[PATCH] gpio: bcm-kona: memory corruption fix

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] gpio: bcm-kona: memory corruption fix
@ 2014-12-08 21:34 Olof Johansson
  2014-12-08 23:35 ` Ray Jui
  2014-12-09  3:06 ` Alexandre Courbot
  0 siblings, 2 replies; 3+ messages in thread
From: Olof Johansson @ 2014-12-08 21:34 UTC (permalink / raw)
  To: linus.walleij, gnurou
  Cc: rjui, linux-gpio, linux-kernel, bcm-kernel-feedback-list,
	Olof Johansson

In one instance the base address of the internal controller state
structure is passed into a function doing writel to an offset of
the pointer passed in is used, instead of the register base.

Once I found the bug, I also went back to check for other sparse
warnings in the file, but found none. This one, however, triggered:

drivers/gpio/gpio-bcm-kona.c:552:47: warning: incorrect type in argument 1 (different address spaces)
drivers/gpio/gpio-bcm-kona.c:552:47:    expected void [noderef] <asn:2>*reg_base
drivers/gpio/gpio-bcm-kona.c:552:47:    got struct bcm_kona_gpio *kona_gpio
drivers/gpio/gpio-bcm-kona.c:556:47: warning: incorrect type in argument 1 (different address spaces)
drivers/gpio/gpio-bcm-kona.c:556:47:    expected void [noderef] <asn:2>*reg_base
drivers/gpio/gpio-bcm-kona.c:556:47:    got struct bcm_kona_gpio *kona_gpio

As far as I can tell, this bug has been here for a long time and is
not new, but I found it when hunting down another heisenbug on this
platform.

Not marking for stable since I am unaware of any upstream user of kona
on a product that would benefit from it.

Signed-off-by: Olof Johansson <olof@lixom.net>
---
 drivers/gpio/gpio-bcm-kona.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
index de0801e..d552cca 100644
--- a/drivers/gpio/gpio-bcm-kona.c
+++ b/drivers/gpio/gpio-bcm-kona.c
@@ -549,11 +549,11 @@ static void bcm_kona_gpio_reset(struct bcm_kona_gpio *kona_gpio)
 	/* disable interrupts and clear status */
 	for (i = 0; i < kona_gpio->num_bank; i++) {
 		/* Unlock the entire bank first */
-		bcm_kona_gpio_write_lock_regs(kona_gpio, i, UNLOCK_CODE);
+		bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, i, UNLOCK_CODE);
 		writel(0xffffffff, reg_base + GPIO_INT_MASK(i));
 		writel(0xffffffff, reg_base + GPIO_INT_STATUS(i));
 		/* Now re-lock the bank */
-		bcm_kona_gpio_write_lock_regs(kona_gpio, i, LOCK_CODE);
+		bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, i, LOCK_CODE);
 	}
 }
 
-- 
1.7.10.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] gpio: bcm-kona: memory corruption fix
  2014-12-08 21:34 [PATCH] gpio: bcm-kona: memory corruption fix Olof Johansson
@ 2014-12-08 23:35 ` Ray Jui
  2014-12-09  3:06 ` Alexandre Courbot
  1 sibling, 0 replies; 3+ messages in thread
From: Ray Jui @ 2014-12-08 23:35 UTC (permalink / raw)
  To: Olof Johansson, linus.walleij, gnurou
  Cc: linux-gpio, linux-kernel, bcm-kernel-feedback-list



On 12/8/2014 1:34 PM, Olof Johansson wrote:
> In one instance the base address of the internal controller state
> structure is passed into a function doing writel to an offset of
> the pointer passed in is used, instead of the register base.
>
> Once I found the bug, I also went back to check for other sparse
> warnings in the file, but found none. This one, however, triggered:
>
> drivers/gpio/gpio-bcm-kona.c:552:47: warning: incorrect type in argument 1 (different address spaces)
> drivers/gpio/gpio-bcm-kona.c:552:47:    expected void [noderef] <asn:2>*reg_base
> drivers/gpio/gpio-bcm-kona.c:552:47:    got struct bcm_kona_gpio *kona_gpio
> drivers/gpio/gpio-bcm-kona.c:556:47: warning: incorrect type in argument 1 (different address spaces)
> drivers/gpio/gpio-bcm-kona.c:556:47:    expected void [noderef] <asn:2>*reg_base
> drivers/gpio/gpio-bcm-kona.c:556:47:    got struct bcm_kona_gpio *kona_gpio
>
> As far as I can tell, this bug has been here for a long time and is
> not new, but I found it when hunting down another heisenbug on this
> platform.
>
> Not marking for stable since I am unaware of any upstream user of kona
> on a product that would benefit from it.
>
> Signed-off-by: Olof Johansson <olof@lixom.net>

Acked-by: Ray Jui <rjui@broadcom.com>

> ---
>   drivers/gpio/gpio-bcm-kona.c |    4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
> index de0801e..d552cca 100644
> --- a/drivers/gpio/gpio-bcm-kona.c
> +++ b/drivers/gpio/gpio-bcm-kona.c
> @@ -549,11 +549,11 @@ static void bcm_kona_gpio_reset(struct bcm_kona_gpio *kona_gpio)
>   	/* disable interrupts and clear status */
>   	for (i = 0; i < kona_gpio->num_bank; i++) {
>   		/* Unlock the entire bank first */
> -		bcm_kona_gpio_write_lock_regs(kona_gpio, i, UNLOCK_CODE);
> +		bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, i, UNLOCK_CODE);
>   		writel(0xffffffff, reg_base + GPIO_INT_MASK(i));
>   		writel(0xffffffff, reg_base + GPIO_INT_STATUS(i));
>   		/* Now re-lock the bank */
> -		bcm_kona_gpio_write_lock_regs(kona_gpio, i, LOCK_CODE);
> +		bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, i, LOCK_CODE);
>   	}
>   }
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] gpio: bcm-kona: memory corruption fix
  2014-12-08 21:34 [PATCH] gpio: bcm-kona: memory corruption fix Olof Johansson
  2014-12-08 23:35 ` Ray Jui
@ 2014-12-09  3:06 ` Alexandre Courbot
  1 sibling, 0 replies; 3+ messages in thread
From: Alexandre Courbot @ 2014-12-09  3:06 UTC (permalink / raw)
  To: Olof Johansson
  Cc: Linus Walleij, rjui, linux-gpio@vger.kernel.org,
	Linux Kernel Mailing List, bcm-kernel-feedback-list

On Tue, Dec 9, 2014 at 6:34 AM, Olof Johansson <olof@lixom.net> wrote:
> In one instance the base address of the internal controller state
> structure is passed into a function doing writel to an offset of
> the pointer passed in is used, instead of the register base.
>
> Once I found the bug, I also went back to check for other sparse
> warnings in the file, but found none. This one, however, triggered:
>
> drivers/gpio/gpio-bcm-kona.c:552:47: warning: incorrect type in argument 1 (different address spaces)
> drivers/gpio/gpio-bcm-kona.c:552:47:    expected void [noderef] <asn:2>*reg_base
> drivers/gpio/gpio-bcm-kona.c:552:47:    got struct bcm_kona_gpio *kona_gpio
> drivers/gpio/gpio-bcm-kona.c:556:47: warning: incorrect type in argument 1 (different address spaces)
> drivers/gpio/gpio-bcm-kona.c:556:47:    expected void [noderef] <asn:2>*reg_base
> drivers/gpio/gpio-bcm-kona.c:556:47:    got struct bcm_kona_gpio *kona_gpio
>
> As far as I can tell, this bug has been here for a long time and is
> not new, but I found it when hunting down another heisenbug on this
> platform.

Ouch. Thanks for fixing this.

Reviewed-by: Alexandre Courbot <acourbot@nvidia.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-12-09  3:06 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-08 21:34 [PATCH] gpio: bcm-kona: memory corruption fix Olof Johansson
2014-12-08 23:35 ` Ray Jui
2014-12-09  3:06 ` Alexandre Courbot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox