From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_AGENT_SANE_2 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7791C3F2D8 for ; Fri, 6 Mar 2020 02:36:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7A5CC206D7 for ; Fri, 6 Mar 2020 02:36:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="mp4cBtbU"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="AAQ6CTG6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7A5CC206D7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Date:To:From:Subject:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=fwQ6IyHWlCD8U1Fsx2OqElca+LZPyfghGNFsx31AHTk=; b=mp4cBtbU6u7WTJ NS7beKQm+DYpVC5Kbqt3Or5+dZilGZNlDZufs+eWmcZQKaUqjtNhQV2wbl1pAK0oOXWaBjFFtmphl 89CazfImc4tHgRBVc4+pJxBIgAwrU79e9MMEF/YPxflNeeYnPjudWEBSXkaDSHLrCaubYiBRqkD2F YKHDI9eVjjlzzEm70Nd8kgpdLAaxO7tL5USFwXcPTfsc99M5guveL51R9N31ctMiNiO3jpa+XjkAQ JgE1ZlTwS3atYcGcMrZcV2xEcoWAHvyYOJT9mf1OSWTP16sAltbO2ITBxcHGeeyM5iSROT90QzQqb ubbwnoGFXJXfuR6ZJ9DA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jA2qi-00068D-Ck; Fri, 06 Mar 2020 02:36:28 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jA2qf-00066C-Hj; Fri, 06 Mar 2020 02:36:27 +0000 X-UUID: 10e3b1444feb453f865fc52935495105-20200305 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:MIME-Version:Content-Type:References:In-Reply-To:Date:CC:To:From:Subject:Message-ID; bh=xm6Lh3IOt6rBhv5b30U0fgLekvmN2ICx+5qldR5tZI4=; b=AAQ6CTG6kATMMz24ktLahqkzucRleC80edGrEcqu7h+px54917XELT8pJReHvs69D4UZ8RSMyRv2X8CNtccqpvqZYnIma4j2adyTo10sxsuyR/gzRy6C4myjsg0MsdcfPTp8hqGPCPZ/krSBlwfxifEYWxijIRWwSYteepqp+jU=; X-UUID: 10e3b1444feb453f865fc52935495105-20200305 Received: from mtkcas68.mediatek.inc [(172.29.94.19)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLS) with ESMTP id 1655822279; Thu, 05 Mar 2020 18:36:18 -0800 Received: from mtkmbs07n1.mediatek.inc (172.21.101.16) by MTKMBS62N2.mediatek.inc (172.29.193.42) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 5 Mar 2020 18:36:37 -0800 Received: from mtkcas07.mediatek.inc (172.21.101.84) by mtkmbs07n1.mediatek.inc (172.21.101.16) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 6 Mar 2020 10:35:19 +0800 Received: from [172.21.77.33] (172.21.77.33) by mtkcas07.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1395.4 via Frontend Transport; Fri, 6 Mar 2020 10:35:25 +0800 Message-ID: <1583462174.12083.67.camel@mtkswgap22> Subject: Re: [PATCH] xhci-mtk: Fix NULL pointer dereference with xhci_irq() for shared_hcd From: Macpaul Lin To: Greg Kroah-Hartman Date: Fri, 6 Mar 2020 10:36:14 +0800 In-Reply-To: <20200305183202.GA2107395@kroah.com> References: <1579246910-22736-1-git-send-email-macpaul.lin@mediatek.com> <08f69bab-2ada-d6ab-7bf7-d960e9f148a0@linux.intel.com> <1580556039.10835.3.camel@mtkswgap22> <39ec1610-1686-6509-02ac-6e73d8be2453@linux.intel.com> <1583291775.12083.59.camel@mtkswgap22> <1583377126.12083.63.camel@mtkswgap22> <20200305183202.GA2107395@kroah.com> X-Mailer: Evolution 3.2.3-0ubuntu6 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200305_183625_599776_7DE71D7B X-CRM114-Status: GOOD ( 33.77 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sriharsha Allenki , Mathias Nyman , wsd_upstream , Mathias Nyman , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Chunfeng Yun =?UTF-8?Q?=28=E4=BA=91=E6=98=A5=E5=B3=B0=29?= , "linux-mediatek@lists.infradead.org" , Matthias Brugger , "linux-arm-kernel@lists.infradead.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org On Thu, 2020-03-05 at 19:32 +0100, Greg Kroah-Hartman wrote: > On Thu, Mar 05, 2020 at 10:58:46AM +0800, Macpaul Lin wrote: > > On Wed, 2020-03-04 at 16:39 +0200, Mathias Nyman wrote: > > > On 4.3.2020 5.16, Macpaul Lin wrote: > > > > On Tue, 2020-02-04 at 17:44 +0800, Mathias Nyman wrote: > > > >> On 1.2.2020 13.20, Macpaul Lin wrote: > > > >>> On Fri, 2020-01-31 at 16:50 +0200, Mathias Nyman wrote: > > > >>>> On 17.1.2020 9.41, Macpaul Lin wrote: > > > >>>>> According to NULL pointer fix: https://tinyurl.com/uqft5ra > > > >>>>> xhci: Fix NULL pointer dereference with xhci_irq() for shared_hcd > > > >>>>> The similar issue has also been found in QC activities in Mediatek. > > > >>>>> > > > >>>>> Here quote the description from the referenced patch as follows. > > > >>>>> "Commit ("f068090426ea xhci: Fix leaking USB3 shared_hcd > > > >>>>> at xhci removal") sets xhci_shared_hcd to NULL without > > > >>>>> stopping xhci host. This results into a race condition > > > >>>>> where shared_hcd (super speed roothub) related interrupts > > > >>>>> are being handled with xhci_irq happens when the > > > >>>>> xhci_plat_remove is called and shared_hcd is set to NULL. > > > >>>>> Fix this by setting the shared_hcd to NULL only after the > > > >>>>> controller is halted and no interrupts are generated." > > > >>>>> > > > >>>>> Signed-off-by: Sriharsha Allenki > > > >>>>> Signed-off-by: Macpaul Lin > > > >>>>> --- > > > >>>>> drivers/usb/host/xhci-mtk.c | 2 +- > > > >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > > > >>>>> > > > >>>>> diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c > > > >>>>> index b18a6baef204..c227c67f5dc5 100644 > > > >>>>> --- a/drivers/usb/host/xhci-mtk.c > > > >>>>> +++ b/drivers/usb/host/xhci-mtk.c > > > >>>>> @@ -593,11 +593,11 @@ static int xhci_mtk_remove(struct platform_device *dev) > > > >>>>> struct usb_hcd *shared_hcd = xhci->shared_hcd; > > > >>>>> > > > >>>>> usb_remove_hcd(shared_hcd); > > > >>>>> - xhci->shared_hcd = NULL; > > > >>>>> device_init_wakeup(&dev->dev, false); > > > >>>>> > > > >>>>> usb_remove_hcd(hcd); > > > >>>>> usb_put_hcd(shared_hcd); > > > >>>>> + xhci->shared_hcd = NULL; > > > >>>>> usb_put_hcd(hcd); > > > >>>>> xhci_mtk_sch_exit(mtk); > > > >>>>> xhci_mtk_clks_disable(mtk); > > > >>>>> > > > >>>> > > > >>>> Could you share details of the NULL pointer dereference, (backtrace). > > > >>> > > > >>> This bug was found by our QA staff while doing 500 times plug-in and > > > >>> plug-out devices. The backtrace I have was recorded by QA and I didn't > > > >>> reproduce this issue on my own environment. However, after applied this > > > >>> patch the issue seems resolve. Here is the backtrace: > > > >>> > > > >>> Exception Class: Kernel (KE) > > > >>> PC is at [] xhci_irq+0x728/0x2364 > > > >>> LR is at [] xhci_irq+0x2f0/0x2364 > > > >>> > > > >>> Current Executing Process: > > > >>> [iptables, 859][netdagent, 770] > > > >>> > > > >>> Backtrace: > > > >>> [] __atomic_notifier_call_chain+0xa8/0x130 > > > >>> [] notify_die+0x84/0xac > > > >>> [] die+0x1d8/0x3b8 > > > >>> [] __do_kernel_fault+0x178/0x188 > > > >>> [] do_page_fault+0x44/0x3b0 > > > >>> [] do_translation_fault+0x44/0x98 > > > >>> [] do_mem_abort+0x4c/0x128 > > > >>> [] el1_da+0x24/0x3c > > > >>> [] xhci_irq+0x728/0x2364 > > > >>> [] usb_hcd_irq+0x2c/0x44 > > > >>> [] __handle_irq_event_percpu+0x26c/0x4a4 > > > >>> [] handle_irq_event+0x5c/0xd0 > > > >>> [] handle_fasteoi_irq+0x10c/0x1e0 > > > >>> [] __handle_domain_irq+0x32c/0x738 > > > >>> [] gic_handle_irq+0x174/0x1c4 > > > >>> [] el0_irq_naked+0x50/0x5c > > > >>> [] 0xffffffffffffffff > > > >>> > > > >> > > > >> Thanks, > > > >> Could you help me find out which line of code xhci_irq+0x728 is in your case. > > > >> > > > >> As Guenter pointed out there is a risk of turning the NULL pointer dereference > > > >> into a use after free if we just solve this by setting xhci->shared_hcd = NULL > > > >> later. > > > >> > > > >> If you still have that kernel around, and xhci is compiled in: > > > >> gdb vmlinux > > > >> gdb li *(xhci_irq+0x728) > > > >> > > > > > > > > Sorry that I couldn't get back to you soon. The internal code version > > > > for this issue was really old and a little bit difficult to rewind to > > > > that version. > > > > However, I think the following dump might be correct for the code base. > > > > > > > > (gdb) li *(xhci_irq+0x728) > > > > 0xffffff8008cc8634 is in xhci_irq (*stripped* > > > > kernel-4.14/drivers/usb/host/xhci.h:1694). > > > > 1689 */ > > > > 1690 #define XHCI_MAX_REXIT_TIMEOUT_MS 20 > > > > 1691 > > > > 1692 static inline unsigned int hcd_index(struct usb_hcd *hcd) > > > > 1693 { > > > > 1694 if (hcd->speed >= HCD_USB3) > > > > 1695 return 0; > > > > 1696 else > > > > 1697 return 1; > > > > 1698 } > > > > (gdb) > > > > > > > > Thanks > > > > Macpaul Lin > > > > > > > > > > Ah, it was a 4.14 kernel. > > > This should be fixed in 4.20 with patch: > > > 1245374e9b83 xhci: handle port status events for removed USB3 hcd > > > > > > Port arrays/structures were changed completely in 4.18 > > > > > > Something like the below should work for 4.14: > > > > > > diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c > > > index 61fa3007a74a..e7367b9f19c5 100644 > > > --- a/drivers/usb/host/xhci-ring.c > > > +++ b/drivers/usb/host/xhci-ring.c > > > @@ -1640,6 +1640,12 @@ static void handle_port_status(struct xhci_hcd *xhci, > > > if ((major_revision == 0x03) != (hcd->speed >= HCD_USB3)) > > > hcd = xhci->shared_hcd; > > > > > > + if (!hcd) { > > > + xhci_dbg(xhci, "No hcd found for port %u event\n", port_id); > > > + bogus_port_status = true; > > > + goto cleanup; > > > + } > > > + > > > if (major_revision == 0) { > > > xhci_warn(xhci, "Event for port %u not in " > > > "Extended Capabilities, ignoring.\n", > > > > Thanks for this suggestion, this is much better! I am sorry that we're > > using android kernel that some reported issue might be out of date. I > > will update the suggestion into our code base. Thanks! > > Should I backport this to 4.14 and older kernels to prevent this issue > from showing up in newer Android devices that are using these older > kernels? > > thanks, > > greg k-h If this could be backported to older kernel that will be great for newer Android devices. Some of the shipping devices will have requirement of kernel upgrade. Hence if you could backport this patch will be great. Thanks! Regards, Macpaul Lin _______________________________________________ Linux-mediatek mailing list Linux-mediatek@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-mediatek From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.4 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3C9CC3F2D1 for ; Fri, 6 Mar 2020 02:36:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 77C9720828 for ; Fri, 6 Mar 2020 02:36:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="AAQ6CTG6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726436AbgCFCgX (ORCPT ); Thu, 5 Mar 2020 21:36:23 -0500 Received: from mailgw01.mediatek.com ([210.61.82.183]:43141 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726162AbgCFCgX (ORCPT ); Thu, 5 Mar 2020 21:36:23 -0500 X-UUID: 9cc3b2701f8a4559a2fa5dd77344f4fc-20200306 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:MIME-Version:Content-Type:References:In-Reply-To:Date:CC:To:From:Subject:Message-ID; bh=xm6Lh3IOt6rBhv5b30U0fgLekvmN2ICx+5qldR5tZI4=; b=AAQ6CTG6kATMMz24ktLahqkzucRleC80edGrEcqu7h+px54917XELT8pJReHvs69D4UZ8RSMyRv2X8CNtccqpvqZYnIma4j2adyTo10sxsuyR/gzRy6C4myjsg0MsdcfPTp8hqGPCPZ/krSBlwfxifEYWxijIRWwSYteepqp+jU=; X-UUID: 9cc3b2701f8a4559a2fa5dd77344f4fc-20200306 Received: from mtkexhb01.mediatek.inc [(172.21.101.102)] by mailgw01.mediatek.com (envelope-from ) (Cellopoint E-mail Firewall v4.1.10 Build 0809 with TLS) with ESMTP id 505324043; Fri, 06 Mar 2020 10:36:16 +0800 Received: from mtkcas07.mediatek.inc (172.21.101.84) by mtkmbs07n1.mediatek.inc (172.21.101.16) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 6 Mar 2020 10:35:19 +0800 Received: from [172.21.77.33] (172.21.77.33) by mtkcas07.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1395.4 via Frontend Transport; Fri, 6 Mar 2020 10:35:25 +0800 Message-ID: <1583462174.12083.67.camel@mtkswgap22> Subject: Re: [PATCH] xhci-mtk: Fix NULL pointer dereference with xhci_irq() for shared_hcd From: Macpaul Lin To: Greg Kroah-Hartman CC: Mathias Nyman , Mathias Nyman , Matthias Brugger , "linux-usb@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-mediatek@lists.infradead.org" , "linux-kernel@vger.kernel.org" , Chunfeng Yun =?UTF-8?Q?=28=E4=BA=91=E6=98=A5=E5=B3=B0=29?= , wsd_upstream , Sriharsha Allenki Date: Fri, 6 Mar 2020 10:36:14 +0800 In-Reply-To: <20200305183202.GA2107395@kroah.com> References: <1579246910-22736-1-git-send-email-macpaul.lin@mediatek.com> <08f69bab-2ada-d6ab-7bf7-d960e9f148a0@linux.intel.com> <1580556039.10835.3.camel@mtkswgap22> <39ec1610-1686-6509-02ac-6e73d8be2453@linux.intel.com> <1583291775.12083.59.camel@mtkswgap22> <1583377126.12083.63.camel@mtkswgap22> <20200305183202.GA2107395@kroah.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3-0ubuntu6 MIME-Version: 1.0 X-MTK: N Content-Transfer-Encoding: base64 Sender: linux-usb-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org T24gVGh1LCAyMDIwLTAzLTA1IGF0IDE5OjMyICswMTAwLCBHcmVnIEtyb2FoLUhhcnRtYW4gd3Jv dGU6DQo+IE9uIFRodSwgTWFyIDA1LCAyMDIwIGF0IDEwOjU4OjQ2QU0gKzA4MDAsIE1hY3BhdWwg TGluIHdyb3RlOg0KPiA+IE9uIFdlZCwgMjAyMC0wMy0wNCBhdCAxNjozOSArMDIwMCwgTWF0aGlh cyBOeW1hbiB3cm90ZToNCj4gPiA+IE9uIDQuMy4yMDIwIDUuMTYsIE1hY3BhdWwgTGluIHdyb3Rl Og0KPiA+ID4gPiBPbiBUdWUsIDIwMjAtMDItMDQgYXQgMTc6NDQgKzA4MDAsIE1hdGhpYXMgTnlt YW4gd3JvdGU6DQo+ID4gPiA+PiBPbiAxLjIuMjAyMCAxMy4yMCwgTWFjcGF1bCBMaW4gd3JvdGU6 DQo+ID4gPiA+Pj4gT24gRnJpLCAyMDIwLTAxLTMxIGF0IDE2OjUwICswMjAwLCBNYXRoaWFzIE55 bWFuIHdyb3RlOg0KPiA+ID4gPj4+PiBPbiAxNy4xLjIwMjAgOS40MSwgTWFjcGF1bCBMaW4gd3Jv dGU6DQo+ID4gPiA+Pj4+PiBBY2NvcmRpbmcgdG8gTlVMTCBwb2ludGVyIGZpeDogaHR0cHM6Ly90 aW55dXJsLmNvbS91cWZ0NXJhDQo+ID4gPiA+Pj4+PiB4aGNpOiBGaXggTlVMTCBwb2ludGVyIGRl cmVmZXJlbmNlIHdpdGggeGhjaV9pcnEoKSBmb3Igc2hhcmVkX2hjZA0KPiA+ID4gPj4+Pj4gVGhl IHNpbWlsYXIgaXNzdWUgaGFzIGFsc28gYmVlbiBmb3VuZCBpbiBRQyBhY3Rpdml0aWVzIGluIE1l ZGlhdGVrLg0KPiA+ID4gPj4+Pj4NCj4gPiA+ID4+Pj4+IEhlcmUgcXVvdGUgdGhlIGRlc2NyaXB0 aW9uIGZyb20gdGhlIHJlZmVyZW5jZWQgcGF0Y2ggYXMgZm9sbG93cy4NCj4gPiA+ID4+Pj4+ICJD b21taXQgKCJmMDY4MDkwNDI2ZWEgeGhjaTogRml4IGxlYWtpbmcgVVNCMyBzaGFyZWRfaGNkDQo+ ID4gPiA+Pj4+PiBhdCB4aGNpIHJlbW92YWwiKSBzZXRzIHhoY2lfc2hhcmVkX2hjZCB0byBOVUxM IHdpdGhvdXQNCj4gPiA+ID4+Pj4+IHN0b3BwaW5nIHhoY2kgaG9zdC4gVGhpcyByZXN1bHRzIGlu dG8gYSByYWNlIGNvbmRpdGlvbg0KPiA+ID4gPj4+Pj4gd2hlcmUgc2hhcmVkX2hjZCAoc3VwZXIg c3BlZWQgcm9vdGh1YikgcmVsYXRlZCBpbnRlcnJ1cHRzDQo+ID4gPiA+Pj4+PiBhcmUgYmVpbmcg aGFuZGxlZCB3aXRoIHhoY2lfaXJxIGhhcHBlbnMgd2hlbiB0aGUNCj4gPiA+ID4+Pj4+IHhoY2lf cGxhdF9yZW1vdmUgaXMgY2FsbGVkIGFuZCBzaGFyZWRfaGNkIGlzIHNldCB0byBOVUxMLg0KPiA+ ID4gPj4+Pj4gRml4IHRoaXMgYnkgc2V0dGluZyB0aGUgc2hhcmVkX2hjZCB0byBOVUxMIG9ubHkg YWZ0ZXIgdGhlDQo+ID4gPiA+Pj4+PiBjb250cm9sbGVyIGlzIGhhbHRlZCBhbmQgbm8gaW50ZXJy dXB0cyBhcmUgZ2VuZXJhdGVkLiINCj4gPiA+ID4+Pj4+DQo+ID4gPiA+Pj4+PiBTaWduZWQtb2Zm LWJ5OiBTcmloYXJzaGEgQWxsZW5raSA8c2FsbGVua2lAY29kZWF1cm9yYS5vcmc+DQo+ID4gPiA+ Pj4+PiBTaWduZWQtb2ZmLWJ5OiBNYWNwYXVsIExpbiA8bWFjcGF1bC5saW5AbWVkaWF0ZWsuY29t Pg0KPiA+ID4gPj4+Pj4gLS0tDQo+ID4gPiA+Pj4+PiAgICBkcml2ZXJzL3VzYi9ob3N0L3hoY2kt bXRrLmMgfCAyICstDQo+ID4gPiA+Pj4+PiAgICAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24o KyksIDEgZGVsZXRpb24oLSkNCj4gPiA+ID4+Pj4+DQo+ID4gPiA+Pj4+PiBkaWZmIC0tZ2l0IGEv ZHJpdmVycy91c2IvaG9zdC94aGNpLW10ay5jIGIvZHJpdmVycy91c2IvaG9zdC94aGNpLW10ay5j DQo+ID4gPiA+Pj4+PiBpbmRleCBiMThhNmJhZWYyMDQuLmMyMjdjNjdmNWRjNSAxMDA2NDQNCj4g PiA+ID4+Pj4+IC0tLSBhL2RyaXZlcnMvdXNiL2hvc3QveGhjaS1tdGsuYw0KPiA+ID4gPj4+Pj4g KysrIGIvZHJpdmVycy91c2IvaG9zdC94aGNpLW10ay5jDQo+ID4gPiA+Pj4+PiBAQCAtNTkzLDEx ICs1OTMsMTEgQEAgc3RhdGljIGludCB4aGNpX210a19yZW1vdmUoc3RydWN0IHBsYXRmb3JtX2Rl dmljZSAqZGV2KQ0KPiA+ID4gPj4+Pj4gICAgCXN0cnVjdCB1c2JfaGNkICAqc2hhcmVkX2hjZCA9 IHhoY2ktPnNoYXJlZF9oY2Q7DQo+ID4gPiA+Pj4+PiAgICANCj4gPiA+ID4+Pj4+ICAgIAl1c2Jf cmVtb3ZlX2hjZChzaGFyZWRfaGNkKTsNCj4gPiA+ID4+Pj4+IC0JeGhjaS0+c2hhcmVkX2hjZCA9 IE5VTEw7DQo+ID4gPiA+Pj4+PiAgICAJZGV2aWNlX2luaXRfd2FrZXVwKCZkZXYtPmRldiwgZmFs c2UpOw0KPiA+ID4gPj4+Pj4gICAgDQo+ID4gPiA+Pj4+PiAgICAJdXNiX3JlbW92ZV9oY2QoaGNk KTsNCj4gPiA+ID4+Pj4+ICAgIAl1c2JfcHV0X2hjZChzaGFyZWRfaGNkKTsNCj4gPiA+ID4+Pj4+ ICsJeGhjaS0+c2hhcmVkX2hjZCA9IE5VTEw7DQo+ID4gPiA+Pj4+PiAgICAJdXNiX3B1dF9oY2Qo aGNkKTsNCj4gPiA+ID4+Pj4+ICAgIAl4aGNpX210a19zY2hfZXhpdChtdGspOw0KPiA+ID4gPj4+ Pj4gICAgCXhoY2lfbXRrX2Nsa3NfZGlzYWJsZShtdGspOw0KPiA+ID4gPj4+Pj4NCj4gPiA+ID4+ Pj4NCj4gPiA+ID4+Pj4gQ291bGQgeW91IHNoYXJlIGRldGFpbHMgb2YgdGhlIE5VTEwgcG9pbnRl ciBkZXJlZmVyZW5jZSwgKGJhY2t0cmFjZSkuDQo+ID4gPiA+Pj4NCj4gPiA+ID4+PiBUaGlzIGJ1 ZyB3YXMgZm91bmQgYnkgb3VyIFFBIHN0YWZmIHdoaWxlIGRvaW5nIDUwMCB0aW1lcyBwbHVnLWlu IGFuZA0KPiA+ID4gPj4+IHBsdWctb3V0IGRldmljZXMuIFRoZSBiYWNrdHJhY2UgSSBoYXZlIHdh cyByZWNvcmRlZCBieSBRQSBhbmQgSSBkaWRuJ3QNCj4gPiA+ID4+PiByZXByb2R1Y2UgdGhpcyBp c3N1ZSBvbiBteSBvd24gZW52aXJvbm1lbnQuIEhvd2V2ZXIsIGFmdGVyIGFwcGxpZWQgdGhpcw0K PiA+ID4gPj4+IHBhdGNoIHRoZSBpc3N1ZSBzZWVtcyByZXNvbHZlLiBIZXJlIGlzIHRoZSBiYWNr dHJhY2U6DQo+ID4gPiA+Pj4NCj4gPiA+ID4+PiBFeGNlcHRpb24gQ2xhc3M6IEtlcm5lbCAoS0Up DQo+ID4gPiA+Pj4gUEMgaXMgYXQgWzxmZmZmZmY4MDA4Y2NjYmMwPl0geGhjaV9pcnErMHg3Mjgv MHgyMzY0DQo+ID4gPiA+Pj4gTFIgaXMgYXQgWzxmZmZmZmY4MDA4Y2NjNzg4Pl0geGhjaV9pcnEr MHgyZjAvMHgyMzY0DQo+ID4gPiA+Pj4NCj4gPiA+ID4+PiBDdXJyZW50IEV4ZWN1dGluZyBQcm9j ZXNzOg0KPiA+ID4gPj4+IFtpcHRhYmxlcywgODU5XVtuZXRkYWdlbnQsIDc3MF0NCj4gPiA+ID4+ Pg0KPiA+ID4gPj4+IEJhY2t0cmFjZToNCj4gPiA+ID4+PiBbPGZmZmZmZjgwMDgwZWFkNTg+XSBf X2F0b21pY19ub3RpZmllcl9jYWxsX2NoYWluKzB4YTgvMHgxMzANCj4gPiA+ID4+PiBbPGZmZmZm ZjgwMDgwZWI2ZDQ+XSBub3RpZnlfZGllKzB4ODQvMHhhYw0KPiA+ID4gPj4+IFs8ZmZmZmZmODAw ODA4ZTg3ND5dIGRpZSsweDFkOC8weDNiOA0KPiA+ID4gPj4+IFs8ZmZmZmZmODAwODBhODliMD5d IF9fZG9fa2VybmVsX2ZhdWx0KzB4MTc4LzB4MTg4DQo+ID4gPiA+Pj4gWzxmZmZmZmY4MDA4MGE4 MWI0Pl0gZG9fcGFnZV9mYXVsdCsweDQ0LzB4M2IwDQo+ID4gPiA+Pj4gWzxmZmZmZmY4MDA4MGE4 MTFjPl0gZG9fdHJhbnNsYXRpb25fZmF1bHQrMHg0NC8weDk4DQo+ID4gPiA+Pj4gWzxmZmZmZmY4 MDA4MDgwZTA4Pl0gZG9fbWVtX2Fib3J0KzB4NGMvMHgxMjgNCj4gPiA+ID4+PiBbPGZmZmZmZjgw MDgwODMyZDA+XSBlbDFfZGErMHgyNC8weDNjDQo+ID4gPiA+Pj4gWzxmZmZmZmY4MDA4Y2NjYmMw Pl0geGhjaV9pcnErMHg3MjgvMHgyMzY0DQo+ID4gPiA+Pj4gWzxmZmZmZmY4MDA4Yzk4ODA0Pl0g dXNiX2hjZF9pcnErMHgyYy8weDQ0DQo+ID4gPiA+Pj4gWzxmZmZmZmY4MDA4MTc5YmIwPl0gX19o YW5kbGVfaXJxX2V2ZW50X3BlcmNwdSsweDI2Yy8weDRhNA0KPiA+ID4gPj4+IFs8ZmZmZmZmODAw ODE3OWVjOD5dIGhhbmRsZV9pcnFfZXZlbnQrMHg1Yy8weGQwDQo+ID4gPiA+Pj4gWzxmZmZmZmY4 MDA4MTdlM2MwPl0gaGFuZGxlX2Zhc3Rlb2lfaXJxKzB4MTBjLzB4MWUwDQo+ID4gPiA+Pj4gWzxm ZmZmZmY4MDA4MTc4N2IwPl0gX19oYW5kbGVfZG9tYWluX2lycSsweDMyYy8weDczOA0KPiA+ID4g Pj4+IFs8ZmZmZmZmODAwODA4MTU5Yz5dIGdpY19oYW5kbGVfaXJxKzB4MTc0LzB4MWM0DQo+ID4g PiA+Pj4gWzxmZmZmZmY4MDA4MDgzY2Y4Pl0gZWwwX2lycV9uYWtlZCsweDUwLzB4NWMNCj4gPiA+ ID4+PiBbPGZmZmZmZmZmZmZmZmZmZmY+XSAweGZmZmZmZmZmZmZmZmZmZmYNCj4gPiA+ID4+Pg0K PiA+ID4gPj4NCj4gPiA+ID4+IFRoYW5rcywNCj4gPiA+ID4+IENvdWxkIHlvdSBoZWxwIG1lIGZp bmQgb3V0IHdoaWNoIGxpbmUgb2YgY29kZSB4aGNpX2lycSsweDcyOCBpcyBpbiB5b3VyIGNhc2Uu DQo+ID4gPiA+Pg0KPiA+ID4gPj4gQXMgR3VlbnRlciBwb2ludGVkIG91dCB0aGVyZSBpcyBhIHJp c2sgb2YgdHVybmluZyB0aGUgTlVMTCBwb2ludGVyIGRlcmVmZXJlbmNlDQo+ID4gPiA+PiBpbnRv IGEgdXNlIGFmdGVyIGZyZWUgaWYgd2UganVzdCBzb2x2ZSB0aGlzIGJ5IHNldHRpbmcgeGhjaS0+ c2hhcmVkX2hjZCA9IE5VTEwNCj4gPiA+ID4+IGxhdGVyLg0KPiA+ID4gPj4NCj4gPiA+ID4+IElm IHlvdSBzdGlsbCBoYXZlIHRoYXQga2VybmVsIGFyb3VuZCwgYW5kIHhoY2kgaXMgY29tcGlsZWQg aW46DQo+ID4gPiA+PiBnZGIgdm1saW51eA0KPiA+ID4gPj4gZ2RiIGxpICooeGhjaV9pcnErMHg3 MjgpDQo+ID4gPiA+Pg0KPiA+ID4gPiANCj4gPiA+ID4gU29ycnkgdGhhdCBJIGNvdWxkbid0IGdl dCBiYWNrIHRvIHlvdSBzb29uLiBUaGUgaW50ZXJuYWwgY29kZSB2ZXJzaW9uDQo+ID4gPiA+IGZv ciB0aGlzIGlzc3VlIHdhcyByZWFsbHkgb2xkIGFuZCBhIGxpdHRsZSBiaXQgZGlmZmljdWx0IHRv IHJld2luZCB0bw0KPiA+ID4gPiB0aGF0IHZlcnNpb24uDQo+ID4gPiA+IEhvd2V2ZXIsIEkgdGhp bmsgdGhlIGZvbGxvd2luZyBkdW1wIG1pZ2h0IGJlIGNvcnJlY3QgZm9yIHRoZSBjb2RlIGJhc2Uu DQo+ID4gPiA+IA0KPiA+ID4gPiAoZ2RiKSBsaSAqKHhoY2lfaXJxKzB4NzI4KQ0KPiA+ID4gPiAw eGZmZmZmZjgwMDhjYzg2MzQgaXMgaW4geGhjaV9pcnEgKCpzdHJpcHBlZCoNCj4gPiA+ID4ga2Vy bmVsLTQuMTQvZHJpdmVycy91c2IvaG9zdC94aGNpLmg6MTY5NCkuDQo+ID4gPiA+IDE2ODkgICAg ICovDQo+ID4gPiA+IDE2OTAgICAgI2RlZmluZSBYSENJX01BWF9SRVhJVF9USU1FT1VUX01TICAg ICAgIDIwDQo+ID4gPiA+IDE2OTENCj4gPiA+ID4gMTY5MiAgICBzdGF0aWMgaW5saW5lIHVuc2ln bmVkIGludCBoY2RfaW5kZXgoc3RydWN0IHVzYl9oY2QgKmhjZCkNCj4gPiA+ID4gMTY5MyAgICB7 DQo+ID4gPiA+IDE2OTQgICAgICAgICAgICBpZiAoaGNkLT5zcGVlZCA+PSBIQ0RfVVNCMykNCj4g PiA+ID4gMTY5NSAgICAgICAgICAgICAgICAgICAgcmV0dXJuIDA7DQo+ID4gPiA+IDE2OTYgICAg ICAgICAgICBlbHNlDQo+ID4gPiA+IDE2OTcgICAgICAgICAgICAgICAgICAgIHJldHVybiAxOw0K PiA+ID4gPiAxNjk4ICAgIH0NCj4gPiA+ID4gKGdkYikNCj4gPiA+ID4gDQo+ID4gPiA+IFRoYW5r cw0KPiA+ID4gPiBNYWNwYXVsIExpbg0KPiA+ID4gPiANCj4gPiA+IA0KPiA+ID4gQWgsIGl0IHdh cyBhIDQuMTQga2VybmVsLg0KPiA+ID4gVGhpcyBzaG91bGQgYmUgZml4ZWQgaW4gNC4yMCB3aXRo IHBhdGNoOg0KPiA+ID4gMTI0NTM3NGU5YjgzIHhoY2k6IGhhbmRsZSBwb3J0IHN0YXR1cyBldmVu dHMgZm9yIHJlbW92ZWQgVVNCMyBoY2QNCj4gPiA+IA0KPiA+ID4gUG9ydCBhcnJheXMvc3RydWN0 dXJlcyB3ZXJlIGNoYW5nZWQgY29tcGxldGVseSBpbiA0LjE4DQo+ID4gPiANCj4gPiA+IFNvbWV0 aGluZyBsaWtlIHRoZSBiZWxvdyBzaG91bGQgd29yayBmb3IgNC4xNDoNCj4gPiA+IA0KPiA+ID4g ZGlmZiAtLWdpdCBhL2RyaXZlcnMvdXNiL2hvc3QveGhjaS1yaW5nLmMgYi9kcml2ZXJzL3VzYi9o b3N0L3hoY2ktcmluZy5jDQo+ID4gPiBpbmRleCA2MWZhMzAwN2E3NGEuLmU3MzY3YjlmMTljNSAx MDA2NDQNCj4gPiA+IC0tLSBhL2RyaXZlcnMvdXNiL2hvc3QveGhjaS1yaW5nLmMNCj4gPiA+ICsr KyBiL2RyaXZlcnMvdXNiL2hvc3QveGhjaS1yaW5nLmMNCj4gPiA+IEBAIC0xNjQwLDYgKzE2NDAs MTIgQEAgc3RhdGljIHZvaWQgaGFuZGxlX3BvcnRfc3RhdHVzKHN0cnVjdCB4aGNpX2hjZCAqeGhj aSwNCj4gPiA+ICAJaWYgKChtYWpvcl9yZXZpc2lvbiA9PSAweDAzKSAhPSAoaGNkLT5zcGVlZCA+ PSBIQ0RfVVNCMykpDQo+ID4gPiAgCQloY2QgPSB4aGNpLT5zaGFyZWRfaGNkOw0KPiA+ID4gIA0K PiA+ID4gKwlpZiAoIWhjZCkgew0KPiA+ID4gKwkJeGhjaV9kYmcoeGhjaSwgIk5vIGhjZCBmb3Vu ZCBmb3IgcG9ydCAldSBldmVudFxuIiwgcG9ydF9pZCk7DQo+ID4gPiArCQlib2d1c19wb3J0X3N0 YXR1cyA9IHRydWU7DQo+ID4gPiArCQlnb3RvIGNsZWFudXA7DQo+ID4gPiArCX0NCj4gPiA+ICsN Cj4gPiA+ICAJaWYgKG1ham9yX3JldmlzaW9uID09IDApIHsNCj4gPiA+ICAJCXhoY2lfd2Fybih4 aGNpLCAiRXZlbnQgZm9yIHBvcnQgJXUgbm90IGluICINCj4gPiA+ICAJCQkJIkV4dGVuZGVkIENh cGFiaWxpdGllcywgaWdub3JpbmcuXG4iLA0KPiA+IA0KPiA+IFRoYW5rcyBmb3IgdGhpcyBzdWdn ZXN0aW9uLCB0aGlzIGlzIG11Y2ggYmV0dGVyISBJIGFtIHNvcnJ5IHRoYXQgd2UncmUNCj4gPiB1 c2luZyBhbmRyb2lkIGtlcm5lbCB0aGF0IHNvbWUgcmVwb3J0ZWQgaXNzdWUgbWlnaHQgYmUgb3V0 IG9mIGRhdGUuIEkNCj4gPiB3aWxsIHVwZGF0ZSB0aGUgc3VnZ2VzdGlvbiBpbnRvIG91ciBjb2Rl IGJhc2UuIFRoYW5rcyENCj4gDQo+IFNob3VsZCBJIGJhY2twb3J0IHRoaXMgdG8gNC4xNCBhbmQg b2xkZXIga2VybmVscyB0byBwcmV2ZW50IHRoaXMgaXNzdWUNCj4gZnJvbSBzaG93aW5nIHVwIGlu IG5ld2VyIEFuZHJvaWQgZGV2aWNlcyB0aGF0IGFyZSB1c2luZyB0aGVzZSBvbGRlcg0KPiBrZXJu ZWxzPw0KPiANCj4gdGhhbmtzLA0KPiANCj4gZ3JlZyBrLWgNCg0KSWYgdGhpcyBjb3VsZCBiZSBi YWNrcG9ydGVkIHRvIG9sZGVyIGtlcm5lbCB0aGF0IHdpbGwgYmUgZ3JlYXQgZm9yIG5ld2VyDQpB bmRyb2lkIGRldmljZXMuIFNvbWUgb2YgdGhlIHNoaXBwaW5nIGRldmljZXMgd2lsbCBoYXZlIHJl cXVpcmVtZW50IG9mDQprZXJuZWwgdXBncmFkZS4gSGVuY2UgaWYgeW91IGNvdWxkIGJhY2twb3J0 IHRoaXMgcGF0Y2ggd2lsbCBiZSBncmVhdC4NCg0KVGhhbmtzIQ0KDQpSZWdhcmRzLA0KTWFjcGF1 bCBMaW4NCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06CC8C3F2D8 for ; Fri, 6 Mar 2020 02:36:30 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C49D0206D7 for ; Fri, 6 Mar 2020 02:36:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="k1p3fHtC"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="AAQ6CTG6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C49D0206D7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Date:To:From:Subject:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=gQ9tPxD0ucVzYLmFD90xNy3EYURsS8on1SCbhOOgmgA=; b=k1p3fHtCq6ubpn rAEPrzXeZznyQFFQS7OBfVND7+yja6NGs7E7FdW0HgPTEmAWTeTmTMcTMox8b/8sS8zthp+gEdMHO ZMqPDWXiw+ef7H+Qm2u3icU0fe0J6czPQ1CN7mHSJsR6aGaGq04v+VJ97YU/MAAXGV1REjEutlAAJ s6QrDPwxUFmB+jRTbURt2NpRAJQn2+bafobmQspSi9EvmSnaYaYQTJ3GP65UbmgtfonXzSKLkWd56 o7Zi/q+CF6LdDOxgVgDIyiaZ3HD5wxAwwE+NjL3c8ZT9yZbcDe9WtP2Rnnt8oiBeN0dQW4MbozYqR e54n9n88cXqYbxQGtspw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jA2qj-000696-A9; Fri, 06 Mar 2020 02:36:29 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jA2qf-00066C-Hj; Fri, 06 Mar 2020 02:36:27 +0000 X-UUID: 10e3b1444feb453f865fc52935495105-20200305 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:MIME-Version:Content-Type:References:In-Reply-To:Date:CC:To:From:Subject:Message-ID; bh=xm6Lh3IOt6rBhv5b30U0fgLekvmN2ICx+5qldR5tZI4=; b=AAQ6CTG6kATMMz24ktLahqkzucRleC80edGrEcqu7h+px54917XELT8pJReHvs69D4UZ8RSMyRv2X8CNtccqpvqZYnIma4j2adyTo10sxsuyR/gzRy6C4myjsg0MsdcfPTp8hqGPCPZ/krSBlwfxifEYWxijIRWwSYteepqp+jU=; X-UUID: 10e3b1444feb453f865fc52935495105-20200305 Received: from mtkcas68.mediatek.inc [(172.29.94.19)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLS) with ESMTP id 1655822279; Thu, 05 Mar 2020 18:36:18 -0800 Received: from mtkmbs07n1.mediatek.inc (172.21.101.16) by MTKMBS62N2.mediatek.inc (172.29.193.42) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 5 Mar 2020 18:36:37 -0800 Received: from mtkcas07.mediatek.inc (172.21.101.84) by mtkmbs07n1.mediatek.inc (172.21.101.16) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 6 Mar 2020 10:35:19 +0800 Received: from [172.21.77.33] (172.21.77.33) by mtkcas07.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1395.4 via Frontend Transport; Fri, 6 Mar 2020 10:35:25 +0800 Message-ID: <1583462174.12083.67.camel@mtkswgap22> Subject: Re: [PATCH] xhci-mtk: Fix NULL pointer dereference with xhci_irq() for shared_hcd From: Macpaul Lin To: Greg Kroah-Hartman Date: Fri, 6 Mar 2020 10:36:14 +0800 In-Reply-To: <20200305183202.GA2107395@kroah.com> References: <1579246910-22736-1-git-send-email-macpaul.lin@mediatek.com> <08f69bab-2ada-d6ab-7bf7-d960e9f148a0@linux.intel.com> <1580556039.10835.3.camel@mtkswgap22> <39ec1610-1686-6509-02ac-6e73d8be2453@linux.intel.com> <1583291775.12083.59.camel@mtkswgap22> <1583377126.12083.63.camel@mtkswgap22> <20200305183202.GA2107395@kroah.com> X-Mailer: Evolution 3.2.3-0ubuntu6 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200305_183625_599776_7DE71D7B X-CRM114-Status: GOOD ( 33.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sriharsha Allenki , Mathias Nyman , wsd_upstream , Mathias Nyman , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Chunfeng Yun =?UTF-8?Q?=28=E4=BA=91=E6=98=A5=E5=B3=B0=29?= , "linux-mediatek@lists.infradead.org" , Matthias Brugger , "linux-arm-kernel@lists.infradead.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 2020-03-05 at 19:32 +0100, Greg Kroah-Hartman wrote: > On Thu, Mar 05, 2020 at 10:58:46AM +0800, Macpaul Lin wrote: > > On Wed, 2020-03-04 at 16:39 +0200, Mathias Nyman wrote: > > > On 4.3.2020 5.16, Macpaul Lin wrote: > > > > On Tue, 2020-02-04 at 17:44 +0800, Mathias Nyman wrote: > > > >> On 1.2.2020 13.20, Macpaul Lin wrote: > > > >>> On Fri, 2020-01-31 at 16:50 +0200, Mathias Nyman wrote: > > > >>>> On 17.1.2020 9.41, Macpaul Lin wrote: > > > >>>>> According to NULL pointer fix: https://tinyurl.com/uqft5ra > > > >>>>> xhci: Fix NULL pointer dereference with xhci_irq() for shared_hcd > > > >>>>> The similar issue has also been found in QC activities in Mediatek. > > > >>>>> > > > >>>>> Here quote the description from the referenced patch as follows. > > > >>>>> "Commit ("f068090426ea xhci: Fix leaking USB3 shared_hcd > > > >>>>> at xhci removal") sets xhci_shared_hcd to NULL without > > > >>>>> stopping xhci host. This results into a race condition > > > >>>>> where shared_hcd (super speed roothub) related interrupts > > > >>>>> are being handled with xhci_irq happens when the > > > >>>>> xhci_plat_remove is called and shared_hcd is set to NULL. > > > >>>>> Fix this by setting the shared_hcd to NULL only after the > > > >>>>> controller is halted and no interrupts are generated." > > > >>>>> > > > >>>>> Signed-off-by: Sriharsha Allenki > > > >>>>> Signed-off-by: Macpaul Lin > > > >>>>> --- > > > >>>>> drivers/usb/host/xhci-mtk.c | 2 +- > > > >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > > > >>>>> > > > >>>>> diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c > > > >>>>> index b18a6baef204..c227c67f5dc5 100644 > > > >>>>> --- a/drivers/usb/host/xhci-mtk.c > > > >>>>> +++ b/drivers/usb/host/xhci-mtk.c > > > >>>>> @@ -593,11 +593,11 @@ static int xhci_mtk_remove(struct platform_device *dev) > > > >>>>> struct usb_hcd *shared_hcd = xhci->shared_hcd; > > > >>>>> > > > >>>>> usb_remove_hcd(shared_hcd); > > > >>>>> - xhci->shared_hcd = NULL; > > > >>>>> device_init_wakeup(&dev->dev, false); > > > >>>>> > > > >>>>> usb_remove_hcd(hcd); > > > >>>>> usb_put_hcd(shared_hcd); > > > >>>>> + xhci->shared_hcd = NULL; > > > >>>>> usb_put_hcd(hcd); > > > >>>>> xhci_mtk_sch_exit(mtk); > > > >>>>> xhci_mtk_clks_disable(mtk); > > > >>>>> > > > >>>> > > > >>>> Could you share details of the NULL pointer dereference, (backtrace). > > > >>> > > > >>> This bug was found by our QA staff while doing 500 times plug-in and > > > >>> plug-out devices. The backtrace I have was recorded by QA and I didn't > > > >>> reproduce this issue on my own environment. However, after applied this > > > >>> patch the issue seems resolve. Here is the backtrace: > > > >>> > > > >>> Exception Class: Kernel (KE) > > > >>> PC is at [] xhci_irq+0x728/0x2364 > > > >>> LR is at [] xhci_irq+0x2f0/0x2364 > > > >>> > > > >>> Current Executing Process: > > > >>> [iptables, 859][netdagent, 770] > > > >>> > > > >>> Backtrace: > > > >>> [] __atomic_notifier_call_chain+0xa8/0x130 > > > >>> [] notify_die+0x84/0xac > > > >>> [] die+0x1d8/0x3b8 > > > >>> [] __do_kernel_fault+0x178/0x188 > > > >>> [] do_page_fault+0x44/0x3b0 > > > >>> [] do_translation_fault+0x44/0x98 > > > >>> [] do_mem_abort+0x4c/0x128 > > > >>> [] el1_da+0x24/0x3c > > > >>> [] xhci_irq+0x728/0x2364 > > > >>> [] usb_hcd_irq+0x2c/0x44 > > > >>> [] __handle_irq_event_percpu+0x26c/0x4a4 > > > >>> [] handle_irq_event+0x5c/0xd0 > > > >>> [] handle_fasteoi_irq+0x10c/0x1e0 > > > >>> [] __handle_domain_irq+0x32c/0x738 > > > >>> [] gic_handle_irq+0x174/0x1c4 > > > >>> [] el0_irq_naked+0x50/0x5c > > > >>> [] 0xffffffffffffffff > > > >>> > > > >> > > > >> Thanks, > > > >> Could you help me find out which line of code xhci_irq+0x728 is in your case. > > > >> > > > >> As Guenter pointed out there is a risk of turning the NULL pointer dereference > > > >> into a use after free if we just solve this by setting xhci->shared_hcd = NULL > > > >> later. > > > >> > > > >> If you still have that kernel around, and xhci is compiled in: > > > >> gdb vmlinux > > > >> gdb li *(xhci_irq+0x728) > > > >> > > > > > > > > Sorry that I couldn't get back to you soon. The internal code version > > > > for this issue was really old and a little bit difficult to rewind to > > > > that version. > > > > However, I think the following dump might be correct for the code base. > > > > > > > > (gdb) li *(xhci_irq+0x728) > > > > 0xffffff8008cc8634 is in xhci_irq (*stripped* > > > > kernel-4.14/drivers/usb/host/xhci.h:1694). > > > > 1689 */ > > > > 1690 #define XHCI_MAX_REXIT_TIMEOUT_MS 20 > > > > 1691 > > > > 1692 static inline unsigned int hcd_index(struct usb_hcd *hcd) > > > > 1693 { > > > > 1694 if (hcd->speed >= HCD_USB3) > > > > 1695 return 0; > > > > 1696 else > > > > 1697 return 1; > > > > 1698 } > > > > (gdb) > > > > > > > > Thanks > > > > Macpaul Lin > > > > > > > > > > Ah, it was a 4.14 kernel. > > > This should be fixed in 4.20 with patch: > > > 1245374e9b83 xhci: handle port status events for removed USB3 hcd > > > > > > Port arrays/structures were changed completely in 4.18 > > > > > > Something like the below should work for 4.14: > > > > > > diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c > > > index 61fa3007a74a..e7367b9f19c5 100644 > > > --- a/drivers/usb/host/xhci-ring.c > > > +++ b/drivers/usb/host/xhci-ring.c > > > @@ -1640,6 +1640,12 @@ static void handle_port_status(struct xhci_hcd *xhci, > > > if ((major_revision == 0x03) != (hcd->speed >= HCD_USB3)) > > > hcd = xhci->shared_hcd; > > > > > > + if (!hcd) { > > > + xhci_dbg(xhci, "No hcd found for port %u event\n", port_id); > > > + bogus_port_status = true; > > > + goto cleanup; > > > + } > > > + > > > if (major_revision == 0) { > > > xhci_warn(xhci, "Event for port %u not in " > > > "Extended Capabilities, ignoring.\n", > > > > Thanks for this suggestion, this is much better! I am sorry that we're > > using android kernel that some reported issue might be out of date. I > > will update the suggestion into our code base. Thanks! > > Should I backport this to 4.14 and older kernels to prevent this issue > from showing up in newer Android devices that are using these older > kernels? > > thanks, > > greg k-h If this could be backported to older kernel that will be great for newer Android devices. Some of the shipping devices will have requirement of kernel upgrade. Hence if you could backport this patch will be great. Thanks! Regards, Macpaul Lin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel