From: Greg Kroah-Hartman Date: Tue, 9 Oct 2018 09:25:43 +0000 (+0200) Subject: drop pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch X-Git-Tag: v4.4.160~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb43ba0c41bf1a2849488ddcc61d9577aff06c6e;p=thirdparty%2Fkernel%2Fstable-queue.git drop pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch --- diff --git a/queue-3.18/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch b/queue-3.18/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch deleted file mode 100644 index 50fd0a221da..00000000000 --- a/queue-3.18/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch +++ /dev/null @@ -1,93 +0,0 @@ -From foo@baz Mon Oct 8 17:34:37 CEST 2018 -From: Stephen Boyd -Date: Thu, 16 Aug 2018 13:06:46 -0700 -Subject: pinctrl: msm: Really mask level interrupts to prevent latching - -From: Stephen Boyd - -[ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ] - -The interrupt controller hardware in this pin controller has two status -enable bits. The first "normal" status enable bit enables or disables -the summary interrupt line being raised when a gpio interrupt triggers -and the "raw" status enable bit allows or prevents the hardware from -latching an interrupt into the status register for a gpio interrupt. -Currently we just toggle the "normal" status enable bit in the mask and -unmask ops so that the summary irq interrupt going to the CPU's -interrupt controller doesn't trigger for the masked gpio interrupt. - -For a level triggered interrupt, the flow would be as follows: the pin -controller sees the interrupt, latches the status into the status -register, raises the summary irq to the CPU, summary irq handler runs -and calls handle_level_irq(), handle_level_irq() masks and acks the gpio -interrupt, the interrupt handler runs, and finally unmask the interrupt. -When the interrupt handler completes, we expect that the interrupt line -level will go back to the deasserted state so the genirq code can unmask -the interrupt without it triggering again. - -If we only mask the interrupt by clearing the "normal" status enable bit -then we'll ack the interrupt but it will continue to show up as pending -in the status register because the raw status bit is enabled, the -hardware hasn't deasserted the line, and thus the asserted state latches -into the status register again. When the hardware deasserts the -interrupt the pin controller still thinks there is a pending unserviced -level interrupt because it latched it earlier. This behavior causes -software to see an extra interrupt for level type interrupts each time -the interrupt is handled. - -Let's fix this by clearing the raw status enable bit for level type -interrupts so that the hardware stops latching the status of the -interrupt after we ack it. We don't do this for edge type interrupts -because it seems that toggling the raw status enable bit for edge type -interrupts causes spurious edge interrupts. - -Signed-off-by: Stephen Boyd -Reviewed-by: Douglas Anderson -Reviewed-by: Bjorn Andersson -Signed-off-by: Linus Walleij -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - ---- a/drivers/pinctrl/qcom/pinctrl-msm.c -+++ b/drivers/pinctrl/qcom/pinctrl-msm.c -@@ -596,6 +596,29 @@ static void msm_gpio_irq_mask(struct irq - spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ /* -+ * There are two bits that control interrupt forwarding to the CPU. The -+ * RAW_STATUS_EN bit causes the level or edge sensed on the line to be -+ * latched into the interrupt status register when the hardware detects -+ * an irq that it's configured for (either edge for edge type or level -+ * for level type irq). The 'non-raw' status enable bit causes the -+ * hardware to assert the summary interrupt to the CPU if the latched -+ * status bit is set. There's a bug though, the edge detection logic -+ * seems to have a problem where toggling the RAW_STATUS_EN bit may -+ * cause the status bit to latch spuriously when there isn't any edge -+ * so we can't touch that bit for edge type irqs and we have to keep -+ * the bit set anyway so that edges are latched while the line is masked. -+ * -+ * To make matters more complicated, leaving the RAW_STATUS_EN bit -+ * enabled all the time causes level interrupts to re-latch into the -+ * status register because the level is still present on the line after -+ * we ack it. We clear the raw status enable bit during mask here and -+ * set the bit on unmask so the interrupt can't latch into the hardware -+ * while it's masked. -+ */ -+ if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK) -+ val &= ~BIT(g->intr_raw_status_bit); -+ - val &= ~BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - -@@ -617,6 +640,7 @@ static void msm_gpio_irq_unmask(struct i - spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ val |= BIT(g->intr_raw_status_bit); - val |= BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - diff --git a/queue-3.18/proc-restrict-kernel-stack-dumps-to-root.patch b/queue-3.18/proc-restrict-kernel-stack-dumps-to-root.patch deleted file mode 100644 index b04455da97f..00000000000 --- a/queue-3.18/proc-restrict-kernel-stack-dumps-to-root.patch +++ /dev/null @@ -1,73 +0,0 @@ -From f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 Mon Sep 17 00:00:00 2001 -From: Jann Horn -Date: Fri, 5 Oct 2018 15:51:58 -0700 -Subject: proc: restrict kernel stack dumps to root - -From: Jann Horn - -commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 upstream. - -Currently, you can use /proc/self/task/*/stack to cause a stack walk on -a task you control while it is running on another CPU. That means that -the stack can change under the stack walker. The stack walker does -have guards against going completely off the rails and into random -kernel memory, but it can interpret random data from your kernel stack -as instruction pointers and stack pointers. This can cause exposure of -kernel stack contents to userspace. - -Restrict the ability to inspect kernel stacks of arbitrary tasks to root -in order to prevent a local attacker from exploiting racy stack unwinding -to leak kernel task stack contents. See the added comment for a longer -rationale. - -There don't seem to be any users of this userspace API that can't -gracefully bail out if reading from the file fails. Therefore, I believe -that this change is unlikely to break things. In the case that this patch -does end up needing a revert, the next-best solution might be to fake a -single-entry stack based on wchan. - -Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com -Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") -Signed-off-by: Jann Horn -Acked-by: Kees Cook -Cc: Alexey Dobriyan -Cc: Ken Chen -Cc: Will Deacon -Cc: Laura Abbott -Cc: Andy Lutomirski -Cc: Catalin Marinas -Cc: Josh Poimboeuf -Cc: Thomas Gleixner -Cc: Ingo Molnar -Cc: "H . Peter Anvin" -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Greg Kroah-Hartman - ---- - fs/proc/base.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - ---- a/fs/proc/base.c -+++ b/fs/proc/base.c -@@ -279,6 +279,20 @@ static int proc_pid_stack(struct seq_fil - int err; - int i; - -+ /* -+ * The ability to racily run the kernel stack unwinder on a running task -+ * and then observe the unwinder output is scary; while it is useful for -+ * debugging kernel issues, it can also allow an attacker to leak kernel -+ * stack contents. -+ * Doing this in a manner that is at least safe from races would require -+ * some work to ensure that the remote task can not be scheduled; and -+ * even then, this would still expose the unwinder as local attack -+ * surface. -+ * Therefore, this interface is restricted to root. -+ */ -+ if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) -+ return -EACCES; -+ - entries = kmalloc(MAX_STACK_TRACE_DEPTH * sizeof(*entries), GFP_KERNEL); - if (!entries) - return -ENOMEM; diff --git a/queue-3.18/series b/queue-3.18/series index 6681bcc7bcb..ed06de622ed 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -82,7 +82,6 @@ tools-vm-slabinfo.c-fix-sign-compare-warning.patch tools-vm-page-types.c-fix-defined-but-not-used-warning.patch mm-madvise-madv_dodump-allow-hugetlbfs-pages.patch usb-gadget-fotg210-udc-fix-memory-leak-of-fotg210-ep.patch -pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch rdma-ucma-check-fd-type-in-ucma_migrate_id.patch usb-yurex-check-for-truncation-in-yurex_read.patch fs-cifs-suppress-a-string-overflow-warning.patch @@ -96,5 +95,4 @@ xen-manage-don-t-complain-about-an-empty-value-in-control-sysrq-node.patch xen-fix-gcc-warning-and-remove-duplicate-evtchn_row-evtchn_col-usage.patch smb2-fix-missing-files-in-root-share-directory-listing.patch crypto-mxs-dcp-fix-wait-logic-on-chan-threads.patch -proc-restrict-kernel-stack-dumps-to-root.patch ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch diff --git a/queue-4.14/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch b/queue-4.14/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch deleted file mode 100644 index da8eeb58119..00000000000 --- a/queue-4.14/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch +++ /dev/null @@ -1,93 +0,0 @@ -From foo@baz Mon Oct 8 17:56:31 CEST 2018 -From: Stephen Boyd -Date: Thu, 16 Aug 2018 13:06:46 -0700 -Subject: pinctrl: msm: Really mask level interrupts to prevent latching - -From: Stephen Boyd - -[ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ] - -The interrupt controller hardware in this pin controller has two status -enable bits. The first "normal" status enable bit enables or disables -the summary interrupt line being raised when a gpio interrupt triggers -and the "raw" status enable bit allows or prevents the hardware from -latching an interrupt into the status register for a gpio interrupt. -Currently we just toggle the "normal" status enable bit in the mask and -unmask ops so that the summary irq interrupt going to the CPU's -interrupt controller doesn't trigger for the masked gpio interrupt. - -For a level triggered interrupt, the flow would be as follows: the pin -controller sees the interrupt, latches the status into the status -register, raises the summary irq to the CPU, summary irq handler runs -and calls handle_level_irq(), handle_level_irq() masks and acks the gpio -interrupt, the interrupt handler runs, and finally unmask the interrupt. -When the interrupt handler completes, we expect that the interrupt line -level will go back to the deasserted state so the genirq code can unmask -the interrupt without it triggering again. - -If we only mask the interrupt by clearing the "normal" status enable bit -then we'll ack the interrupt but it will continue to show up as pending -in the status register because the raw status bit is enabled, the -hardware hasn't deasserted the line, and thus the asserted state latches -into the status register again. When the hardware deasserts the -interrupt the pin controller still thinks there is a pending unserviced -level interrupt because it latched it earlier. This behavior causes -software to see an extra interrupt for level type interrupts each time -the interrupt is handled. - -Let's fix this by clearing the raw status enable bit for level type -interrupts so that the hardware stops latching the status of the -interrupt after we ack it. We don't do this for edge type interrupts -because it seems that toggling the raw status enable bit for edge type -interrupts causes spurious edge interrupts. - -Signed-off-by: Stephen Boyd -Reviewed-by: Douglas Anderson -Reviewed-by: Bjorn Andersson -Signed-off-by: Linus Walleij -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - ---- a/drivers/pinctrl/qcom/pinctrl-msm.c -+++ b/drivers/pinctrl/qcom/pinctrl-msm.c -@@ -610,6 +610,29 @@ static void msm_gpio_irq_mask(struct irq - raw_spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ /* -+ * There are two bits that control interrupt forwarding to the CPU. The -+ * RAW_STATUS_EN bit causes the level or edge sensed on the line to be -+ * latched into the interrupt status register when the hardware detects -+ * an irq that it's configured for (either edge for edge type or level -+ * for level type irq). The 'non-raw' status enable bit causes the -+ * hardware to assert the summary interrupt to the CPU if the latched -+ * status bit is set. There's a bug though, the edge detection logic -+ * seems to have a problem where toggling the RAW_STATUS_EN bit may -+ * cause the status bit to latch spuriously when there isn't any edge -+ * so we can't touch that bit for edge type irqs and we have to keep -+ * the bit set anyway so that edges are latched while the line is masked. -+ * -+ * To make matters more complicated, leaving the RAW_STATUS_EN bit -+ * enabled all the time causes level interrupts to re-latch into the -+ * status register because the level is still present on the line after -+ * we ack it. We clear the raw status enable bit during mask here and -+ * set the bit on unmask so the interrupt can't latch into the hardware -+ * while it's masked. -+ */ -+ if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK) -+ val &= ~BIT(g->intr_raw_status_bit); -+ - val &= ~BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - -@@ -631,6 +654,7 @@ static void msm_gpio_irq_unmask(struct i - raw_spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ val |= BIT(g->intr_raw_status_bit); - val |= BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - diff --git a/queue-4.14/series b/queue-4.14/series index 8045a57eb34..3a8bd4dfa3a 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -42,7 +42,6 @@ bpf-32-bit-rsh-verification-must-truncate-input-before-the-alu-op.patch netfilter-xt_cluster-add-dependency-on-conntrack-module.patch hid-add-support-for-apple-magic-keyboards.patch usb-gadget-fotg210-udc-fix-memory-leak-of-fotg210-ep.patch -pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch hid-hid-saitek-add-device-id-for-rat-7-contagion.patch scsi-iscsi-target-set-conn-sess-to-null-when-iscsi_login_set_conn_values-fails.patch scsi-qedi-add-the-crc-size-within-iscsi-nvm-image.patch diff --git a/queue-4.18/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch b/queue-4.18/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch deleted file mode 100644 index c756a75e1b9..00000000000 --- a/queue-4.18/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch +++ /dev/null @@ -1,93 +0,0 @@ -From foo@baz Mon Oct 8 17:39:53 CEST 2018 -From: Stephen Boyd -Date: Thu, 16 Aug 2018 13:06:46 -0700 -Subject: pinctrl: msm: Really mask level interrupts to prevent latching - -From: Stephen Boyd - -[ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ] - -The interrupt controller hardware in this pin controller has two status -enable bits. The first "normal" status enable bit enables or disables -the summary interrupt line being raised when a gpio interrupt triggers -and the "raw" status enable bit allows or prevents the hardware from -latching an interrupt into the status register for a gpio interrupt. -Currently we just toggle the "normal" status enable bit in the mask and -unmask ops so that the summary irq interrupt going to the CPU's -interrupt controller doesn't trigger for the masked gpio interrupt. - -For a level triggered interrupt, the flow would be as follows: the pin -controller sees the interrupt, latches the status into the status -register, raises the summary irq to the CPU, summary irq handler runs -and calls handle_level_irq(), handle_level_irq() masks and acks the gpio -interrupt, the interrupt handler runs, and finally unmask the interrupt. -When the interrupt handler completes, we expect that the interrupt line -level will go back to the deasserted state so the genirq code can unmask -the interrupt without it triggering again. - -If we only mask the interrupt by clearing the "normal" status enable bit -then we'll ack the interrupt but it will continue to show up as pending -in the status register because the raw status bit is enabled, the -hardware hasn't deasserted the line, and thus the asserted state latches -into the status register again. When the hardware deasserts the -interrupt the pin controller still thinks there is a pending unserviced -level interrupt because it latched it earlier. This behavior causes -software to see an extra interrupt for level type interrupts each time -the interrupt is handled. - -Let's fix this by clearing the raw status enable bit for level type -interrupts so that the hardware stops latching the status of the -interrupt after we ack it. We don't do this for edge type interrupts -because it seems that toggling the raw status enable bit for edge type -interrupts causes spurious edge interrupts. - -Signed-off-by: Stephen Boyd -Reviewed-by: Douglas Anderson -Reviewed-by: Bjorn Andersson -Signed-off-by: Linus Walleij -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - ---- a/drivers/pinctrl/qcom/pinctrl-msm.c -+++ b/drivers/pinctrl/qcom/pinctrl-msm.c -@@ -634,6 +634,29 @@ static void msm_gpio_irq_mask(struct irq - raw_spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ /* -+ * There are two bits that control interrupt forwarding to the CPU. The -+ * RAW_STATUS_EN bit causes the level or edge sensed on the line to be -+ * latched into the interrupt status register when the hardware detects -+ * an irq that it's configured for (either edge for edge type or level -+ * for level type irq). The 'non-raw' status enable bit causes the -+ * hardware to assert the summary interrupt to the CPU if the latched -+ * status bit is set. There's a bug though, the edge detection logic -+ * seems to have a problem where toggling the RAW_STATUS_EN bit may -+ * cause the status bit to latch spuriously when there isn't any edge -+ * so we can't touch that bit for edge type irqs and we have to keep -+ * the bit set anyway so that edges are latched while the line is masked. -+ * -+ * To make matters more complicated, leaving the RAW_STATUS_EN bit -+ * enabled all the time causes level interrupts to re-latch into the -+ * status register because the level is still present on the line after -+ * we ack it. We clear the raw status enable bit during mask here and -+ * set the bit on unmask so the interrupt can't latch into the hardware -+ * while it's masked. -+ */ -+ if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK) -+ val &= ~BIT(g->intr_raw_status_bit); -+ - val &= ~BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - -@@ -655,6 +678,7 @@ static void msm_gpio_irq_unmask(struct i - raw_spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ val |= BIT(g->intr_raw_status_bit); - val |= BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - diff --git a/queue-4.18/series b/queue-4.18/series index a3e8c2b5166..54161696ae9 100644 --- a/queue-4.18/series +++ b/queue-4.18/series @@ -81,7 +81,6 @@ netfilter-xt_checksum-ignore-gso-skbs.patch hid-intel-ish-hid-enable-sunrise-point-h-ish-driver.patch hid-add-support-for-apple-magic-keyboards.patch usb-gadget-fotg210-udc-fix-memory-leak-of-fotg210-ep.patch -pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch hid-hid-saitek-add-device-id-for-rat-7-contagion.patch scsi-iscsi-target-set-conn-sess-to-null-when-iscsi_login_set_conn_values-fails.patch scsi-iscsi-target-fix-conn_ops-double-free.patch diff --git a/queue-4.4/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch b/queue-4.4/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch deleted file mode 100644 index f05a2130f2a..00000000000 --- a/queue-4.4/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch +++ /dev/null @@ -1,93 +0,0 @@ -From foo@baz Mon Oct 8 18:07:05 CEST 2018 -From: Stephen Boyd -Date: Thu, 16 Aug 2018 13:06:46 -0700 -Subject: pinctrl: msm: Really mask level interrupts to prevent latching - -From: Stephen Boyd - -[ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ] - -The interrupt controller hardware in this pin controller has two status -enable bits. The first "normal" status enable bit enables or disables -the summary interrupt line being raised when a gpio interrupt triggers -and the "raw" status enable bit allows or prevents the hardware from -latching an interrupt into the status register for a gpio interrupt. -Currently we just toggle the "normal" status enable bit in the mask and -unmask ops so that the summary irq interrupt going to the CPU's -interrupt controller doesn't trigger for the masked gpio interrupt. - -For a level triggered interrupt, the flow would be as follows: the pin -controller sees the interrupt, latches the status into the status -register, raises the summary irq to the CPU, summary irq handler runs -and calls handle_level_irq(), handle_level_irq() masks and acks the gpio -interrupt, the interrupt handler runs, and finally unmask the interrupt. -When the interrupt handler completes, we expect that the interrupt line -level will go back to the deasserted state so the genirq code can unmask -the interrupt without it triggering again. - -If we only mask the interrupt by clearing the "normal" status enable bit -then we'll ack the interrupt but it will continue to show up as pending -in the status register because the raw status bit is enabled, the -hardware hasn't deasserted the line, and thus the asserted state latches -into the status register again. When the hardware deasserts the -interrupt the pin controller still thinks there is a pending unserviced -level interrupt because it latched it earlier. This behavior causes -software to see an extra interrupt for level type interrupts each time -the interrupt is handled. - -Let's fix this by clearing the raw status enable bit for level type -interrupts so that the hardware stops latching the status of the -interrupt after we ack it. We don't do this for edge type interrupts -because it seems that toggling the raw status enable bit for edge type -interrupts causes spurious edge interrupts. - -Signed-off-by: Stephen Boyd -Reviewed-by: Douglas Anderson -Reviewed-by: Bjorn Andersson -Signed-off-by: Linus Walleij -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - ---- a/drivers/pinctrl/qcom/pinctrl-msm.c -+++ b/drivers/pinctrl/qcom/pinctrl-msm.c -@@ -577,6 +577,29 @@ static void msm_gpio_irq_mask(struct irq - spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ /* -+ * There are two bits that control interrupt forwarding to the CPU. The -+ * RAW_STATUS_EN bit causes the level or edge sensed on the line to be -+ * latched into the interrupt status register when the hardware detects -+ * an irq that it's configured for (either edge for edge type or level -+ * for level type irq). The 'non-raw' status enable bit causes the -+ * hardware to assert the summary interrupt to the CPU if the latched -+ * status bit is set. There's a bug though, the edge detection logic -+ * seems to have a problem where toggling the RAW_STATUS_EN bit may -+ * cause the status bit to latch spuriously when there isn't any edge -+ * so we can't touch that bit for edge type irqs and we have to keep -+ * the bit set anyway so that edges are latched while the line is masked. -+ * -+ * To make matters more complicated, leaving the RAW_STATUS_EN bit -+ * enabled all the time causes level interrupts to re-latch into the -+ * status register because the level is still present on the line after -+ * we ack it. We clear the raw status enable bit during mask here and -+ * set the bit on unmask so the interrupt can't latch into the hardware -+ * while it's masked. -+ */ -+ if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK) -+ val &= ~BIT(g->intr_raw_status_bit); -+ - val &= ~BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - -@@ -598,6 +621,7 @@ static void msm_gpio_irq_unmask(struct i - spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ val |= BIT(g->intr_raw_status_bit); - val |= BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - diff --git a/queue-4.4/series b/queue-4.4/series index d03b27e921a..b597e35e5b9 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -90,7 +90,6 @@ tools-vm-slabinfo.c-fix-sign-compare-warning.patch tools-vm-page-types.c-fix-defined-but-not-used-warning.patch mm-madvise-madv_dodump-allow-hugetlbfs-pages.patch usb-gadget-fotg210-udc-fix-memory-leak-of-fotg210-ep.patch -pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch perf-probe-powerpc-ignore-sys-symbols-irrespective-of-endianness.patch rdma-ucma-check-fd-type-in-ucma_migrate_id.patch usb-yurex-check-for-truncation-in-yurex_read.patch diff --git a/queue-4.9/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch b/queue-4.9/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch deleted file mode 100644 index 060e01fe052..00000000000 --- a/queue-4.9/pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch +++ /dev/null @@ -1,93 +0,0 @@ -From foo@baz Mon Oct 8 18:01:43 CEST 2018 -From: Stephen Boyd -Date: Thu, 16 Aug 2018 13:06:46 -0700 -Subject: pinctrl: msm: Really mask level interrupts to prevent latching - -From: Stephen Boyd - -[ Upstream commit b55326dc969ea2d704a008d9a97583b128f54f4f ] - -The interrupt controller hardware in this pin controller has two status -enable bits. The first "normal" status enable bit enables or disables -the summary interrupt line being raised when a gpio interrupt triggers -and the "raw" status enable bit allows or prevents the hardware from -latching an interrupt into the status register for a gpio interrupt. -Currently we just toggle the "normal" status enable bit in the mask and -unmask ops so that the summary irq interrupt going to the CPU's -interrupt controller doesn't trigger for the masked gpio interrupt. - -For a level triggered interrupt, the flow would be as follows: the pin -controller sees the interrupt, latches the status into the status -register, raises the summary irq to the CPU, summary irq handler runs -and calls handle_level_irq(), handle_level_irq() masks and acks the gpio -interrupt, the interrupt handler runs, and finally unmask the interrupt. -When the interrupt handler completes, we expect that the interrupt line -level will go back to the deasserted state so the genirq code can unmask -the interrupt without it triggering again. - -If we only mask the interrupt by clearing the "normal" status enable bit -then we'll ack the interrupt but it will continue to show up as pending -in the status register because the raw status bit is enabled, the -hardware hasn't deasserted the line, and thus the asserted state latches -into the status register again. When the hardware deasserts the -interrupt the pin controller still thinks there is a pending unserviced -level interrupt because it latched it earlier. This behavior causes -software to see an extra interrupt for level type interrupts each time -the interrupt is handled. - -Let's fix this by clearing the raw status enable bit for level type -interrupts so that the hardware stops latching the status of the -interrupt after we ack it. We don't do this for edge type interrupts -because it seems that toggling the raw status enable bit for edge type -interrupts causes spurious edge interrupts. - -Signed-off-by: Stephen Boyd -Reviewed-by: Douglas Anderson -Reviewed-by: Bjorn Andersson -Signed-off-by: Linus Walleij -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - ---- a/drivers/pinctrl/qcom/pinctrl-msm.c -+++ b/drivers/pinctrl/qcom/pinctrl-msm.c -@@ -574,6 +574,29 @@ static void msm_gpio_irq_mask(struct irq - spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ /* -+ * There are two bits that control interrupt forwarding to the CPU. The -+ * RAW_STATUS_EN bit causes the level or edge sensed on the line to be -+ * latched into the interrupt status register when the hardware detects -+ * an irq that it's configured for (either edge for edge type or level -+ * for level type irq). The 'non-raw' status enable bit causes the -+ * hardware to assert the summary interrupt to the CPU if the latched -+ * status bit is set. There's a bug though, the edge detection logic -+ * seems to have a problem where toggling the RAW_STATUS_EN bit may -+ * cause the status bit to latch spuriously when there isn't any edge -+ * so we can't touch that bit for edge type irqs and we have to keep -+ * the bit set anyway so that edges are latched while the line is masked. -+ * -+ * To make matters more complicated, leaving the RAW_STATUS_EN bit -+ * enabled all the time causes level interrupts to re-latch into the -+ * status register because the level is still present on the line after -+ * we ack it. We clear the raw status enable bit during mask here and -+ * set the bit on unmask so the interrupt can't latch into the hardware -+ * while it's masked. -+ */ -+ if (irqd_get_trigger_type(d) & IRQ_TYPE_LEVEL_MASK) -+ val &= ~BIT(g->intr_raw_status_bit); -+ - val &= ~BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - -@@ -595,6 +618,7 @@ static void msm_gpio_irq_unmask(struct i - spin_lock_irqsave(&pctrl->lock, flags); - - val = readl(pctrl->regs + g->intr_cfg_reg); -+ val |= BIT(g->intr_raw_status_bit); - val |= BIT(g->intr_enable_bit); - writel(val, pctrl->regs + g->intr_cfg_reg); - diff --git a/queue-4.9/series b/queue-4.9/series index 3e8f93d0b3b..1a9565a7c75 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -25,7 +25,6 @@ tools-vm-page-types.c-fix-defined-but-not-used-warning.patch mm-madvise-madv_dodump-allow-hugetlbfs-pages.patch hid-add-support-for-apple-magic-keyboards.patch usb-gadget-fotg210-udc-fix-memory-leak-of-fotg210-ep.patch -pinctrl-msm-really-mask-level-interrupts-to-prevent-latching.patch hid-hid-saitek-add-device-id-for-rat-7-contagion.patch perf-evsel-fix-potential-null-pointer-dereference-in-perf_evsel__new_idx.patch perf-probe-powerpc-ignore-sys-symbols-irrespective-of-endianness.patch