add i2c3 uart3 overlay support fot v1.3 #9
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: wzj <wzj2346584@163.com>
StephenInVamrs
pushed a commit
that referenced
this pull request
Oct 26, 2021
When do uvc hotplug test on RV1126 EVB, it may crash in the uvc_v4l2_streamon() with the following error log. Because it tries to enable the video stream after usb disconnect. [ 1748.947755] configfs-gadget gadget: uvc_function_disable [ 1748.947947] android_work: sent uevent USB_STATE=DISCONNECTED [ 1748.955347] Unable to handle kernel NULL pointer dereference at virtual address 00000003 [ 1748.956158] pgd = ef2a7e72 [ 1748.956550] [00000003] *pgd=6dde7835 [ 1748.956893] Internal error: Oops: 17 [#1] PREEMPT SMP ARM [ 1748.957381] Modules linked in: galcore(O) bcmdhd [ 1748.957819] CPU: 3 PID: 2706 Comm: uvc_gadget_pthr Tainted: G W O 4.19.111 #9 [ 1748.958567] Hardware name: Generic DT based system [ 1748.959218] PC is at uvcg_video_enable+0xb8/0x228 [ 1748.959775] LR is at vb2_core_streamon+0x11c/0x15c ...... [ 1749.041063] [<b056a2cc>] (uvcg_video_enable) from [<b0569968>] (uvc_v4l2_streamon+0x28/0x70) [ 1749.041906] [<b0569968>] (uvc_v4l2_streamon) from [<b0590b54>] (__video_do_ioctl+0x1c8/0x3a0) [ 1749.042681] [<b0590b54>] (__video_do_ioctl) from [<b0594288>] (video_usercopy+0x200/0x494) [ 1749.043475] [<b0594288>] (video_usercopy) from [<b0220c38>] (do_vfs_ioctl+0xac/0x798) [ 1749.044178] [<b0220c38>] (do_vfs_ioctl) from [<b0221358>] (ksys_ioctl+0x34/0x58) [ 1749.044843] [<b0221358>] (ksys_ioctl) from [<b0101000>] (ret_fast_syscall+0x0/0x4c) Signed-off-by: William Wu <william.wu@rock-chips.com> Change-Id: I6bb58133aaade0ff389fa4af2cfc05fe598de250
StephenInVamrs
pushed a commit
that referenced
this pull request
Apr 25, 2022
When do uvc hotplug test on RV1126 EVB, it may crash in the uvc_v4l2_streamon() with the following error log. Because it tries to enable the video stream after usb disconnect. [ 1748.947755] configfs-gadget gadget: uvc_function_disable [ 1748.947947] android_work: sent uevent USB_STATE=DISCONNECTED [ 1748.955347] Unable to handle kernel NULL pointer dereference at virtual address 00000003 [ 1748.956158] pgd = ef2a7e72 [ 1748.956550] [00000003] *pgd=6dde7835 [ 1748.956893] Internal error: Oops: 17 [#1] PREEMPT SMP ARM [ 1748.957381] Modules linked in: galcore(O) bcmdhd [ 1748.957819] CPU: 3 PID: 2706 Comm: uvc_gadget_pthr Tainted: G W O 4.19.111 #9 [ 1748.958567] Hardware name: Generic DT based system [ 1748.959218] PC is at uvcg_video_enable+0xb8/0x228 [ 1748.959775] LR is at vb2_core_streamon+0x11c/0x15c ...... [ 1749.041063] [<b056a2cc>] (uvcg_video_enable) from [<b0569968>] (uvc_v4l2_streamon+0x28/0x70) [ 1749.041906] [<b0569968>] (uvc_v4l2_streamon) from [<b0590b54>] (__video_do_ioctl+0x1c8/0x3a0) [ 1749.042681] [<b0590b54>] (__video_do_ioctl) from [<b0594288>] (video_usercopy+0x200/0x494) [ 1749.043475] [<b0594288>] (video_usercopy) from [<b0220c38>] (do_vfs_ioctl+0xac/0x798) [ 1749.044178] [<b0220c38>] (do_vfs_ioctl) from [<b0221358>] (ksys_ioctl+0x34/0x58) [ 1749.044843] [<b0221358>] (ksys_ioctl) from [<b0101000>] (ret_fast_syscall+0x0/0x4c) Signed-off-by: William Wu <william.wu@rock-chips.com> Change-Id: I6bb58133aaade0ff389fa4af2cfc05fe598de250
StephenInVamrs
pushed a commit
that referenced
this pull request
May 19, 2022
[ 100.584484] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 100.584500] pgd = 466047cd [ 100.584509] [00000000] *pgd=00000000 [ 100.584526] Internal error: Oops - BUG: 17 [#1] THUMB2 [ 100.584534] Modules linked in: dw_mmc_rockchip(+) rknpu snd_soc_rv1106 rockit(O) mpp_vcodec(O) rga3 [ 100.584586] CPU: 0 PID: 9 Comm: kworker/u2:1 Tainted: G O 5.10.66 #9 [ 100.584593] Hardware name: Generic DT based system [ 100.584618] Workqueue: events_unbound async_run_entry_fn [ 100.584638] PC is at dw_mci_probe+0x10a/0x7dc [ 100.584655] LR is at clk_core_enable_lock+0x19/0x1c [ 100.584667] pc : [<b038428a>] lr : [<b02f79ef>] psr: 60000033 [ 100.584676] sp : b00a1e88 ip : b1caf580 fp : af8c29f4 [ 100.584686] r10: 00000000 r9 : af8c2c04 r8 : af8c29f4 [ 100.584696] r7 : b00cc4e4 r6 : 00000001 r5 : b1caf450 r4 : b1c8c010 [ 100.584706] r3 : 00000000 r2 : b05b095c r1 : 00000000 r0 : 00000000 [ 100.584720] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment user [ 100.584731] Control: 50c53c7d Table: 01c88059 DAC: 00000055 [ 100.584743] Process kworker/u2:1 (pid: 9, stack limit = 0xc7a2c6f9) [ 100.584753] Stack: (0xb00a1e88 to 0xb00a2000) [ 100.584769] 1e80: 00000001 00000001 ff9a0000 b02cce69 b1caf410 00000000 [ 100.584787] 1ea0: b1c8c010 b00cc400 b00cc410 b00cc410 b00cc400 00000001 b00cc4e4 af8c29f4 [ 100.584805] 1ec0: af8c2c04 0000000a 00000000 af8c2469 00000000 b00cc410 af8c2c04 b05b1e04 [ 100.584822] 1ee0: 00000000 b031b3e3 b00cc410 00000000 b05b1e08 b031a775 00000000 b00cc410 [ 100.584840] 1f00: af8c2c04 b1caf2c0 b0008000 00000000 00000000 b1caf2d4 00000000 b031a959 [ 100.584858] 1f20: b00bed00 b00cc410 b05a1018 b031a989 b1caf2d0 b0223ad5 b002f8a0 b1caf2d0 [ 100.584877] 1f40: b0007000 b021f917 b002f8a0 b1caf2d0 b002f8a0 b002f8b4 b0007000 b057ed20 [ 100.584896] 1f60: b05a191c b0007014 b0007040 b021fbc3 b009d300 b0094920 ffffe000 b005bed0 [ 100.584914] 1f80: b021fae1 b002f8a0 b009d320 b0222553 b0094920 b02224b1 00000000 00000000 [ 100.584931] 1fa0: 00000000 00000000 00000000 b02082e9 00000000 00000000 00000000 00000000 [ 100.584946] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 100.584962] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 100.585012] [<b038428a>] (dw_mci_probe) from [<af8c2469>] (dw_mci_rockchip_probe+0x79/0xbc [dw_mmc_rockchip]) [ 100.585049] [<af8c2469>] (dw_mci_rockchip_probe [dw_mmc_rockchip]) from [<b031b3e3>] (platform_drv_probe+0x2d/0x5a) [ 100.585074] [<b031b3e3>] (platform_drv_probe) from [<b031a775>] (really_probe+0x16f/0x23e) [ 100.585096] [<b031a775>] (really_probe) from [<b031a959>] (driver_probe_device+0x5d/0x6c) [ 100.585118] [<b031a959>] (driver_probe_device) from [<b031a989>] (__driver_attach_async_helper+0x21/0x32) [ 100.585139] [<b031a989>] (__driver_attach_async_helper) from [<b0223ad5>] (async_run_entry_fn+0x25/0xa0) [ 100.585165] [<b0223ad5>] (async_run_entry_fn) from [<b021f917>] (process_one_work+0xd5/0x136) [ 100.585191] [<b021f917>] (process_one_work) from [<b021fbc3>] (worker_thread+0xe3/0x190) [ 100.585213] [<b021fbc3>] (worker_thread) from [<b0222553>] (kthread+0xa3/0xac) [ 100.585237] [<b0222553>] (kthread) from [<b02082e9>] (ret_from_fork+0x11/0x28) [ 100.585248] Exception stack(0xb00a1fb0 to 0xb00a1ff8) Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com> Change-Id: Ia0e2d83c53a757b1cf3703408a2803052ff78049
RadxaStephen
pushed a commit
that referenced
this pull request
Jul 1, 2022
…QF_ONESHOT The flag IRQF_ONESHOT is only for irq thread, so remove IRQF_ONESHOT for devm_request_irq(). And with IRQF_ONESHOT, when enable CONFIG_PREEMPT_RT, kernel will report bug: [ 4.953930][ C4] BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:970 [ 4.953932][ C4] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 4.953936][ C4] INFO: lockdep is turned off. [ 4.953937][ C4] irq event stamp: 2481260 [ 4.953938][ C4] hardirqs last enabled at (2481259): [<ffffffc0113a5504>] _raw_spin_unlock_irqrestore+0x60/0xb8 [ 4.953946][ C4] hardirqs last disabled at (2481260): [<ffffffc01139b7c0>] enter_el1_irq_or_nmi+0x20/0x54 [ 4.953951][ C4] softirqs last enabled at (2334926): [<ffffffc010056c20>] __local_bh_enable_ip+0x1f4/0x258 [ 4.953957][ C4] softirqs last disabled at (2334920): [<ffffffc010123444>] local_bh_disable+0x4/0x30 [ 4.953963][ C4] Preemption disabled at: [ 4.953964][ C4] [<ffffffc0100de3d0>] __raw_spin_lock_irqsave+0x3c/0x138 [ 4.953971][ C4] CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.10.66-rt53 #9 [ 4.953974][ C4] Hardware name: Rockchip RK3588 EVB1 LP4 V10 Board (DT) [ 4.953976][ C4] Call trace: [ 4.953977][ C4] dump_backtrace+0x0/0x1c4 [ 4.953983][ C4] show_stack+0x18/0x24 [ 4.953989][ C4] dump_stack_lvl+0xec/0x148 [ 4.953992][ C4] dump_stack+0x18/0x64 [ 4.953996][ C4] ___might_sleep+0x1b4/0x1c4 [ 4.954002][ C4] rt_spin_lock+0x70/0xd8 [ 4.954005][ C4] hdmirx_hdmi_irq_handler+0x44/0xcf4 [ 4.954008][ C4] __handle_irq_event_percpu+0xa8/0x1b4 [ 4.954015][ C4] handle_irq_event+0x8c/0x180 [ 4.954021][ C4] handle_fasteoi_irq+0x128/0x228 [ 4.954025][ C4] __handle_domain_irq+0xb0/0x11c [ 4.954030][ C4] gic_handle_irq+0x74/0x14c [ 4.954034][ C4] el1_irq+0xd0/0x1c0 [ 4.954037][ C4] _raw_spin_unlock_irqrestore+0x64/0xb8 [ 4.954043][ C4] __setup_irq+0x474/0x6a8 [ 4.954046][ C4] request_threaded_irq+0xfc/0x164 [ 4.954049][ C4] devm_request_threaded_irq+0x84/0xd4 [ 4.954054][ C4] hdmirx_probe+0xa2c/0x128c [ 4.954057][ C4] platform_drv_probe+0x94/0xbc [ 4.954061][ C4] really_probe+0x200/0x508 [ 4.954067][ C4] driver_probe_device+0x7c/0xb8 [ 4.954072][ C4] device_driver_attach+0x6c/0xac [ 4.954078][ C4] __driver_attach+0xc4/0x148 [ 4.954084][ C4] bus_for_each_dev+0x7c/0xc8 [ 4.954089][ C4] driver_attach+0x24/0x30 [ 4.954095][ C4] bus_add_driver+0x100/0x1e0 [ 4.954099][ C4] driver_register+0x78/0x110 [ 4.954106][ C4] __platform_driver_register+0x44/0x50 [ 4.954109][ C4] hdmirx_init+0x44/0x50 [ 4.954113][ C4] do_one_initcall+0x98/0x188 [ 4.954116][ C4] do_initcall_level+0xa0/0xc0 [ 4.954121][ C4] do_initcalls+0x54/0x94 [ 4.954125][ C4] do_basic_setup+0x24/0x30 [ 4.954130][ C4] kernel_init_freeable+0x98/0xf0 [ 4.954134][ C4] kernel_init+0x14/0x184 [ 4.954139][ C4] ret_from_fork+0x10/0x30 Signed-off-by: Liang Chen <cl@rock-chips.com> Change-Id: I32d3d7588e1eddc3f88fd5c1f47b6efef5da9e32
RadxaStephen
pushed a commit
that referenced
this pull request
Oct 27, 2022
Unable to handle kernel NULL pointer dereference at virtual address 00000080 pgd = 5be93016 [00000080] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM Modules linked in: CPU: 3 PID: 58 Comm: kworker/3:1 Not tainted 4.19.111 #9 Hardware name: Generic DT based system PC is at snd_soc_add_dai_controls+0x24/0x40 LR is at (null) pc : [<b0692590>] lr : [<00000000>] psr: 20000053 sp : ee117d58 ip : 00000000 fp : ddb2d540 r10: ddbd1c40 r9 : 00000000 r8 : ddb35b80 r7 : ddb35940 r6 : ddb65080 r5 : 00000002 r4 : eeb39410 r3 : 00000001 r2 : b0d464e4 r1 : eeb39410 r0 : ddb65080 Flags: nzCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment user Change-Id: I0571e1a0554f11af62fab3572fcb11f299626be6 Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com> (cherry picked from commit d6885ff)
stvhay
pushed a commit
to stvhay/kernel
that referenced
this pull request
Mar 22, 2023
stvhay
pushed a commit
to stvhay/kernel
that referenced
this pull request
Mar 22, 2023
stvhay
pushed a commit
to stvhay/kernel
that referenced
this pull request
Mar 26, 2023
RadxaStephen
pushed a commit
that referenced
this pull request
Aug 3, 2024
commit 42252d0 upstream. This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix this issue the "callback" field is moved to "struct plock_op" to indicate that a cast to "plock_xop" is allowed and does the additional "plock_xop" handling if set. Example of the KASAN output which showed the invalid read: [ 2064.296453] ================================================================== [ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm] [ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484 [ 2064.308168] [ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9 [ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2064.311618] Call Trace: [ 2064.312218] dump_stack_lvl+0x56/0x7b [ 2064.313150] print_address_description.constprop.8+0x21/0x150 [ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.316595] kasan_report.cold.14+0x7f/0x11b [ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.318687] dev_write+0x52b/0x5a0 [dlm] [ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm] [ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10 [ 2064.321926] vfs_write+0x17e/0x930 [ 2064.322769] ? __fget_light+0x1aa/0x220 [ 2064.323753] ksys_write+0xf1/0x1c0 [ 2064.324548] ? __ia32_sys_read+0xb0/0xb0 [ 2064.325464] do_syscall_64+0x3a/0x80 [ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2064.327606] RIP: 0033:0x7f807e4ba96f [ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48 [ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f [ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010 [ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001 [ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80 [ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001 [ 2064.342857] [ 2064.343226] Allocated by task 12438: [ 2064.344057] kasan_save_stack+0x1c/0x40 [ 2064.345079] __kasan_kmalloc+0x84/0xa0 [ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220 [ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm] [ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0 [ 2064.351070] fcntl_setlk+0x281/0xbc0 [ 2064.352879] do_fcntl+0x5e4/0xfe0 [ 2064.354657] __x64_sys_fcntl+0x11f/0x170 [ 2064.356550] do_syscall_64+0x3a/0x80 [ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2064.360745] [ 2064.361511] Last potentially related work creation: [ 2064.363957] kasan_save_stack+0x1c/0x40 [ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0 [ 2064.368100] call_rcu+0x11b/0xf70 [ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm] [ 2064.372404] receive_from_sock+0x290/0x770 [dlm] [ 2064.374607] process_recv_sockets+0x32/0x40 [dlm] [ 2064.377290] process_one_work+0x9a8/0x16e0 [ 2064.379357] worker_thread+0x87/0xbf0 [ 2064.381188] kthread+0x3ac/0x490 [ 2064.383460] ret_from_fork+0x22/0x30 [ 2064.385588] [ 2064.386518] Second to last potentially related work creation: [ 2064.389219] kasan_save_stack+0x1c/0x40 [ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0 [ 2064.393303] call_rcu+0x11b/0xf70 [ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm] [ 2064.397694] receive_from_sock+0x290/0x770 [dlm] [ 2064.399932] process_recv_sockets+0x32/0x40 [dlm] [ 2064.402180] process_one_work+0x9a8/0x16e0 [ 2064.404388] worker_thread+0x87/0xbf0 [ 2064.406124] kthread+0x3ac/0x490 [ 2064.408021] ret_from_fork+0x22/0x30 [ 2064.409834] [ 2064.410599] The buggy address belongs to the object at ffff88800ef22780 [ 2064.410599] which belongs to the cache kmalloc-96 of size 96 [ 2064.416495] The buggy address is located 88 bytes inside of [ 2064.416495] 96-byte region [ffff88800ef22780, ffff88800ef227e0) [ 2064.422045] The buggy address belongs to the page: [ 2064.424635] page:00000000b6bef8bc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xef22 [ 2064.428970] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2064.432515] raw: 000fffffc0000200 ffffea0000d68b80 0000001400000014 ffff888001041780 [ 2064.436110] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2064.439813] page dumped because: kasan: bad access detected [ 2064.442548] [ 2064.443310] Memory state around the buggy address: [ 2064.445988] ffff88800ef22680: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 2064.449444] ffff88800ef22700: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 2064.452941] >ffff88800ef22780: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 2064.456383] ^ [ 2064.459386] ffff88800ef22800: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 2064.462788] ffff88800ef22880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 2064.466239] ================================================================== reproducer in python: import argparse import struct import fcntl import os parser = argparse.ArgumentParser() parser.add_argument('-f', '--file', help='file to use fcntl, must be on dlm lock filesystem e.g. gfs2') args = parser.parse_args() f = open(args.file, 'wb+') lockdata = struct.pack('hhllhh', fcntl.F_WRLCK,0,0,0,0,0) fcntl.fcntl(f, fcntl.F_SETLK, lockdata) lockdata = struct.pack('hhllhh', fcntl.F_UNLCK,0,0,0,0,0) fcntl.fcntl(f, fcntl.F_SETLK, lockdata) Fixes: 586759f ("gfs2: nfs lock support for gfs2") Cc: stable@vger.kernel.org Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Alexander Aring <aahringo@redhat.com> Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: wzj wzj2346584@163.com