* [PATCH V3 0/2] Fix RX cancel command failure @ 2020-03-06 6:47 satya priya 2020-03-06 6:47 ` [PATCH V3 1/2] tty: serial: qcom_geni_serial: Allocate port->rx_fifo buffer in probe satya priya 2020-03-06 6:47 ` [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure satya priya 0 siblings, 2 replies; 7+ messages in thread From: satya priya @ 2020-03-06 6:47 UTC (permalink / raw) To: gregkh Cc: swboyd, mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy, satya priya Changes in V2: - Add patch to allocate port->rx_fifo buffer in probe to resolve NULL pointer dereference crash reported by stephen. The crash is caused due to set_termios call starting RX engine and RX engine is sampling some garbage data from line, and by the time startup is called, we have few data to read but port->rx_fifo buffer is not allocated causing NULL pointer dereference. Changes in V3: - As per Stephen's comment, change the declaration of rx_fifo pointer from u32 to void. satya priya (2): tty: serial: qcom_geni_serial: Allocate port->rx_fifo buffer in probe tty: serial: qcom_geni_serial: Fix RX cancel command failure drivers/tty/serial/qcom_geni_serial.c | 37 ++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 14 deletions(-) -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH V3 1/2] tty: serial: qcom_geni_serial: Allocate port->rx_fifo buffer in probe 2020-03-06 6:47 [PATCH V3 0/2] Fix RX cancel command failure satya priya @ 2020-03-06 6:47 ` satya priya 2020-03-06 6:47 ` [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure satya priya 1 sibling, 0 replies; 7+ messages in thread From: satya priya @ 2020-03-06 6:47 UTC (permalink / raw) To: gregkh Cc: swboyd, mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy, satya priya To fix the RX cancel command failure, rx_fifo buffer needs to be flushed in stop_rx() by calling handle_rx().In handle_rx() the data in rx_fifo buffer is read and then dropped, not sent to upper layers. If set_termios is called before startup, by this time memory is not allocated to port->rx_fifo buffer, which leads to a NULL pointer dereference. To avoid this NULL pointer dereference allocate memory to port->rx_fifo in probe itself. Signed-off-by: satya priya <skakit@codeaurora.org> Reported-by: Stephen Boyd <swboyd@chromium.org> --- Changes in V3: - As per Stephen's comment, change the declaration of rx_fifo pointer to void pointer. drivers/tty/serial/qcom_geni_serial.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 191abb1..f74f8a8 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -113,7 +113,7 @@ struct qcom_geni_serial_port { unsigned int baud; unsigned int tx_bytes_pw; unsigned int rx_bytes_pw; - u32 *rx_fifo; + void *rx_fifo; u32 loopback; bool brk; @@ -504,7 +504,6 @@ static int handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) static int handle_rx_uart(struct uart_port *uport, u32 bytes, bool drop) { - unsigned char *buf; struct tty_port *tport; struct qcom_geni_serial_port *port = to_dev_port(uport, uport); u32 num_bytes_pw = port->tx_fifo_width / BITS_PER_BYTE; @@ -516,8 +515,7 @@ static int handle_rx_uart(struct uart_port *uport, u32 bytes, bool drop) if (drop) return 0; - buf = (unsigned char *)port->rx_fifo; - ret = tty_insert_flip_string(tport, buf, bytes); + ret = tty_insert_flip_string(tport, port->rx_fifo, bytes); if (ret != bytes) { dev_err(uport->dev, "%s:Unable to push data ret %d_bytes %d\n", __func__, ret, bytes); @@ -858,12 +856,6 @@ static int qcom_geni_serial_port_setup(struct uart_port *uport) false, false, true); geni_se_init(&port->se, UART_RX_WM, port->rx_fifo_depth - 2); geni_se_select_mode(&port->se, GENI_SE_FIFO); - if (!uart_console(uport)) { - port->rx_fifo = devm_kcalloc(uport->dev, - port->rx_fifo_depth, sizeof(u32), GFP_KERNEL); - if (!port->rx_fifo) - return -ENOMEM; - } port->setup = true; return 0; @@ -1274,6 +1266,13 @@ static int qcom_geni_serial_probe(struct platform_device *pdev) port->rx_fifo_depth = DEF_FIFO_DEPTH_WORDS; port->tx_fifo_width = DEF_FIFO_WIDTH_BITS; + if (!console) { + port->rx_fifo = devm_kcalloc(uport->dev, + port->rx_fifo_depth, sizeof(u32), GFP_KERNEL); + if (!port->rx_fifo) + return -ENOMEM; + } + port->name = devm_kasprintf(uport->dev, GFP_KERNEL, "qcom_geni_serial_%s%d", uart_console(uport) ? "console" : "uart", uport->line); -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure 2020-03-06 6:47 [PATCH V3 0/2] Fix RX cancel command failure satya priya 2020-03-06 6:47 ` [PATCH V3 1/2] tty: serial: qcom_geni_serial: Allocate port->rx_fifo buffer in probe satya priya @ 2020-03-06 6:47 ` satya priya 2020-03-09 6:41 ` Stephen Boyd 2020-03-12 9:10 ` Greg KH 1 sibling, 2 replies; 7+ messages in thread From: satya priya @ 2020-03-06 6:47 UTC (permalink / raw) To: gregkh Cc: swboyd, mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy, satya priya RX cancel command fails when BT is switched on and off multiple times. To handle this, poll for the cancel bit in SE_GENI_S_IRQ_STATUS register instead of SE_GENI_S_CMD_CTRL_REG. As per the HPG update, handle the RX last bit after cancel command and flush out the RX FIFO buffer. Signed-off-by: satya priya <skakit@codeaurora.org> --- drivers/tty/serial/qcom_geni_serial.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f74f8a8..d5621b6 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -129,6 +129,7 @@ static int handle_rx_console(struct uart_port *uport, u32 bytes, bool drop); static int handle_rx_uart(struct uart_port *uport, u32 bytes, bool drop); static unsigned int qcom_geni_serial_tx_empty(struct uart_port *port); static void qcom_geni_serial_stop_rx(struct uart_port *uport); +static void qcom_geni_serial_handle_rx(struct uart_port *uport, bool drop); static const unsigned long root_freq[] = {7372800, 14745600, 19200000, 29491200, 32000000, 48000000, 64000000, 80000000, @@ -597,7 +598,7 @@ static void qcom_geni_serial_stop_rx(struct uart_port *uport) u32 irq_en; u32 status; struct qcom_geni_serial_port *port = to_dev_port(uport, uport); - u32 irq_clear = S_CMD_DONE_EN; + u32 s_irq_status; irq_en = readl(uport->membase + SE_GENI_S_IRQ_EN); irq_en &= ~(S_RX_FIFO_WATERMARK_EN | S_RX_FIFO_LAST_EN); @@ -613,10 +614,19 @@ static void qcom_geni_serial_stop_rx(struct uart_port *uport) return; geni_se_cancel_s_cmd(&port->se); - qcom_geni_serial_poll_bit(uport, SE_GENI_S_CMD_CTRL_REG, - S_GENI_CMD_CANCEL, false); + qcom_geni_serial_poll_bit(uport, SE_GENI_S_IRQ_STATUS, + S_CMD_CANCEL_EN, true); + /* + * If timeout occurs secondary engine remains active + * and Abort sequence is executed. + */ + s_irq_status = readl(uport->membase + SE_GENI_S_IRQ_STATUS); + /* Flush the Rx buffer */ + if (s_irq_status & S_RX_FIFO_LAST_EN) + qcom_geni_serial_handle_rx(uport, true); + writel(s_irq_status, uport->membase + SE_GENI_S_IRQ_CLEAR); + status = readl(uport->membase + SE_GENI_STATUS); - writel(irq_clear, uport->membase + SE_GENI_S_IRQ_CLEAR); if (status & S_GENI_CMD_ACTIVE) qcom_geni_serial_abort_rx(uport); } -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure 2020-03-06 6:47 ` [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure satya priya @ 2020-03-09 6:41 ` Stephen Boyd 2020-03-12 9:10 ` Greg KH 1 sibling, 0 replies; 7+ messages in thread From: Stephen Boyd @ 2020-03-09 6:41 UTC (permalink / raw) To: gregkh, satya priya Cc: mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy, satya priya Quoting satya priya (2020-03-05 22:47:08) > RX cancel command fails when BT is switched on and off multiple times. > > To handle this, poll for the cancel bit in SE_GENI_S_IRQ_STATUS register > instead of SE_GENI_S_CMD_CTRL_REG. > > As per the HPG update, handle the RX last bit after cancel command > and flush out the RX FIFO buffer. > > Signed-off-by: satya priya <skakit@codeaurora.org> > --- Reviewed-by: Stephen Boyd <swboyd@chromium.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure 2020-03-06 6:47 ` [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure satya priya 2020-03-09 6:41 ` Stephen Boyd @ 2020-03-12 9:10 ` Greg KH 2020-03-13 13:53 ` skakit 1 sibling, 1 reply; 7+ messages in thread From: Greg KH @ 2020-03-12 9:10 UTC (permalink / raw) To: satya priya Cc: swboyd, mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy On Fri, Mar 06, 2020 at 12:17:08PM +0530, satya priya wrote: > RX cancel command fails when BT is switched on and off multiple times. > > To handle this, poll for the cancel bit in SE_GENI_S_IRQ_STATUS register > instead of SE_GENI_S_CMD_CTRL_REG. > > As per the HPG update, handle the RX last bit after cancel command > and flush out the RX FIFO buffer. > > Signed-off-by: satya priya <skakit@codeaurora.org> > Reviewed-by: Stephen Boyd <swboyd@chromium.org> > --- > drivers/tty/serial/qcom_geni_serial.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) This patch didn't apply :( ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure 2020-03-12 9:10 ` Greg KH @ 2020-03-13 13:53 ` skakit 2020-03-14 8:07 ` Greg KH 0 siblings, 1 reply; 7+ messages in thread From: skakit @ 2020-03-13 13:53 UTC (permalink / raw) To: Greg KH Cc: swboyd, mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy On 2020-03-12 14:40, Greg KH wrote: > On Fri, Mar 06, 2020 at 12:17:08PM +0530, satya priya wrote: >> RX cancel command fails when BT is switched on and off multiple times. >> >> To handle this, poll for the cancel bit in SE_GENI_S_IRQ_STATUS >> register >> instead of SE_GENI_S_CMD_CTRL_REG. >> >> As per the HPG update, handle the RX last bit after cancel command >> and flush out the RX FIFO buffer. >> >> Signed-off-by: satya priya <skakit@codeaurora.org> >> Reviewed-by: Stephen Boyd <swboyd@chromium.org> >> --- >> drivers/tty/serial/qcom_geni_serial.c | 18 ++++++++++++++---- >> 1 file changed, 14 insertions(+), 4 deletions(-) > > This patch didn't apply :( V1 of this patch is already picked in tty-next tree(commit id: 679aac5ead2f18d223554a52b543e1195e181811). There is no change in this patch from V1 to V3[2/2]. There is a crash reported by Stephen with V1, to resolve that we posted next versions adding this patch https://patchwork.kernel.org/patch/11423231/, that is, V3[1/2]. So now only V3[1/2] needs to be picked. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure 2020-03-13 13:53 ` skakit @ 2020-03-14 8:07 ` Greg KH 0 siblings, 0 replies; 7+ messages in thread From: Greg KH @ 2020-03-14 8:07 UTC (permalink / raw) To: skakit Cc: swboyd, mgautam, linux-arm-msm, linux-serial, akashast, rojay, msavaliy On Fri, Mar 13, 2020 at 07:23:50PM +0530, skakit@codeaurora.org wrote: > On 2020-03-12 14:40, Greg KH wrote: > > On Fri, Mar 06, 2020 at 12:17:08PM +0530, satya priya wrote: > > > RX cancel command fails when BT is switched on and off multiple times. > > > > > > To handle this, poll for the cancel bit in SE_GENI_S_IRQ_STATUS > > > register > > > instead of SE_GENI_S_CMD_CTRL_REG. > > > > > > As per the HPG update, handle the RX last bit after cancel command > > > and flush out the RX FIFO buffer. > > > > > > Signed-off-by: satya priya <skakit@codeaurora.org> > > > Reviewed-by: Stephen Boyd <swboyd@chromium.org> > > > --- > > > drivers/tty/serial/qcom_geni_serial.c | 18 ++++++++++++++---- > > > 1 file changed, 14 insertions(+), 4 deletions(-) > > > > This patch didn't apply :( > > V1 of this patch is already picked in tty-next tree(commit id: > 679aac5ead2f18d223554a52b543e1195e181811). There is no change in this patch > from V1 to V3[2/2]. > There is a crash reported by Stephen with V1, to resolve that we posted next > versions adding this patch https://patchwork.kernel.org/patch/11423231/, > that is, V3[1/2]. So now only V3[1/2] needs to be picked. Ok, and I picked that up already, right? Please be kind to maintainers and make it obvious what you want them to do... thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-03-15 2:24 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-03-06 6:47 [PATCH V3 0/2] Fix RX cancel command failure satya priya 2020-03-06 6:47 ` [PATCH V3 1/2] tty: serial: qcom_geni_serial: Allocate port->rx_fifo buffer in probe satya priya 2020-03-06 6:47 ` [PATCH V3 2/2] tty: serial: qcom_geni_serial: Fix RX cancel command failure satya priya 2020-03-09 6:41 ` Stephen Boyd 2020-03-12 9:10 ` Greg KH 2020-03-13 13:53 ` skakit 2020-03-14 8:07 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).