From 86f5e73304651c3eeec0a1fce90bb3e1d610e3b9 Mon Sep 17 00:00:00 2001 From: Russell King Date: Tue, 16 Jun 2015 23:06:30 +0100 Subject: [PATCH] GPU: ipu: Fix race in installing IPU chained IRQ handler The IPU code was installing its chained interrupt handler (which enables the interrupt) before it was setting its data, which provokes an oops on kexec. Fix this by converting to irq_set_chained_handler_and_data(). [drm] Initialized drm 1.1.0 20060810 imx-drm display-subsystem: parent device of /soc/aips-bus@02000000/ldb@020e0008/lvds-channel@1 is not available imx-drm display-subsystem: parent device of /soc/aips-bus@02000000/ldb@020e0008/lvds-channel@1 is not available Unable to handle kernel NULL pointer dereference at virtual address 00000070 pgd = c0004000 [00000070] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.1.0-rc6+ #1693 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) task: d74c0000 ti: d74aa000 task.ti: d74aa000 PC is at ipu_irq_handle+0x28/0xd8 LR is at ipu_irq_handler+0x6c/0xc0 pc : [] lr : [] psr: 200001d3 sp : d74abbd0 ip : d74abc00 fp : d74abbfc r10: 000001e0 r9 : c0085154 r8 : 00000009 r7 : 00000000 r6 : 00000000 r5 : d74abc04 r4 : c0a6b6a8 r3 : 00000000 r2 : 00000009 r1 : d74abc04 r0 : 00000000 Flags: nzCv IRQs off FIQs off Mode SVC_32 ISA ARM Segment kernel Control: 10c5387d Table: 10004059 DAC: 00000015 Process swapper/0 (pid: 1, stack limit = 0xd74aa210) Stack: (0xd74abbd0 to 0xd74ac000) Backtrace: [] (ipu_irq_handle) from [] (ipu_irq_handler+0x6c/0xc0) [] (ipu_irq_handler) from [] (generic_handle_irq+0x28/0x38) [] (generic_handle_irq) from [] (__handle_domain_irq+0x5c/0xb8) [] (__handle_domain_irq) from [] (gic_handle_irq+0x28/0x68) [] (gic_handle_irq) from [] (__irq_svc+0x44/0x5c) [] (_raw_spin_unlock_irqrestore) from [] (__irq_put_desc_unlock+0x1c/0x40) [] (__irq_put_desc_unlock) from [] (__irq_set_handler+0x54/0x5c) [] (__irq_set_handler) from [] (ipu_probe+0x29c/0x708) [] (ipu_probe) from [] (platform_drv_probe+0x50/0xac) [] (platform_drv_probe) from [] (driver_probe_device+0x1d4/0x278) Signed-off-by: Russell King Cc: Alexandre Courbot Cc: Hans Ulli Kroll Cc: Jason Cooper Cc: Lee Jones Cc: Linus Walleij Cc: Thierry Reding Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/E1Z4z02-0002SI-Br@rmk-PC.arm.linux.org.uk Signed-off-by: Thomas Gleixner --- drivers/gpu/ipu-v3/ipu-common.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/ipu-v3/ipu-common.c b/drivers/gpu/ipu-v3/ipu-common.c index 67bab5c36056..6d2f39d36e44 100644 --- a/drivers/gpu/ipu-v3/ipu-common.c +++ b/drivers/gpu/ipu-v3/ipu-common.c @@ -1119,10 +1119,9 @@ static int ipu_irq_init(struct ipu_soc *ipu) ct->regs.mask = IPU_INT_CTRL(i / 32); } - irq_set_chained_handler(ipu->irq_sync, ipu_irq_handler); - irq_set_handler_data(ipu->irq_sync, ipu); - irq_set_chained_handler(ipu->irq_err, ipu_err_irq_handler); - irq_set_handler_data(ipu->irq_err, ipu); + irq_set_chained_handler_and_data(ipu->irq_sync, ipu_irq_handler, ipu); + irq_set_chained_handler_and_data(ipu->irq_err, ipu_err_irq_handler, + ipu); return 0; } @@ -1131,10 +1130,8 @@ static void ipu_irq_exit(struct ipu_soc *ipu) { int i, irq; - irq_set_chained_handler(ipu->irq_err, NULL); - irq_set_handler_data(ipu->irq_err, NULL); - irq_set_chained_handler(ipu->irq_sync, NULL); - irq_set_handler_data(ipu->irq_sync, NULL); + irq_set_chained_handler_and_data(ipu->irq_err, NULL, NULL); + irq_set_chained_handler_and_data(ipu->irq_sync, NULL, NULL); /* TODO: remove irq_domain_generic_chips */ -- 2.39.5