From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andri Yngvason <andri.yngvason@marel.com>,
Richard Weinberger <richard@nod.at>,
Marc Kleine-Budde <mkl@pengutronix.de>
Subject: [PATCH 4.9 46/67] can: cc770: Fix queue stall & dropped RTR reply
Date: Tue, 27 Mar 2018 18:27:38 +0200 [thread overview]
Message-ID: <20180327162729.725496859@linuxfoundation.org> (raw)
In-Reply-To: <20180327162726.702411083@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andri Yngvason <andri.yngvason@marel.com>
commit 746201235b3f876792099079f4c6fea941d76183 upstream.
While waiting for the TX object to send an RTR, an external message with a
matching id can overwrite the TX data. In this case we must call the rx
routine and then try transmitting the message that was overwritten again.
The queue was being stalled because the RX event did not generate an
interrupt to wake up the queue again and the TX event did not happen
because the TXRQST flag is reset by the chip when new data is received.
According to the CC770 datasheet the id of a message object should not be
changed while the MSGVAL bit is set. This has been fixed by resetting the
MSGVAL bit before modifying the object in the transmit function and setting
it after. It is not enough to set & reset CPUUPD.
It is important to keep the MSGVAL bit reset while the message object is
being modified. Otherwise, during RTR transmission, a frame with matching
id could trigger an rx-interrupt, which would cause a race condition
between the interrupt routine and the transmit function.
Signed-off-by: Andri Yngvason <andri.yngvason@marel.com>
Tested-by: Richard Weinberger <richard@nod.at>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/cc770/cc770.c | 94 +++++++++++++++++++++++++++++-------------
drivers/net/can/cc770/cc770.h | 2
2 files changed, 68 insertions(+), 28 deletions(-)
--- a/drivers/net/can/cc770/cc770.c
+++ b/drivers/net/can/cc770/cc770.c
@@ -390,37 +390,23 @@ static int cc770_get_berr_counter(const
return 0;
}
-static netdev_tx_t cc770_start_xmit(struct sk_buff *skb, struct net_device *dev)
+static void cc770_tx(struct net_device *dev, int mo)
{
struct cc770_priv *priv = netdev_priv(dev);
- struct net_device_stats *stats = &dev->stats;
- struct can_frame *cf = (struct can_frame *)skb->data;
- unsigned int mo = obj2msgobj(CC770_OBJ_TX);
+ struct can_frame *cf = (struct can_frame *)priv->tx_skb->data;
u8 dlc, rtr;
u32 id;
int i;
- if (can_dropped_invalid_skb(dev, skb))
- return NETDEV_TX_OK;
-
- if ((cc770_read_reg(priv,
- msgobj[mo].ctrl1) & TXRQST_UNC) == TXRQST_SET) {
- netdev_err(dev, "TX register is still occupied!\n");
- return NETDEV_TX_BUSY;
- }
-
- netif_stop_queue(dev);
-
dlc = cf->can_dlc;
id = cf->can_id;
- if (cf->can_id & CAN_RTR_FLAG)
- rtr = 0;
- else
- rtr = MSGCFG_DIR;
+ rtr = cf->can_id & CAN_RTR_FLAG ? 0 : MSGCFG_DIR;
+
+ cc770_write_reg(priv, msgobj[mo].ctrl0,
+ MSGVAL_RES | TXIE_RES | RXIE_RES | INTPND_RES);
cc770_write_reg(priv, msgobj[mo].ctrl1,
RMTPND_RES | TXRQST_RES | CPUUPD_SET | NEWDAT_RES);
- cc770_write_reg(priv, msgobj[mo].ctrl0,
- MSGVAL_SET | TXIE_SET | RXIE_RES | INTPND_RES);
+
if (id & CAN_EFF_FLAG) {
id &= CAN_EFF_MASK;
cc770_write_reg(priv, msgobj[mo].config,
@@ -439,13 +425,30 @@ static netdev_tx_t cc770_start_xmit(stru
for (i = 0; i < dlc; i++)
cc770_write_reg(priv, msgobj[mo].data[i], cf->data[i]);
- /* Store echo skb before starting the transfer */
- can_put_echo_skb(skb, dev, 0);
-
cc770_write_reg(priv, msgobj[mo].ctrl1,
- RMTPND_RES | TXRQST_SET | CPUUPD_RES | NEWDAT_UNC);
+ RMTPND_UNC | TXRQST_SET | CPUUPD_RES | NEWDAT_UNC);
+ cc770_write_reg(priv, msgobj[mo].ctrl0,
+ MSGVAL_SET | TXIE_SET | RXIE_SET | INTPND_UNC);
+}
+
+static netdev_tx_t cc770_start_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+ struct cc770_priv *priv = netdev_priv(dev);
+ unsigned int mo = obj2msgobj(CC770_OBJ_TX);
+
+ if (can_dropped_invalid_skb(dev, skb))
+ return NETDEV_TX_OK;
+
+ netif_stop_queue(dev);
+
+ if ((cc770_read_reg(priv,
+ msgobj[mo].ctrl1) & TXRQST_UNC) == TXRQST_SET) {
+ netdev_err(dev, "TX register is still occupied!\n");
+ return NETDEV_TX_BUSY;
+ }
- stats->tx_bytes += dlc;
+ priv->tx_skb = skb;
+ cc770_tx(dev, mo);
return NETDEV_TX_OK;
}
@@ -671,13 +674,47 @@ static void cc770_tx_interrupt(struct ne
struct cc770_priv *priv = netdev_priv(dev);
struct net_device_stats *stats = &dev->stats;
unsigned int mo = obj2msgobj(o);
+ struct can_frame *cf;
+ u8 ctrl1;
+
+ ctrl1 = cc770_read_reg(priv, msgobj[mo].ctrl1);
- /* Nothing more to send, switch off interrupts */
cc770_write_reg(priv, msgobj[mo].ctrl0,
MSGVAL_RES | TXIE_RES | RXIE_RES | INTPND_RES);
+ cc770_write_reg(priv, msgobj[mo].ctrl1,
+ RMTPND_RES | TXRQST_RES | MSGLST_RES | NEWDAT_RES);
- stats->tx_packets++;
+ if (unlikely(!priv->tx_skb)) {
+ netdev_err(dev, "missing tx skb in tx interrupt\n");
+ return;
+ }
+
+ if (unlikely(ctrl1 & MSGLST_SET)) {
+ stats->rx_over_errors++;
+ stats->rx_errors++;
+ }
+
+ /* When the CC770 is sending an RTR message and it receives a regular
+ * message that matches the id of the RTR message, it will overwrite the
+ * outgoing message in the TX register. When this happens we must
+ * process the received message and try to transmit the outgoing skb
+ * again.
+ */
+ if (unlikely(ctrl1 & NEWDAT_SET)) {
+ cc770_rx(dev, mo, ctrl1);
+ cc770_tx(dev, mo);
+ return;
+ }
+
+ can_put_echo_skb(priv->tx_skb, dev, 0);
can_get_echo_skb(dev, 0);
+
+ cf = (struct can_frame *)priv->tx_skb->data;
+ stats->tx_bytes += cf->can_dlc;
+ stats->tx_packets++;
+
+ priv->tx_skb = NULL;
+
netif_wake_queue(dev);
}
@@ -789,6 +826,7 @@ struct net_device *alloc_cc770dev(int si
priv->can.do_set_bittiming = cc770_set_bittiming;
priv->can.do_set_mode = cc770_set_mode;
priv->can.ctrlmode_supported = CAN_CTRLMODE_3_SAMPLES;
+ priv->tx_skb = NULL;
memcpy(priv->obj_flags, cc770_obj_flags, sizeof(cc770_obj_flags));
--- a/drivers/net/can/cc770/cc770.h
+++ b/drivers/net/can/cc770/cc770.h
@@ -193,6 +193,8 @@ struct cc770_priv {
u8 cpu_interface; /* CPU interface register */
u8 clkout; /* Clock out register */
u8 bus_config; /* Bus conffiguration register */
+
+ struct sk_buff *tx_skb;
};
struct net_device *alloc_cc770dev(int sizeof_priv);
next prev parent reply other threads:[~2018-03-27 16:27 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-27 16:26 [PATCH 4.9 00/67] 4.9.91-stable review Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 01/67] MIPS: ralink: Remove ralink_halt() Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 02/67] iio: st_pressure: st_accel: pass correct platform data to init Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 03/67] ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 04/67] ALSA: aloop: Sync stale timer before release Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 05/67] ALSA: aloop: Fix access to not-yet-ready substream via cable Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 06/67] ALSA: hda/realtek - Always immediately update mute LED with pin VREF Greg Kroah-Hartman
2018-03-27 16:26 ` [PATCH 4.9 07/67] mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 08/67] PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 09/67] ahci: Add PCI-id for the Highpoint Rocketraid 644L card Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 10/67] clk: bcm2835: Fix ana->maskX definitions Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 11/67] clk: bcm2835: Protect sections updating shared registers Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 12/67] clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 13/67] Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 14/67] libata: fix length validation of ATAPI-relayed SCSI commands Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 15/67] libata: remove WARN() for DMA or PIO command without data Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 16/67] libata: dont try to pass through NCQ commands to non-NCQ devices Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 17/67] libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 18/67] libata: disable LPM for Crucial BX100 SSD 500GB drive Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 19/67] libata: Enable queued TRIM for Samsung SSD 860 Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 20/67] libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 21/67] libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 22/67] libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 23/67] nfsd: remove blocked locks on client teardown Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 24/67] mm/vmalloc: add interfaces to free unmapped page table Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 25/67] x86/mm: implement free pmd/pte page interfaces Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 26/67] mm/khugepaged.c: convert VM_BUG_ON() to collapse fail Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 27/67] mm/thp: do not wait for lock_page() in deferred_split_scan() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 28/67] mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 29/67] drm/vmwgfx: Fix a destoy-while-held mutex problem Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 30/67] drm/radeon: Dont turn off DP sink when disconnected Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 31/67] drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 32/67] acpi, numa: fix pxm to online numa node associations Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 33/67] ACPI / watchdog: Fix off-by-one error at resource assignment Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 34/67] libnvdimm, {btt, blk}: do integrity setup before add_disk() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 35/67] brcmfmac: fix P2P_DEVICE ethernet address generation Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 36/67] rtlwifi: rtl8723be: Fix loss of signal Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 37/67] tracing: probeevent: Fix to support minus offset from symbol Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 38/67] mtdchar: fix usage of mtd_ooblayout_ecc() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 39/67] mtd: nand: fsl_ifc: Fix nand waitfunc return value Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 40/67] mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 41/67] mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0 Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 42/67] staging: ncpfs: memory corruption in ncp_read_kernel() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 43/67] can: ifi: Repair the error handling Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 44/67] can: ifi: Check core revision upon probe Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 45/67] can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack Greg Kroah-Hartman
2018-03-27 16:27 ` Greg Kroah-Hartman [this message]
2018-03-27 16:27 ` [PATCH 4.9 47/67] can: cc770: Fix use after free in cc770_tx_interrupt() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 48/67] tty: vt: fix up tabstops properly Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 49/67] selftests/x86/ptrace_syscall: Fix for yet more glibc interference Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 50/67] kvm/x86: fix icebp instruction handling Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 51/67] x86/build/64: Force the linker to use 2MB page size Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 52/67] x86/boot/64: Verify alignment of the LOAD segment Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 53/67] x86/entry/64: Dont use IST entry for #BP stack Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 54/67] perf/x86/intel/uncore: Fix Skylake UPI event format Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 55/67] perf stat: Fix CVS output format for non-supported counters Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 56/67] perf/x86/intel: Dont accidentally clear high bits in bdw_limit_period() Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 57/67] perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 58/67] iio: ABI: Fix name of timestamp sysfs file Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 59/67] staging: lustre: ptlrpc: kfree used instead of kvfree Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 60/67] selftests, x86, protection_keys: fix wrong offset in siginfo Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 61/67] selftests/x86/protection_keys: Fix syscall NR redefinition warnings Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 62/67] signal/testing: Dont look for __SI_FAULT in userspace Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 63/67] x86/pkeys/selftests: Rename si_pkey to siginfo_pkey Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 64/67] selftests: x86: sysret_ss_attrs doesnt build on a PIE build Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 65/67] kbuild: disable clangs default use of -fmerge-all-constants Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 66/67] bpf: skip unnecessary capability check Greg Kroah-Hartman
2018-03-27 16:27 ` [PATCH 4.9 67/67] bpf, x64: increase number of passes Greg Kroah-Hartman
2018-03-27 22:58 ` [PATCH 4.9 00/67] 4.9.91-stable review Shuah Khan
2018-03-28 0:21 ` kernelci.org bot
2018-03-28 1:35 ` Dan Rue
2018-03-28 8:21 ` Greg Kroah-Hartman
2018-03-28 15:50 ` Dan Rue
2018-03-28 16:21 ` Greg Kroah-Hartman
2018-03-28 18:28 ` Dan Rue
2018-03-28 19:24 ` Greg Kroah-Hartman
2018-03-28 14:04 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180327162729.725496859@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andri.yngvason@marel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mkl@pengutronix.de \
--cc=richard@nod.at \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).