From: Krzysztof Kozlowski <krzk@kernel.org>
To: Robin Gong <yibin.gong@nxp.com>
Cc: Vinod Koul <vkoul@kernel.org>,
Dan Williams <dan.j.williams@intel.com>,
Peng Ma <peng.ma@nxp.com>, Fabio Estevam <festevam@gmail.com>,
"dmaengine@vger.kernel.org" <dmaengine@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 2/2] dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
Date: Thu, 11 Jun 2020 15:10:11 +0200 [thread overview]
Message-ID: <20200611131011.GA26264@kozik-lap> (raw)
In-Reply-To: <VE1PR04MB66382172816FB95036776F6489800@VE1PR04MB6638.eurprd04.prod.outlook.com>
On Thu, Jun 11, 2020 at 01:04:43PM +0000, Robin Gong wrote:
> On 2020/06/11 20:18 Krzysztof Kozlowski <krzk@kernel.org> wrote:
> >
> > NULL pointer exception happens occasionally on serial output initiated by login
> > timeout. This was reproduced only if kernel was built with significant
> > debugging options and EDMA driver is used with serial console.
> >
> > col-vf50 login: root
> > Password:
> > Login timed out after 60 seconds.
> > Unable to handle kernel NULL pointer dereference at virtual address
> > 00000044
> > Internal error: Oops: 5 [#1] ARM
> > CPU: 0 PID: 157 Comm: login Not tainted 5.7.0-next-20200610-dirty #4
> > Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree)
> > (fsl_edma_tx_handler) from [<8016eb10>]
> > (__handle_irq_event_percpu+0x64/0x304)
> > (__handle_irq_event_percpu) from [<8016eddc>]
> > (handle_irq_event_percpu+0x2c/0x7c)
> > (handle_irq_event_percpu) from [<8016ee64>]
> > (handle_irq_event+0x38/0x5c)
> > (handle_irq_event) from [<801729e4>]
> > (handle_fasteoi_irq+0xa4/0x160)
> > (handle_fasteoi_irq) from [<8016ddcc>]
> > (generic_handle_irq+0x34/0x44)
> > (generic_handle_irq) from [<8016e40c>]
> > (__handle_domain_irq+0x54/0xa8)
> > (__handle_domain_irq) from [<80508bc8>] (gic_handle_irq+0x4c/0x80)
> > (gic_handle_irq) from [<80100af0>] (__irq_svc+0x70/0x98)
> > Exception stack(0x8459fe80 to 0x8459fec8)
> > fe80: 72286b00 e3359f64 00000001 0000412d a0070013 85c98840
> > 85c98840 a0070013
> > fea0: 8054e0d4 00000000 00000002 00000000 00000002 8459fed0
> > 8081fbe8 8081fbec
> > fec0: 60070013 ffffffff
> > (__irq_svc) from [<8081fbec>]
> > (_raw_spin_unlock_irqrestore+0x30/0x58)
> > (_raw_spin_unlock_irqrestore) from [<8056cb48>]
> > (uart_flush_buffer+0x88/0xf8)
> > (uart_flush_buffer) from [<80554e60>] (tty_ldisc_hangup+0x38/0x1ac)
> > (tty_ldisc_hangup) from [<8054c7f4>] (__tty_hangup+0x158/0x2bc)
> > (__tty_hangup) from [<80557b90>]
> > (disassociate_ctty.part.1+0x30/0x23c)
> > (disassociate_ctty.part.1) from [<8011fc18>] (do_exit+0x580/0xba0)
> > (do_exit) from [<801214f8>] (do_group_exit+0x3c/0xb4)
> > (do_group_exit) from [<80121580>] (__wake_up_parent+0x0/0x14)
> >
> > Issue looks like race condition between interrupt handler fsl_edma_tx_handler()
> > (called as result of fsl_edma_xfer_desc()) and terminating the transfer with
> > fsl_edma_terminate_all().
> >
> > The fsl_edma_tx_handler() handles interrupt for a transfer with already freed
> > edesc and idle==true.
> >
> > Fixes: d6be34fbd39b ("dma: Add Freescale eDMA engine driver support")
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
> > ---
> > drivers/dma/fsl-edma.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/drivers/dma/fsl-edma.c b/drivers/dma/fsl-edma.c index
> > eff7ebd8cf35..90bb72af306c 100644
> > --- a/drivers/dma/fsl-edma.c
> > +++ b/drivers/dma/fsl-edma.c
> > @@ -45,6 +45,13 @@ static irqreturn_t fsl_edma_tx_handler(int irq, void
> > *dev_id)
> > fsl_chan = &fsl_edma->chans[ch];
> >
> > spin_lock(&fsl_chan->vchan.lock);
> > +
> > + if (!fsl_chan->edesc) {
> Would you like fix the same potential issue in mcf_edma_tx_handler()
> of mcf-edma.c?
Sure. I'll make another commit as it should be backported to different
kernel.
Best regards,
Krzysztof
next prev parent reply other threads:[~2020-06-11 13:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-11 12:17 [PATCH 1/2] dmaengine: fsl-edma: Add lockdep assert for exported function Krzysztof Kozlowski
2020-06-11 12:17 ` [PATCH 2/2] dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler Krzysztof Kozlowski
2020-06-11 13:04 ` Robin Gong
2020-06-11 13:10 ` Krzysztof Kozlowski [this message]
2020-06-11 13:21 ` [PATCH] dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler Krzysztof Kozlowski
2020-06-12 2:20 ` Robin Gong
2020-06-12 2:22 ` [PATCH 2/2] dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler Robin Gong
2020-06-12 2:25 ` [PATCH 1/2] dmaengine: fsl-edma: Add lockdep assert for exported function Robin Gong
2020-06-24 7:37 ` Vinod Koul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200611131011.GA26264@kozik-lap \
--to=krzk@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dmaengine@vger.kernel.org \
--cc=festevam@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peng.ma@nxp.com \
--cc=stable@vger.kernel.org \
--cc=vkoul@kernel.org \
--cc=yibin.gong@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox