From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
To: Bjorn Andersson <quic_bjorande@quicinc.com>
Cc: Sebastian Reichel <sre@kernel.org>,
Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konrad.dybcio@linaro.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Neil Armstrong <neil.armstrong@linaro.org>,
Johan Hovold <johan+linaro@kernel.org>,
Chris Lew <quic_clew@quicinc.com>,
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>,
Stephen Boyd <swboyd@chromium.org>,
Amit Pundir <amit.pundir@linaro.org>,
linux-arm-msm@vger.kernel.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH 2/3] usb: typec: ucsi: Move unregister out of atomic section
Date: Mon, 19 Aug 2024 16:27:56 +0300 [thread overview]
Message-ID: <ZsNIXHRvCvWCNk3O@kuha.fi.intel.com> (raw)
In-Reply-To: <20240818-pmic-glink-v6-11-races-v1-2-f87c577e0bc9@quicinc.com>
On Sun, Aug 18, 2024 at 04:17:38PM -0700, Bjorn Andersson wrote:
> Commit 'caa855189104 ("soc: qcom: pmic_glink: Fix race during
> initialization")' moved the pmic_glink client list under a spinlock, as
> it is accessed by the rpmsg/glink callback, which in turn is invoked
> from IRQ context.
>
> This means that ucsi_unregister() is now called from IRQ context, which
> isn't feasible as it's expecting a sleepable context. An effort is under
> way to get GLINK to invoke its callbacks in a sleepable context, but
> until then lets schedule the unregistration.
>
> A side effect of this is that ucsi_unregister() can now happen
> after the remote processor, and thereby the communication link with it, is
> gone. pmic_glink_send() is amended with a check to avoid the resulting
> NULL pointer dereference, but it becomes expecting to see a failing send
> upon shutting down the remote processor (e.g. during a restart following
> a firmware crash):
>
> ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5
>
> Fixes: caa855189104 ("soc: qcom: pmic_glink: Fix race during initialization")
> Cc: stable@vger.kernel.org
> Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
> ---
> drivers/soc/qcom/pmic_glink.c | 10 +++++++++-
> drivers/usb/typec/ucsi/ucsi_glink.c | 28 +++++++++++++++++++++++-----
> 2 files changed, 32 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c
> index 58ec91767d79..e4747f1d3da5 100644
> --- a/drivers/soc/qcom/pmic_glink.c
> +++ b/drivers/soc/qcom/pmic_glink.c
> @@ -112,8 +112,16 @@ EXPORT_SYMBOL_GPL(pmic_glink_register_client);
> int pmic_glink_send(struct pmic_glink_client *client, void *data, size_t len)
> {
> struct pmic_glink *pg = client->pg;
> + int ret;
>
> - return rpmsg_send(pg->ept, data, len);
> + mutex_lock(&pg->state_lock);
> + if (!pg->ept)
> + ret = -ECONNRESET;
> + else
> + ret = rpmsg_send(pg->ept, data, len);
> + mutex_unlock(&pg->state_lock);
> +
> + return ret;
> }
> EXPORT_SYMBOL_GPL(pmic_glink_send);
>
> diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c
> index ac53a81c2a81..a33056eec83d 100644
> --- a/drivers/usb/typec/ucsi/ucsi_glink.c
> +++ b/drivers/usb/typec/ucsi/ucsi_glink.c
> @@ -68,6 +68,9 @@ struct pmic_glink_ucsi {
>
> struct work_struct notify_work;
> struct work_struct register_work;
> + spinlock_t state_lock;
> + unsigned int pdr_state;
> + unsigned int new_pdr_state;
>
> u8 read_buf[UCSI_BUF_SIZE];
> };
> @@ -244,8 +247,22 @@ static void pmic_glink_ucsi_notify(struct work_struct *work)
> static void pmic_glink_ucsi_register(struct work_struct *work)
> {
> struct pmic_glink_ucsi *ucsi = container_of(work, struct pmic_glink_ucsi, register_work);
> + unsigned long flags;
> + unsigned int new_state;
> +
> + spin_lock_irqsave(&ucsi->state_lock, flags);
> + new_state = ucsi->new_pdr_state;
> + spin_unlock_irqrestore(&ucsi->state_lock, flags);
> +
> + if (ucsi->pdr_state != SERVREG_SERVICE_STATE_UP) {
> + if (new_state == SERVREG_SERVICE_STATE_UP)
> + ucsi_register(ucsi->ucsi);
> + } else {
> + if (new_state == SERVREG_SERVICE_STATE_DOWN)
> + ucsi_unregister(ucsi->ucsi);
> + }
>
> - ucsi_register(ucsi->ucsi);
> + ucsi->pdr_state = new_state;
> }
>
> static void pmic_glink_ucsi_callback(const void *data, size_t len, void *priv)
> @@ -269,11 +286,12 @@ static void pmic_glink_ucsi_callback(const void *data, size_t len, void *priv)
> static void pmic_glink_ucsi_pdr_notify(void *priv, int state)
> {
> struct pmic_glink_ucsi *ucsi = priv;
> + unsigned long flags;
>
> - if (state == SERVREG_SERVICE_STATE_UP)
> - schedule_work(&ucsi->register_work);
> - else if (state == SERVREG_SERVICE_STATE_DOWN)
> - ucsi_unregister(ucsi->ucsi);
> + spin_lock_irqsave(&ucsi->state_lock, flags);
> + ucsi->new_pdr_state = state;
> + spin_unlock_irqrestore(&ucsi->state_lock, flags);
> + schedule_work(&ucsi->register_work);
> }
>
> static void pmic_glink_ucsi_destroy(void *data)
>
> --
> 2.34.1
--
heikki
next prev parent reply other threads:[~2024-08-19 13:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-18 23:17 [PATCH 0/3] soc: qcom: pmic_glink: v6.11-rc bug fixes Bjorn Andersson
2024-08-18 23:17 ` [PATCH 1/3] soc: qcom: pmic_glink: Fix race during initialization Bjorn Andersson
2024-08-19 9:15 ` Neil Armstrong
2024-08-19 13:20 ` Heikki Krogerus
2024-08-18 23:17 ` [PATCH 2/3] usb: typec: ucsi: Move unregister out of atomic section Bjorn Andersson
2024-08-19 1:16 ` Dmitry Baryshkov
2024-08-19 3:05 ` Bjorn Andersson
2024-08-19 7:32 ` Dmitry Baryshkov
2024-08-19 9:16 ` Neil Armstrong
2024-08-19 13:27 ` Heikki Krogerus [this message]
2024-08-19 15:06 ` Johan Hovold
2024-08-19 16:45 ` Bjorn Andersson
2024-08-20 6:34 ` Johan Hovold
2024-08-19 15:33 ` Johan Hovold
2024-08-18 23:17 ` [PATCH 3/3] soc: qcom: pmic_glink: Actually communicate with remote goes down Bjorn Andersson
2024-08-19 1:09 ` Dmitry Baryshkov
2024-08-19 9:16 ` Neil Armstrong
2024-08-19 13:33 ` Heikki Krogerus
2024-08-19 10:12 ` [PATCH 0/3] soc: qcom: pmic_glink: v6.11-rc bug fixes Amit Pundir
2024-08-19 14:07 ` Greg Kroah-Hartman
2024-08-19 14:56 ` Bjorn Andersson
2024-08-19 15:48 ` Johan Hovold
2024-08-19 16:53 ` Bjorn Andersson
2024-08-20 7:31 ` Johan Hovold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZsNIXHRvCvWCNk3O@kuha.fi.intel.com \
--to=heikki.krogerus@linux.intel.com \
--cc=amit.pundir@linaro.org \
--cc=andersson@kernel.org \
--cc=dmitry.baryshkov@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=johan+linaro@kernel.org \
--cc=konrad.dybcio@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=neil.armstrong@linaro.org \
--cc=quic_bjorande@quicinc.com \
--cc=quic_clew@quicinc.com \
--cc=sre@kernel.org \
--cc=stable@vger.kernel.org \
--cc=swboyd@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox