[5.10,002/299] bus: mhi: core: Clear configuration from channel context during reset

Message ID	20210510102004.900838842@linuxfoundation.org
State	New
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Bhaumik Bhatt <bbhatt@codeaurora.org>, Hemant Kumar <hemantk@codeaurora.org>, Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Subject: [PATCH 5.10 002/299] bus: mhi: core: Clear configuration from channel context during reset Date: Mon, 10 May 2021 12:16:39 +0200 Message-Id: <20210510102004.900838842@linuxfoundation.org> In-Reply-To: <20210510102004.821838356@linuxfoundation.org> References: <20210510102004.821838356@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [5.10,002/299] bus: mhi: core: Clear configuration from channel context during reset [5.10,004/299] nitro_enclaves: Fix stale file descriptors on failed usercopy [5.10,006/299] s390/disassembler: increase ebpf disasm buffer size [5.10,008/299] vhost-vdpa: fix vm_flags for virtqueue doorbell mapping [5.10,010/299] ACPI: custom_method: fix potential use-after-free issue [5.10,012/299] ftrace: Handle commands when closing set_ftrace_filter file [5.10,017/299] fs/epoll: restore waking from ep_done_scan() [5.10,018/299] mtd: spi-nor: core: Fix an issue of releasing resources during read/write [5.10,022/299] mtd: physmap: physmap-bt1-rom: Fix unintentional stack access [5.10,023/299] erofs: add unsupported inode i_format check [5.10,025/299] spi: spi-ti-qspi: Free DMA resources [5.10,027/299] scsi: mpt3sas: Block PCI config access from userspace during reset [5.10,029/299] mmc: uniphier-sd: Fix a resource leak in the remove function [5.10,031/299] mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers [5.10,033/299] mmc: block: Update ext_csd.cache_ctrl if it was written [5.10,035/299] mmc: core: Do a power cycle when the CMD11 fails [5.10,037/299] mmc: core: Fix hanging on I/O during system suspend for removable cards [5.10,038/299] irqchip/gic-v3: Do not enable irqs when handling spurious interrups [5.10,039/299] cifs: Return correct error code from smb2_get_enc_key [5.10,042/299] smb2: fix use-after-free in smb2_ioctl_query_info() [5.10,043/299] btrfs: handle remount to no compress during compression [5.10,044/299] x86/build: Disable HIGHMEM64G selection for M486SX [5.10,047/299] btrfs: fix race between transaction aborts and fsyncs leading to use-after-free [5.10,049/299] fbdev: zero-fill colormap in fbcmap.c [5.10,051/299] bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first [5.10,052/299] staging: wimax/i2400m: fix byte-order issue [5.10,053/299] spi: ath79: always call chipselect function [5.10,054/299] spi: ath79: remove spi-master setup and cleanup assignment [5.10,055/299] bus: mhi: core: Destroy SBL devices when moving to mission mode [5.10,057/299] crypto: qat - fix unmap invalid dma address [5.10,060/299] x86/sev: Do not require Hypervisor CPUID bit for SEV guests [5.10,061/299] crypto: hisilicon/sec - fixes a printing error [5.10,063/299] usb: gadget: f_uac2: validate input parameters [5.10,066/299] usb: xhci: Fix port minor revision [5.10,067/299] kselftest/arm64: mte: Fix compilation with native compiler [5.10,068/299] ARM: tegra: acer-a500: Rename avdd to vdda of touchscreen node [5.10,070/299] kselftest/arm64: mte: Fix MTE feature detection [5.10,071/299] ARM: dts: BCM5301X: fix "reg" formatting in /memory node [5.10,072/299] ARM: dts: ux500: Fix up TVK R3 sensors [5.10,074/299] x86/boot: Add $(CLANG_FLAGS) to compressed KBUILD_CFLAGS [5.10,077/299] arm64: dts: imx8mq-librem5-r3: Mark buck3 as always on [5.10,078/299] tee: optee: do not check memref size on return from Secure World [5.10,079/299] soundwire: cadence: only prepare attached devices on clock stop [5.10,080/299] perf/arm_pmu_platform: Use dev_err_probe() for IRQ errors [5.10,083/299] usb: xhci-mtk: support quirk to disable usb2 lpm [5.10,085/299] xhci: check port array allocation was successful before dereferencing it [5.10,088/299] bus: mhi: core: Clear context for stopped channels from remove() [5.10,091/299] platform/x86: ISST: Account for increased timeout in some cases [5.10,092/299] spi: dln2: Fix reference leak to master [5.10,098/299] usb: dwc3: gadget: Check for disabled LPM quirk [5.10,100/299] intel_th: Consistency and off-by-one fix [5.10,101/299] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() [5.10,102/299] crypto: sun8i-ss - Fix PM reference leak when pm_runtime_get_sync() fails [5.10,104/299] crypto: stm32/hash - Fix PM reference leak on stm32-hash.c [5.10,105/299] crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c [5.10,107/299] crypto: omap-aes - Fix PM reference leak on omap-aes.c [5.10,111/299] btrfs: do proper error handling in btrfs_update_reloc_root [5.10,113/299] drm: Added orientation quirk for OneGX1 Pro [5.10,115/299] drm/qxl: release shadow on shutdown [5.10,117/299] drm/amd/display: changing sr exit latency [5.10,120/299] drm/amd/display: Dont optimize bandwidth before disabling planes [5.10,122/299] drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing field overwritten issue [5.10,123/299] scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe [5.10,124/299] scsi: lpfc: Fix pt2pt connection does not recover after LOGO [5.10,125/299] drm/amdgpu: Fix some unload driver issues [5.10,126/299] sched/pelt: Fix task util_est update filtering [5.10,128/299] scsi: target: pscsi: Fix warning in pscsi_complete_cmd() [5.10,130/299] media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB [5.10,131/299] media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() [5.10,133/299] power: supply: bq27xxx: fix power_avg for newer ICs [5.10,134/299] extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unpl... [5.10,137/299] media: gspca/sq905.c: fix uninitialized variable [5.10,138/299] power: supply: Use IRQF_ONESHOT [5.10,139/299] backlight: qcom-wled: Use sink_addr for sync toggle [5.10,143/299] drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f [5.10,145/299] drm/amd/display: Fix UBSAN warning for not a valid value for type _Bool [5.10,146/299] drm/amd/display: DCHUB underflow counter increasing in some scenarios [5.10,147/299] drm/amd/display: fix dml prefetch validation [5.10,151/299] mmc: sdhci-esdhc-imx: validate pinctrl before use it [5.10,152/299] mmc: sdhci-pci: Add PCI IDs for Intel LKF [5.10,157/299] selftests/resctrl: Enable gcc checks to detect buffer overflows [5.10,158/299] selftests/resctrl: Fix compilation issues for global variables [5.10,160/299] selftests/resctrl: Clean up resctrl features check [5.10,164/299] selftests/resctrl: Fix checking for < 0 for unsigned values [5.10,166/299] scsi: smartpqi: Use host-wide tag space [5.10,168/299] scsi: smartpqi: Add new PCI IDs [5.10,171/299] media: vivid: update EDID [5.10,173/299] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return [5.10,174/299] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() [5.10,176/299] media: tc358743: fix possible use-after-free in tc358743_remove() [5.10,178/299] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() [5.10,179/299] media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() [5.10,180/299] media: i2c: adv7842: fix possible use-after-free in adv7842_remove() [5.10,182/299] media: sun8i-di: Fix runtime PM imbalance in deinterlace_start_streaming [5.10,186/299] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal [5.10,189/299] drm/radeon/ttm: Fix memory leak userptr pages [5.10,191/299] drm/amd/display: Fix UBSAN: shift-out-of-bounds warning [5.10,193/299] amdgpu: avoid incorrect %hu format string [5.10,194/299] drm/amd/display: Try YCbCr420 color when YCbCr444 fails [5.10,197/299] scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode [5.10,198/299] scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic [5.10,200/299] mfd: da9063: Support SMBus and I2C mode [5.10,203/299] perf: Rework perf_event_exit_event() [5.10,204/299] sched,fair: Alternative sched_slice() [5.10,205/299] block/rnbd-clt: Fix missing a memory free when unloading the module [5.10,206/299] s390/archrandom: add parameter check for s390_arch_random_generate [5.10,207/299] sched,psi: Handle potential task count underflow bugs more gracefully [5.10,208/299] power: supply: cpcap-battery: fix invalid usage of list cursor [5.10,211/299] ALSA: sb: Fix two use after free in snd_sb_qsound_build [5.10,214/299] ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7 [5.10,215/299] ALSA: hda/realtek: GA503 use same quirks as GA401 [5.10,221/299] btrfs: fix race when picking most recent mod log operation for an old root [5.10,222/299] arm64/vdso: Discard .note.gnu.property sections in vDSO [5.10,223/299] Makefile: Move -Wno-unused-but-set-variable out of GCC only block [5.10,227/299] ubifs: Only check replay with inode type to judge if inode linked [5.10,229/299] f2fs: fix to avoid out-of-bounds memory access [5.10,231/299] openvswitch: fix stack OOB read while fragmenting IPv4 packets [5.10,233/299] NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds [5.10,235/299] NFSv4: Dont discard segments marked for return in _pnfs_return_layout() [5.10,238/299] jffs2: Hook up splice_write callback [5.10,239/299] powerpc/powernv: Enable HAIL (HV AIL) for ISA v3.1 processors [5.10,240/299] powerpc/eeh: Fix EEH handling for hugepages in ioremap space. [5.10,242/299] powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR [5.10,246/299] tpm: vtpm_proxy: Avoid reading host log when using a virtual device [5.10,247/299] crypto: arm/curve25519 - Move .fpu after .arch [5.10,249/299] md/raid1: properly indicate failure when ending a failed write request [5.10,251/299] fuse: fix write deadlock [5.10,253/299] sfc: farch: fix TX queue lookup in TX flush done handling [5.10,254/299] sfc: farch: fix TX queue lookup in TX event handling [5.10,255/299] security: commoncap: fix -Wstringop-overread warning [5.10,256/299] Fix misc new gcc warnings [5.10,258/299] smb3: when mounting with multichannel include it in requested capabilities [5.10,260/299] Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") [5.10,263/299] kbuild: update config_data.gz only when the content of .config is changed [5.10,265/299] ext4: annotate data race in jbd2_journal_dirty_metadata() [5.10,267/299] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() [5.10,269/299] ext4: fix ext4_error_err save negative errno into superblock [5.10,271/299] ext4: allow the dax flag to be set and cleared on inline directories [5.10,273/299] media: dvbdev: Fix memory leak in dvb_media_device_free() [5.10,274/299] media: dvb-usb: Fix use-after-free access [5.10,275/299] media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() [5.10,276/299] media: staging/intel-ipu3: Fix memory leak in imu_fmt [5.10,277/299] media: staging/intel-ipu3: Fix set_fmt error handling [5.10,278/299] media: staging/intel-ipu3: Fix race condition during set_fmt [5.10,280/299] media: venus: hfi_parser: Dont initialize parser on v1 [5.10,281/299] usb: gadget: dummy_hcd: fix gpf in gadget_setup [5.10,284/299] usb: dwc3: gadget: Remove FS bInterval_m1 limitation [5.10,285/299] usb: dwc3: gadget: Fix START_TRANSFER link state check [5.10,286/299] usb: dwc3: core: Do core softreset when switch mode [5.10,290/299] tools/power turbostat: Fix offset overflow issue in index converting [5.10,291/299] tracing: Map all PIDs to command lines [5.10,292/299] tracing: Restructure trace_clock_global() to never block [5.10,295/299] dm integrity: fix missing goto in bitmap_flush_interval error handling [5.10,296/299] dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails

On Tue, May 25, 2021 at 10:23:49AM -0600, Jeffrey Hugo wrote: > On 5/23/2021 10:19 PM, Manivannan Sadhasivam wrote: > > On Fri, May 21, 2021 at 10:50:33AM -0700, Bhaumik Bhatt wrote: > > > On 2021-05-10 11:17 PM, Manivannan Sadhasivam wrote: > > > > Hi Pavel, > > > > > > > > On Mon, May 10, 2021 at 10:56:50PM +0200, Pavel Machek wrote: > > > > > Hi! > > > > > > > > > > > From: Bhaumik Bhatt <bbhatt@codeaurora.org> > > > > > > > > > > > > commit 47705c08465931923e2f2b506986ca0bdf80380d upstream. > > > > > > > > > > > > When clearing up the channel context after client drivers are > > > > > > done using channels, the configuration is currently not being > > > > > > reset entirely. Ensure this is done to appropriately handle > > > > > > issues where clients unaware of the context state end up calling > > > > > > functions which expect a context. > > > > > > > > > > > +++ b/drivers/bus/mhi/core/init.c > > > > > > @@ -544,6 +544,7 @@ void mhi_deinit_chan_ctxt(struct mhi_con > > > > > > + u32 tmp; > > > > > > @@ -554,7 +555,19 @@ void mhi_deinit_chan_ctxt(struct mhi_con > > > > > ... > > > > > > + tmp = chan_ctxt->chcfg; > > > > > > + tmp &= ~CHAN_CTX_CHSTATE_MASK; > > > > > > + tmp |= (MHI_CH_STATE_DISABLED << CHAN_CTX_CHSTATE_SHIFT); > > > > > > + chan_ctxt->chcfg = tmp; > > > > > > + > > > > > > + /* Update to all cores */ > > > > > > + smp_wmb(); > > > > > > } > > > > > > > > > > This is really interesting code; author was careful to make sure chcfg > > > > > is updated atomically, but C compiler is free to undo that. Plus, this > > > > > will make all kinds of checkers angry. > > > > > > > > > > Does the file need to use READ_ONCE and WRITE_ONCE? > > > > > > > > > > > > > Thanks for looking into this. > > > > > > > > I agree that the order could be mangled between chcfg read & write and > > > > using READ_ONCE & WRITE_ONCE seems to be a good option. > > > > > > > > Bhaumik, can you please submit a patch and tag stable? > > > > > > > > Thanks, > > > > Mani > > > > > > > > > Best regards, > > > > > Pavel > > > > > -- > > > > > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > > > > > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > > > > > > Hi Pavel/Mani, > > > > > > Hemant and I went over this patch and we noticed this particular function is > > > already being called with the channel mutex lock held. This would take care > > > of > > > the atomicity and we also probably don't need the smp_wmb() barrier as the > > > mutex > > > unlock will implicitly take care of it. > > > > > > > okay > > > > > To the point of compiler re-ordering, we would need some help to understand > > > the > > > purpose of READ_ONCE()/WRITE_ONCE() for these dependent statements: > > > > > > > + tmp = chan_ctxt->chcfg; > > > > + tmp &= ~CHAN_CTX_CHSTATE_MASK; > > > > + tmp |= (MHI_CH_STATE_DISABLED << CHAN_CTX_CHSTATE_SHIFT); > > > > + chan_ctxt->chcfg = tmp; > > > > > > Since RMW operation means that the chan_ctxt->chcfg is copied to a local > > > variable (tmp) and the _same_ is being written back to chan_ctxt->chcfg, can > > > compiler reorder these dependent statements and cause a different result? > > > > > > > Well, I agree that there is a minimal guarantee with modern day CPUs on > > not breaking the order of dependent memory accesses (like here tmp > > variable is the one which gets read and written) but we want to make > > sure that this won't break on future CPUs as well. So IMO using > > READ_ONCE and WRITE_ONCE adds extra level of safety. > > ? > > I'm sorry, but this argument is non-sense to me, and so I want to understand > more. > > I've talked to our CPU designers from time to time, but cannot speak for > other vendors. A modern CPU can easily reorder accesses all it wants, so > long as it does not change the end result. This is typically identified via > "data dependencies", where the CPU identifies that the result of a previous > instruction is required to be known before processing the current > instruction (or any instructions in flight in the pipeline, the instructions > don't need to be adjacent). These data dependencies can be "read" or > "write". > > The typical reason barriers are needed is because the CPU cannot detect > these dependencies when we are talking about different "memory". For > example, a write to a register in some hardware block to program some mode, > and then a write to another register to activate the hardware block based on > that mode. In this example, there is no data dependency that the CPU can > detect, although you and I as the software writer knows there is a specific > order to these operations. Thus, a barrier is required. > > Your argument is that we need to protect against some hypothetical future > CPU where these data dependencies are ignored, and so the CPU reorders > things. Except that means that the end result is (possibly) changed, > meaning the contract between software and hardware is no longer valid. It > breaks the entire memory model for the C language. > Jeff, I do understand your point here and I completely agree. I just went with the question raised by Pavel and was trying to be on the safe side (which might not be a valid thing as you said). Let's hear from Pavel on what exactly his concern is! Maybe I went in the wrong direction. Thanks for your views. Thanks, Mani > In the above code snippet, you are saying this is valid for some future CPU > to do: > > tmp = chan_ctxt->chcfg; > chan_ctxt->chcfg = tmp; //probably optimized out because this now obviously > has no effect > tmp &= ~CHAN_CTX_CHSTATE_MASK; > tmp |= (MHI_CH_STATE_DISABLED << CHAN_CTX_CHSTATE_SHIFT); > > That is clearly wrong (I seriously hope you agree), and while I've seen > hardware designers do some boneheaded things to the point where I don't > trust them a lot of the time, I have a hard time believing they would think > that is acceptable. > > That fundamentally breaks all of software to the point where the only > recourse is to have a literal barrier between every line of code. That > doubles the line count of Linux and kills all performance. Its plainly not > tenable. > > So, seriously, please explain your view in great detail because it feels > like we are talking past each-other and not coming to common ground. As I > understand it, adding an explicit barrier in a patch cannot be done "just > because" and requires a good documented reason (in a comment next to the > barrier) for why the barrier is required. It seems like the same level of > scrutiny should be applied for READ_ONCE/WRITE_ONCE, but your reason for > adding them, "using READ_ONCE and WRITE_ONCE adds extra level of safety", > reads like the reason to use them is "just because" to me.

[5.10,002/299] bus: mhi: core: Clear configuration from channel context during reset

Commit Message

Comments

Patch