix them. It's
easier to just remove them.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
VCHI messages between the CPU and firmware use 32-bit
bus addresses. Explicitly set the DMA mask and coherent
on all platforms.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Call the sg_init_table function to correctly initialze
the DMA scatterlist. This function is required to completely
initialize the list and is mandatory if DMA debugging is
enabled in the build configuration.
One of the purposes of sg_init_table is to set
the magic "cookie" on each list element and ensure
the chain end is marked.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Acked-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This resolves a merge issue with
drivers/staging/iio/accel/sca3000_core.c and we want the fixes all in
here as well.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The naming bcm2708 is used only in the vendor kernel, so better
replace it with bcm2835 which is used in mainline in order
to avoid any confusion.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This fixes the CamelCase of some variables.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Rearrange the polling loops in order to avoid code duplication. Btw we fix
the style of the comments.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
In Linux Mainline there wasn't a chance to boot the RPi without DT.
So we can make the firmware node mandatory.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch adds the missing module description for the driver.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The original arm implementation uses dmac_map_area which is not
portable. Replace it with an architecture neutral version
which uses dma_map_sg.
As you can see that for larger page sizes, the dma_map_sg
implementation is faster then the original unportable dma_map_area
implementation.
Test dmac_map_area dma_map_page dma_map_sg
vchiq_test -b 4 10000 51us/iter 76us/iter 76us
vchiq_test -b 8 10000 70us/iter 82us/iter 91us
vchiq_test -b 16 10000 94us/iter 118us/iter 121us
vchiq_test -b 32 10000 146us/iter 173us/iter 187us
vchiq_test -b 64 10000 263us/iter 328us/iter 299us
vchiq_test -b 128 10000 529us/iter 631us/iter 595us
vchiq_test -b 256 10000 2285us/iter 2275us/iter 2001us
vchiq_test -b 512 10000 4372us/iter 4616us/iter 4123us
For message sizes >= 64KB, dma_map_sg is faster then dma_map_page.
For message size >= 256KB, the dma_map_sg is the fastest
implementation.
"Normal" messages sizes should be about 1MB which is beyond
the length that this change shows a speed increase.
This is v2 of the patch which includes extra WARN_ONs and
incorporates feedback from Eric Anholt <eric@anholt.net>.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
In case of error, the function kthread_create() returns ERR_PTR() and
never returns NULL. The NULL test in the return value check should be
replaced with IS_ERR().
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
In case of error, the function kthread_create() returns ERR_PTR() and
never returns NULL. The NULL test in the return value check should be
replaced with IS_ERR().
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Remove .owner field if calls are used which set it automatically.
Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
I've left out the downstream HDMI audio driver from the "to be
imported" section, as we'll want to handle it natively in vc4. The
downstream kernel will likely continue to use that driver for a while
due to using the interim "vc4 firmware KMS" mode while vc4 gets its
featureset (such as HDMI audio!) completed.
I've also left out VC-CMA, which appears to be about having Linux
manage a CMA area that the firmware gets to make allocations out of.
I'm not clear on if this is useful (the firmware's need for memory
drops massively with vc4 present, and may drop even more depending on
how we resolve dmabuf handling for camera and video decode)
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
When compiling vchiq_core.c for 64 bit, the compiler
emits a few warnings that are not actual issues. This
change adds a few casts to remove the extra unnecessary
warnings.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
A VCHIQ_SERVICE_HANDLE_T which is an int is stuffed into a
VCHI_SERVICE_HANDLE_T which is a pointer, passed around, then
converted back to a VCHIQ_SERVICE_HANDLE_T. Since the data is
always actually a VCHIQ_SERVICE_HANDLE_T(int), never actually a
pointer, it is safe to simply cast the two back in forth.
Note that pointers are never stuffed into an int.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The arm processor core and the GPU have a shared data structure.
This structure contains pointers to base linux kernel objects such as
events. The size of the pointer changes between 32 bit and 64 bit,
so it is necessary to convert these pointers to offsets from the
beginning of the state structure.
Luckly, the GPU does not interpret these pointers/offsets,
but this change is necessary to keep the structure the same since
the GPU code is outside the scope of the linux kernel
and can't be easily changed.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The arm processor core and the GPU have shared data structures.
One of these structures is a list of pages of data for messages.
This structure can not change since it is dependent on the GPU
firmware which is external to the kernel. Convert the fields
of this structure to fixed length fields.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The dsb() macro for 32 arm compiles to dsb(sy) in the binary file.
This macro is no longer supported on arm64, so instead use dsb(sy)
which is completely binary compatible.
Signed-off-by: Michael Zoran <mzoran@crowfest.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This removes the 'write' and 'force' from get_user_pages() and replaces
them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers
as use of this flag can result in surprising behaviour (and hence bugs)
within the mm subsystem.
Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com>
Acked-by: Christian König <christian.koenig@amd.com>
Acked-by: Jesper Nilsson <jesper.nilsson@axis.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
kernel pointers should be printed with %pK and are not unsigned int big
on all architectures. So fix this up to get rid of a bunch of warning
messages.
Note, there are other assumptions in this code that a pointer fits into
an int that need to be fixed up later.
Cc: Daniel Stone <daniels@collabora.com>
Cc: "Noralf Trønnes" <noralf@tronnes.org>
Cc: Pranith Kumar <bobby.prani@gmail.com>
Cc: popcornmix <popcornmix@gmail.com>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
You don't define a function prototype on one line as a #define, and then
the next declare it as an external C function, without expecting a C
compiler to complain loudly.
So fix up this mess.
Cc: Daniel Stone <daniels@collabora.com>
Cc: "Noralf Trønnes" <noralf@tronnes.org>
Cc: Pranith Kumar <bobby.prani@gmail.com>
Cc: popcornmix <popcornmix@gmail.com>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
write functions need to return ssize_t, not int, so fix the functions up
for the correct prototype.
Cc: Daniel Stone <daniels@collabora.com>
Cc: "Noralf Trønnes" <noralf@tronnes.org>
Cc: Pranith Kumar <bobby.prani@gmail.com>
Cc: popcornmix <popcornmix@gmail.com>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Remove function remote_event_destroy as it is not used anywhere in the
kernel. Function detected using Coccinelle but changes done by hand.
Script:
@initialize:python@
@@
def display(name,p):
print(name,p[0].file)
@r1@
identifier func;
type T;
position p;
@@
static T func@p(...)
{
...
}
@r@
identifier r1.func;
@@
func
@script:python depends on !r@
func << r1.func;
p << r1.p;
@@
display(func,p)
Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Signed-off-by: popcornmix <popcornmix@gmail.com>
vchiq: create_pagelist copes with vmalloc memory
Signed-off-by: Daniel Stone <daniels@collabora.com>
vchiq: fix the shim message release
Signed-off-by: Daniel Stone <daniels@collabora.com>
vchiq: export additional symbols
Signed-off-by: Daniel Stone <daniels@collabora.com>
VCHIQ: Make service closure fully synchronous (drv)
This is one half of a two-part patch, the other half of which is to
the vchiq_lib user library. With these patches, calls to
vchiq_close_service and vchiq_remove_service won't return until any
associated callbacks have been delivered to the callback thread.
VCHIQ: Add per-service tracing
The new service option VCHIQ_SERVICE_OPTION_TRACE is a boolean that
toggles tracing for the specified service.
This commit also introduces vchi_service_set_option and the associated
option VCHI_SERVICE_OPTION_TRACE.
vchiq: Make the synchronous-CLOSE logic more tolerant
vchiq: Move logging control into debugfs
vchiq: Take care of a corner case tickled by VCSM
Closing a connection that isn't fully open requires care, since one
side does not know the other side's port number. Code was present to
handle the case where a CLOSE is sent immediately after an OPEN, i.e.
before the OPENACK has been received, but this was incorrectly being
used when an OPEN from a client using port 0 was rejected.
(In the observed failure, the host was attempting to use the VCSM
service, which isn't present in the 'cutdown' firmware. The failure
was intermittent because sometimes the keepalive service would
grab port 0.)
This case can be distinguished because the client's remoteport will
still be VCHIQ_PORT_FREE, and the srvstate will be OPENING. Either
condition is sufficient to differentiate it from the special case
described above.
vchiq: Avoid high load when blocked and unkillable
vchiq: Include SIGSTOP and SIGCONT in list of signals not-masked by vchiq to allow gdb to work
vchiq_arm: Complete support for SYNCHRONOUS mode
vchiq: Remove inline from suspend/resume
vchiq: Allocation does not need to be atomic
vchiq: Fix wrong condition check
The log level is checked from within the log call. Remove the check in the call.
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
BCM270x: Add vchiq device to platform file and Device Tree
Prepare to turn the vchiq module into a driver.
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
bcm2708: vchiq: Add Device Tree support
Turn vchiq into a driver and stop hardcoding resources.
Use devm_* functions in probe path to simplify cleanup.
A global variable is used to hold the register address. This is done
to keep this patch as small as possible.
Also make available on ARCH_BCM2835.
Based on work by Lubomir Rintel.
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
vchiq: Change logging level for inbound data
vchiq_arm: Two cacheing fixes
1) Make fragment size vary with cache line size
Without this patch, non-cache-line-aligned transfers may corrupt
(or be corrupted by) adjacent data structures.
Both ARM and VC need to be updated to enable this feature. This is
ensured by having the loader apply a new DT parameter -
cache-line-size. The existence of this parameter guarantees that the
kernel is capable, and the parameter will only be modified from the
safe default if the loader is capable.
2) Flush/invalidate vmalloc'd memory, and invalidate after reads
vchiq: fix NULL pointer dereference when closing driver
The following code run as root will cause a null pointer dereference oops:
int fd = open("/dev/vc-cma", O_RDONLY);
if (fd < 0)
err(1, "open failed");
(void)close(fd);
[ 1704.877721] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 1704.877725] pgd = b899c000
[ 1704.877736] [00000000] *pgd=37fab831, *pte=00000000, *ppte=00000000
[ 1704.877748] Internal error: Oops: 817 [#1] PREEMPT SMP ARM
[ 1704.877765] Modules linked in: evdev i2c_bcm2708 uio_pdrv_genirq uio
[ 1704.877774] CPU: 2 PID: 3656 Comm: stress-ng-fstat Not tainted 3.19.1-12-generic-bcm2709 #12-Ubuntu
[ 1704.877777] Hardware name: BCM2709
[ 1704.877783] task: b8ab9b00 ti: b7e68000 task.ti: b7e68000
[ 1704.877798] PC is at __down_interruptible+0x50/0xec
[ 1704.877806] LR is at down_interruptible+0x5c/0x68
[ 1704.877813] pc : [<80630ee8>] lr : [<800704b0>] psr: 60080093
sp : b7e69e50 ip : b7e69e88 fp : b7e69e84
[ 1704.877817] r10: b88123c8 r9 : 00000010 r8 : 00000001
[ 1704.877822] r7 : b8ab9b00 r6 : 7fffffff r5 : 80a1cc34 r4 : 80a1cc34
[ 1704.877826] r3 : b7e69e50 r2 : 00000000 r1 : 00000000 r0 : 80a1cc34
[ 1704.877833] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 1704.877838] Control: 10c5387d Table: 3899c06a DAC: 00000015
[ 1704.877843] Process do-oops (pid: 3656, stack limit = 0xb7e68238)
[ 1704.877848] Stack: (0xb7e69e50 to 0xb7e6a000)
[ 1704.877856] 9e40: 80a1cc3c 00000000 00000010 b88123c8
[ 1704.877865] 9e60: b7e69e84 80a1cc34 fff9fee9 ffffffff b7e68000 00000009 b7e69ea4 b7e69e88
[ 1704.877874] 9e80: 800704b0 80630ea4 fff9fee9 60080013 80a1cc28 fff9fee9 b7e69edc b7e69ea8
[ 1704.877884] 9ea0: 8040f558 80070460 fff9fee9 ffffffff 00000000 00000000 00000009 80a1cb7c
[ 1704.877893] 9ec0: 00000000 80a1cb7c 00000000 00000010 b7e69ef4 b7e69ee0 803e1ba4 8040f514
[ 1704.877902] 9ee0: 00000e48 80a1cb7c b7e69f14 b7e69ef8 803e1c9c 803e1b74 b88123c0 b92acb18
[ 1704.877911] 9f00: b8812790 b8d815d8 b7e69f24 b7e69f18 803e2250 803e1bc8 b7e69f5c b7e69f28
[ 1704.877921] 9f20: 80167bac 803e222c 00000000 00000000 b7e69f54 b8ab9ffc 00000000 8098c794
[ 1704.877930] 9f40: b8ab9b00 8000efc4 b7e68000 00000000 b7e69f6c b7e69f60 80167d6c 80167b28
[ 1704.877939] 9f60: b7e69f8c b7e69f70 80047d38 80167d60 b7e68000 b7e68010 8000efc4 b7e69fb0
[ 1704.877949] 9f80: b7e69fac b7e69f90 80012820 80047c84 01155490 011549a8 00000001 00000006
[ 1704.877957] 9fa0: 00000000 b7e69fb0 8000ee5c 80012790 00000000 353d8c0f 7efc4308 00000000
[ 1704.877966] 9fc0: 01155490 011549a8 00000001 00000006 00000000 00000000 76cf3ba0 00000003
[ 1704.877975] 9fe0: 00000000 7efc42e4 0002272f 76e2ed66 60080030 00000003 00000000 00000000
[ 1704.877998] [<80630ee8>] (__down_interruptible) from [<800704b0>] (down_interruptible+0x5c/0x68)
[ 1704.878015] [<800704b0>] (down_interruptible) from [<8040f558>] (vchiu_queue_push+0x50/0xd8)
[ 1704.878032] [<8040f558>] (vchiu_queue_push) from [<803e1ba4>] (send_worker_msg+0x3c/0x54)
[ 1704.878045] [<803e1ba4>] (send_worker_msg) from [<803e1c9c>] (vc_cma_set_reserve+0xe0/0x1c4)
[ 1704.878057] [<803e1c9c>] (vc_cma_set_reserve) from [<803e2250>] (vc_cma_release+0x30/0x38)
[ 1704.878069] [<803e2250>] (vc_cma_release) from [<80167bac>] (__fput+0x90/0x1e0)
[ 1704.878082] [<80167bac>] (__fput) from [<80167d6c>] (____fput+0x18/0x1c)
[ 1704.878094] [<80167d6c>] (____fput) from [<80047d38>] (task_work_run+0xc0/0xf8)
[ 1704.878109] [<80047d38>] (task_work_run) from [<80012820>] (do_work_pending+0x9c/0xc4)
[ 1704.878123] [<80012820>] (do_work_pending) from [<8000ee5c>] (work_pending+0xc/0x20)
[ 1704.878133] Code: e50b1034 e3a01000 e50b2030 e580300c (e5823000)
..the fix is to ensure that we have actually initialized the queue before we attempt
to push any items onto it. This occurs if we do an open() followed by a close() without
any activity in between.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
vchiq_arm: Sort out the vmalloc case
See: https://github.com/raspberrypi/linux/issues/1055
vchiq: hack: Add include depecated dma include file
[gregkh] added dependancy on CONFIG_BROKEN to make things sane for now.
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
Greg Kroah-Hartman
Arnd Bergmann
kbuild test robot
Michael Zoran
Stefan Wahren
Wei Yongjun
Eric Anholt
Lorenzo Stoakes
Bhumika Goyal
popcornmix