The PRU firmware interrupt mappings are configured and unconfigured in
.start() and .stop() callbacks respectively using the variables 'evt_count'
and a 'mapped_irq' pointer. These variables are modified only during these
callbacks but are not re-initialized/reset properly during unwind or
failure paths. These stale values caused a kernel crash while stopping a
PRU remoteproc running a different firmware with no events on a subsequent
run after a previous run that was running a firmware with events.
Fix this crash by ensuring that the evt_count is 0 and the mapped_irq
pointer is set to NULL in pru_dispose_irq_mapping(). Also, reset these
variables properly during any failures in the .start() callback. While
at this, the pru_dispose_irq_mapping() callsites are all made to look
the same, moving any conditional logic to inside the function.
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Fixes: c75c9fdac6 ("remoteproc: pru: Add support for PRU specific interrupt configuration")
Reported-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Suman Anna <s-anna@ti.com>
Link: https://lore.kernel.org/r/20210407155641.5501-4-s-anna@ti.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The irq_create_fwspec_mapping() returns a proper virq value on success
and 0 upon any failure. The pru_handle_intrmap() treats this as an error
and disposes all firmware event mappings correctly, but is returning
this incorrect value as is, letting the pru_rproc_start() interpret it
as a success and boot the PRU.
Fix this by returning an error value back upon any such failure. While
at this, revise the error trace to print some meaningful info about the
failed event.
Fixes: c75c9fdac6 ("remoteproc: pru: Add support for PRU specific interrupt configuration")
Signed-off-by: Suman Anna <s-anna@ti.com>
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20210407155641.5501-3-s-anna@ti.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The PRU firmware interrupt mapping logic in pru_handle_intrmap() uses
of_irq_find_parent() with PRU device node to get a handle to the PRUSS
Interrupt Controller at present. This logic however requires that the
PRU nodes always define a interrupt-parent property. This property is
neither a required/defined property as per the PRU remoteproc binding,
nor is relevant from a DT node point of view without any associated
interrupts. The current logic finds a wrong interrupt controller and
fails to perform proper mapping without any interrupt-parent property
in the PRU nodes.
Fix this logic to always find and use the sibling interrupt controller.
Also, while at this, fix the acquired interrupt controller device node
reference properly.
Fixes: c75c9fdac6 ("remoteproc: pru: Add support for PRU specific interrupt configuration")
Signed-off-by: Suman Anna <s-anna@ti.com>
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20210407155641.5501-2-s-anna@ti.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
When a remote processor that was attached to is stopped, special care
must be taken to make sure the shutdown process is similar to what
it would be had it been started by the remoteproc core.
This patch takes care of that by making a copy of the resource
table currently used by the remote processor. From that point on
the copy is used, as if the remote processor had been started by
the remoteproc core.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20210312162453.1234145-13-mathieu.poirier@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Move the setting of the resource table installed by an external
entity to rproc_ops::get_loaded_rsc_table(). This is to support
scenarios where a remote processor has been attached to but is
detached at a later stage. To re-attach the remote processor,
the address of the resource table needs to be available
at a later time than the platform driver's probe() function.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Link: https://lore.kernel.org/r/20210312162453.1234145-7-mathieu.poirier@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Whether started at probe() time or thereafter from the command
line, a remote processor needs to be shut down before the final
cleanup phases can happen. Otherwise the system may be left in
an unpredictable state where the remote processor is expecting
the remoteproc core to be providing services when in fact it
no longer exist.
Invariably calling rproc_shutdown() is fine since it will return
immediately if the remote processor has already been switched
off.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Link: https://lore.kernel.org/r/20210312162453.1234145-2-mathieu.poirier@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
There are four different callback functions that are used for the
rproc_handle_resource_t callback that all have different second
parameter types.
rproc_handle_vdev -> struct fw_rsc_vdev
rproc_handle_trace -> struct fw_rsc_trace
rproc_handle_devmem -> struct fw_rsc_devmem
rproc_handle_carveout -> struct fw_rsc_carveout
These callbacks are cast to rproc_handle_resource_t so that there is no
error about incompatible pointer types. Unfortunately, this is a Clang's
Control-Flow Integrity checking violation, which verifies that the
callback function's types match the prototypes exactly before jumping.
[ 7.275750] Kernel panic - not syncing: CFI failure (target: rproc_handle_vdev+0x0/0x4)
[ 7.283763] CPU: 2 PID: 1 Comm: init Tainted: G C O 5.4.70-03301-g527af2c96672 #17
[ 7.292463] Hardware name: NXP i.MX8MPlus EVK board (DT)
[ 7.297779] Call trace:
[ 7.300232] dump_backtrace.cfi_jt+0x0/0x4
[ 7.304337] show_stack+0x18/0x24
[ 7.307660] dump_stack+0xb8/0x114
[ 7.311069] panic+0x164/0x3d4
[ 7.314130] __ubsan_handle_cfi_check_fail_abort+0x0/0x14
[ 7.319533] perf_proc_update_handler+0x0/0xcc
[ 7.323983] __cfi_check+0x63278/0x6a290
[ 7.327913] rproc_boot+0x3f8/0x738
[ 7.331404] rproc_add+0x68/0x110
[ 7.334738] imx_rproc_probe+0x5e4/0x708 [imx_rproc]
[ 7.339711] platform_drv_probe+0xac/0xf0
[ 7.343726] really_probe+0x260/0x65c
[ 7.347393] driver_probe_device+0x64/0x100
[ 7.351580] device_driver_attach+0x6c/0xac
[ 7.355766] __driver_attach+0xdc/0x184
[ 7.359609] bus_for_each_dev+0x98/0x104
[ 7.363537] driver_attach+0x24/0x30
[ 7.367117] bus_add_driver+0x100/0x1e0
[ 7.370958] driver_register+0x78/0x114
[ 7.374800] __platform_driver_register+0x44/0x50
[ 7.379514] init_module+0x20/0xfe8 [imx_rproc]
[ 7.384049] do_one_initcall+0x190/0x348
[ 7.387979] do_init_module+0x5c/0x210
[ 7.391731] load_module+0x2fbc/0x3590
[ 7.395485] __arm64_sys_finit_module+0xb8/0xec
[ 7.400025] el0_svc_common+0xb4/0x19c
[ 7.403777] el0_svc_handler+0x74/0x98
[ 7.407531] el0_svc+0x8/0xc
[ 7.410419] SMP: stopping secondary CPUs
[ 7.414648] Kernel Offset: disabled
[ 7.418142] CPU features: 0x00010002,2000200c
[ 7.422501] Memory Limit: none
To fix this, change the second parameter of all functions to void * and
use a local variable with the correct type so that everything works
properly. With this, we can remove casting to rproc_handle_resource_t
for these functions.
Signed-off-by: Jindong Yue <jindong.yue@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20210224055825.7417-1-jindong.yue@nxp.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Pull rdma fixes from Jason Gunthorpe:
"Nothing special here, though Bob's regression fixes for rxe would have
made it before the rc cycle had there not been such strong winter
weather!
- Fix corner cases in the rxe reference counting cleanup that are
causing regressions in blktests for SRP
- Two kdoc fixes so W=1 is clean
- Missing error return in error unwind for mlx5
- Wrong lock type nesting in IB CM"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/rxe: Fix errant WARN_ONCE in rxe_completer()
RDMA/rxe: Fix extra deref in rxe_rcv_mcast_pkt()
RDMA/rxe: Fix missed IB reference counting in loopback
RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc
RDMA/mlx5: Set correct kernel-doc identifier
IB/mlx5: Add missing error code
RDMA/rxe: Fix missing kconfig dependency on CRYPTO
RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep
Pull gcc-plugins fixes from Kees Cook:
"Tiny gcc-plugin fixes for v5.12-rc2. These issues are small but have
been reported a couple times now by static analyzers, so best to get
them fixed to reduce the noise. :)
- Fix coding style issues (Jason Yan)"
* tag 'gcc-plugins-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: latent_entropy: remove unneeded semicolon
gcc-plugins: structleak: remove unneeded variable 'ret'
