Message ID | 7060610.CC2Q1RMG2L@phil (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Heiko On Wed, Aug 19, 2015 at 6:06 AM, Heiko Stuebner <heiko@sntech.de> wrote: > The structure is xin24m -> pll -> pll-mux (xin24m,pll,xin32k). The pll > does have an init callback to make sure the boot-selected frequency is > using the expected pll settings and resets the same frequency using > the values provided in the driver if necessary. > > The setting itself also involves remuxing the pll-mux temporarily to > the xin24m source to let the new pll rate settle. Until now this worked > flawlessly, even when it had the flaw of accessing the mux settings > before the mux actually got registered. > > With the recent clock-core conversions this flaw became apparent in > null pointer dereference in > [<c03fc400>] (clk_hw_get_num_parents) from [<c0400df0>] (clk_mux_get_parent+0x14/0xc8) > [<c0400ddc>] (clk_mux_get_parent) from [<c040246c>] (rockchip_rk3066_pll_set_rate+0xd8/0x320) > > So to fix that, simply register the pll-mux before the pll, so that > it will be fully initialized when the pll clock executes its init- > callback and possibly touches the pll-mux clock. > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > --- > This only surfaced with the clk_core changes for 4.3, so should > probably just go on top. > > drivers/clk/rockchip/clk-pll.c | 63 +++++++++++++++++++++--------------------- > 1 file changed, 32 insertions(+), 31 deletions(-) Fixes boot crash on rk3288-veyron-jerry on next-20150824. It'd be super great to get this landed somewhere so that we can boot linuxnext again. :) Tested-by: Douglas Anderson <dianders@chromium.org>
On 08/24, Doug Anderson wrote: > Heiko > > On Wed, Aug 19, 2015 at 6:06 AM, Heiko Stuebner <heiko@sntech.de> wrote: > > The structure is xin24m -> pll -> pll-mux (xin24m,pll,xin32k). The pll > > does have an init callback to make sure the boot-selected frequency is > > using the expected pll settings and resets the same frequency using > > the values provided in the driver if necessary. > > > > The setting itself also involves remuxing the pll-mux temporarily to > > the xin24m source to let the new pll rate settle. Until now this worked > > flawlessly, even when it had the flaw of accessing the mux settings > > before the mux actually got registered. > > > > With the recent clock-core conversions this flaw became apparent in > > null pointer dereference in > > [<c03fc400>] (clk_hw_get_num_parents) from [<c0400df0>] (clk_mux_get_parent+0x14/0xc8) > > [<c0400ddc>] (clk_mux_get_parent) from [<c040246c>] (rockchip_rk3066_pll_set_rate+0xd8/0x320) > > > > So to fix that, simply register the pll-mux before the pll, so that > > it will be fully initialized when the pll clock executes its init- > > callback and possibly touches the pll-mux clock. > > > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > --- > > This only surfaced with the clk_core changes for 4.3, so should > > probably just go on top. > > > > drivers/clk/rockchip/clk-pll.c | 63 +++++++++++++++++++++--------------------- > > 1 file changed, 32 insertions(+), 31 deletions(-) > > Fixes boot crash on rk3288-veyron-jerry on next-20150824. It'd be > super great to get this landed somewhere so that we can boot linuxnext > again. :) > > Tested-by: Douglas Anderson <dianders@chromium.org> So I understand the fix, but how could it have ever possibly worked flawlessly? clk_mux_get_parent() should have returned -EINVAL through that u8 which would have meant that the check in rockchip_rk3066_pll_set_rate() for cur_parent == PLL_MODE_NORM would never have been true, and we would never have switched the PLL mux over. I guess we've been getting away with this because we don't need to actually switch the mux at this time?
Am Montag, 24. August 2015, 16:43:19 schrieb Stephen Boyd: > On 08/24, Doug Anderson wrote: > > Heiko > > > > On Wed, Aug 19, 2015 at 6:06 AM, Heiko Stuebner <heiko@sntech.de> wrote: > > > The structure is xin24m -> pll -> pll-mux (xin24m,pll,xin32k). The pll > > > does have an init callback to make sure the boot-selected frequency is > > > using the expected pll settings and resets the same frequency using > > > the values provided in the driver if necessary. > > > > > > The setting itself also involves remuxing the pll-mux temporarily to > > > the xin24m source to let the new pll rate settle. Until now this worked > > > flawlessly, even when it had the flaw of accessing the mux settings > > > before the mux actually got registered. > > > > > > With the recent clock-core conversions this flaw became apparent in > > > null pointer dereference in > > > [<c03fc400>] (clk_hw_get_num_parents) from [<c0400df0>] > > > (clk_mux_get_parent+0x14/0xc8) [<c0400ddc>] (clk_mux_get_parent) from > > > [<c040246c>] (rockchip_rk3066_pll_set_rate+0xd8/0x320) > > > > > > So to fix that, simply register the pll-mux before the pll, so that > > > it will be fully initialized when the pll clock executes its init- > > > callback and possibly touches the pll-mux clock. > > > > > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > > --- > > > This only surfaced with the clk_core changes for 4.3, so should > > > probably just go on top. > > > > > > drivers/clk/rockchip/clk-pll.c | 63 > > > +++++++++++++++++++++--------------------- 1 file changed, 32 > > > insertions(+), 31 deletions(-) > > > > Fixes boot crash on rk3288-veyron-jerry on next-20150824. It'd be > > super great to get this landed somewhere so that we can boot linuxnext > > again. :) > > > > Tested-by: Douglas Anderson <dianders@chromium.org> > > So I understand the fix, but how could it have ever possibly > worked flawlessly? clk_mux_get_parent() should have returned > -EINVAL through that u8 which would have meant that the check in > rockchip_rk3066_pll_set_rate() for cur_parent == PLL_MODE_NORM > would never have been true, and we would never have switched the > PLL mux over. I guess we've been getting away with this because > we don't need to actually switch the mux at this time? The manual mandates the switch away from the pll source before touching the pll settings, aka to the slow mode from the 24MHz source. I guess we were lucky it simply still worked nevertheless. In normal rate changes both clocks will have been registered already, so only the init callback is affected and also only runs on plls that generate the rate from a different settings-touple that what we have in the rate-table, so not even all plls normally.
On Mon, Aug 24, 2015 at 11:53 PM, Heiko Stuebner <heiko@sntech.de> wrote: > Am Montag, 24. August 2015, 16:43:19 schrieb Stephen Boyd: >> On 08/24, Doug Anderson wrote: >> > Heiko >> > >> > On Wed, Aug 19, 2015 at 6:06 AM, Heiko Stuebner <heiko@sntech.de> wrote: >> > > The structure is xin24m -> pll -> pll-mux (xin24m,pll,xin32k). The pll >> > > does have an init callback to make sure the boot-selected frequency is >> > > using the expected pll settings and resets the same frequency using >> > > the values provided in the driver if necessary. >> > > >> > > The setting itself also involves remuxing the pll-mux temporarily to >> > > the xin24m source to let the new pll rate settle. Until now this worked >> > > flawlessly, even when it had the flaw of accessing the mux settings >> > > before the mux actually got registered. >> > > >> > > With the recent clock-core conversions this flaw became apparent in >> > > null pointer dereference in >> > > [<c03fc400>] (clk_hw_get_num_parents) from [<c0400df0>] >> > > (clk_mux_get_parent+0x14/0xc8) [<c0400ddc>] (clk_mux_get_parent) from >> > > [<c040246c>] (rockchip_rk3066_pll_set_rate+0xd8/0x320) >> > > >> > > So to fix that, simply register the pll-mux before the pll, so that >> > > it will be fully initialized when the pll clock executes its init- >> > > callback and possibly touches the pll-mux clock. >> > > >> > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> >> > > --- >> > > This only surfaced with the clk_core changes for 4.3, so should >> > > probably just go on top. >> > > >> > > drivers/clk/rockchip/clk-pll.c | 63 >> > > +++++++++++++++++++++--------------------- 1 file changed, 32 >> > > insertions(+), 31 deletions(-) >> > >> > Fixes boot crash on rk3288-veyron-jerry on next-20150824. It'd be >> > super great to get this landed somewhere so that we can boot linuxnext >> > again. :) >> > >> > Tested-by: Douglas Anderson <dianders@chromium.org> >> >> So I understand the fix, but how could it have ever possibly >> worked flawlessly? clk_mux_get_parent() should have returned >> -EINVAL through that u8 which would have meant that the check in >> rockchip_rk3066_pll_set_rate() for cur_parent == PLL_MODE_NORM >> would never have been true, and we would never have switched the >> PLL mux over. I guess we've been getting away with this because >> we don't need to actually switch the mux at this time? > > The manual mandates the switch away from the pll source before touching the > pll settings, aka to the slow mode from the 24MHz source. I guess we were > lucky it simply still worked nevertheless. > > In normal rate changes both clocks will have been registered already, so only > the init callback is affected and also only runs on plls that generate the rate > from a different settings-touple that what we have in the rate-table, so not > even all plls normally. FYI... I also confirm this patch is needed to boot linux-next on the rk3288-veyron-jerry. Tested-by: Kevin Hilman <khilman@linaro.org> Kevin
diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c index eab4304..7737a1d 100644 --- a/drivers/clk/rockchip/clk-pll.c +++ b/drivers/clk/rockchip/clk-pll.c @@ -353,6 +353,35 @@ struct clk *rockchip_clk_register_pll(enum rockchip_pll_type pll_type, if (!pll) return ERR_PTR(-ENOMEM); + /* create the mux on top of the real pll */ + pll->pll_mux_ops = &clk_mux_ops; + pll_mux = &pll->pll_mux; + pll_mux->reg = base + mode_offset; + pll_mux->shift = mode_shift; + pll_mux->mask = PLL_MODE_MASK; + pll_mux->flags = 0; + pll_mux->lock = lock; + pll_mux->hw.init = &init; + + if (pll_type == pll_rk3066) + pll_mux->flags |= CLK_MUX_HIWORD_MASK; + + /* the actual muxing is xin24m, pll-output, xin32k */ + pll_parents[0] = parent_names[0]; + pll_parents[1] = pll_name; + pll_parents[2] = parent_names[1]; + + init.name = name; + init.flags = CLK_SET_RATE_PARENT; + init.ops = pll->pll_mux_ops; + init.parent_names = pll_parents; + init.num_parents = ARRAY_SIZE(pll_parents); + + mux_clk = clk_register(NULL, &pll_mux->hw); + if (IS_ERR(mux_clk)) + goto err_mux; + + /* now create the actual pll */ init.name = pll_name; /* keep all plls untouched for now */ @@ -398,47 +427,19 @@ struct clk *rockchip_clk_register_pll(enum rockchip_pll_type pll_type, pll->flags = clk_pll_flags; pll->lock = lock; - /* create the mux on top of the real pll */ - pll->pll_mux_ops = &clk_mux_ops; - pll_mux = &pll->pll_mux; - pll_mux->reg = base + mode_offset; - pll_mux->shift = mode_shift; - pll_mux->mask = PLL_MODE_MASK; - pll_mux->flags = 0; - pll_mux->lock = lock; - pll_mux->hw.init = &init; - - if (pll_type == pll_rk3066) - pll_mux->flags |= CLK_MUX_HIWORD_MASK; - pll_clk = clk_register(NULL, &pll->hw); if (IS_ERR(pll_clk)) { pr_err("%s: failed to register pll clock %s : %ld\n", __func__, name, PTR_ERR(pll_clk)); - mux_clk = pll_clk; goto err_pll; } - /* the actual muxing is xin24m, pll-output, xin32k */ - pll_parents[0] = parent_names[0]; - pll_parents[1] = pll_name; - pll_parents[2] = parent_names[1]; - - init.name = name; - init.flags = CLK_SET_RATE_PARENT; - init.ops = pll->pll_mux_ops; - init.parent_names = pll_parents; - init.num_parents = ARRAY_SIZE(pll_parents); - - mux_clk = clk_register(NULL, &pll_mux->hw); - if (IS_ERR(mux_clk)) - goto err_mux; - return mux_clk; -err_mux: - clk_unregister(pll_clk); err_pll: + clk_unregister(mux_clk); + mux_clk = pll_clk; +err_mux: kfree(pll); return mux_clk; }
The structure is xin24m -> pll -> pll-mux (xin24m,pll,xin32k). The pll does have an init callback to make sure the boot-selected frequency is using the expected pll settings and resets the same frequency using the values provided in the driver if necessary. The setting itself also involves remuxing the pll-mux temporarily to the xin24m source to let the new pll rate settle. Until now this worked flawlessly, even when it had the flaw of accessing the mux settings before the mux actually got registered. With the recent clock-core conversions this flaw became apparent in null pointer dereference in [<c03fc400>] (clk_hw_get_num_parents) from [<c0400df0>] (clk_mux_get_parent+0x14/0xc8) [<c0400ddc>] (clk_mux_get_parent) from [<c040246c>] (rockchip_rk3066_pll_set_rate+0xd8/0x320) So to fix that, simply register the pll-mux before the pll, so that it will be fully initialized when the pll clock executes its init- callback and possibly touches the pll-mux clock. Signed-off-by: Heiko Stuebner <heiko@sntech.de> --- This only surfaced with the clk_core changes for 4.3, so should probably just go on top. drivers/clk/rockchip/clk-pll.c | 63 +++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 31 deletions(-)