[v4,01/10] soc: qcom: cpr3: Fix 'acc_desc' usage

Message ID	20240703091651.2820236-2-quic_varada@quicinc.com (mailing list archive)
State	Not Applicable
Headers	show Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B016B13D2B7; Wed, 3 Jul 2024 09:17:47 +0000 (UTC) From: Varadarajan Narayanan <quic_varada@quicinc.com> To: <vireshk@kernel.org>, <nm@ti.com>, <sboyd@kernel.org>, <robh@kernel.org>, <krzk+dt@kernel.org>, <conor+dt@kernel.org>, <angelogioacchino.delregno@collabora.com>, <andersson@kernel.org>, <konrad.dybcio@linaro.org>, <mturquette@baylibre.com>, <ilia.lin@kernel.org>, <rafael@kernel.org>, <ulf.hansson@linaro.org>, <quic_sibis@quicinc.com>, <quic_rjendra@quicinc.com>, <quic_rohiagar@quicinc.com>, <abel.vesa@linaro.org>, <otto.pflueger@abscue.de>, <danila@jiaxyga.com>, <quic_varada@quicinc.com>, <quic_ipkumar@quicinc.com>, <luca@z3ntu.xyz>, <stephan.gerhold@kernkonzept.com>, <nks@flawful.org>, <linux-pm@vger.kernel.org>, <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-msm@vger.kernel.org>, <linux-clk@vger.kernel.org> Subject: [PATCH v4 01/10] soc: qcom: cpr3: Fix 'acc_desc' usage Date: Wed, 3 Jul 2024 14:46:42 +0530 Message-ID: <20240703091651.2820236-2-quic_varada@quicinc.com> In-Reply-To: <20240703091651.2820236-1-quic_varada@quicinc.com> References: <20240703091651.2820236-1-quic_varada@quicinc.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Enable CPR for IPQ9574 \| expand [v4,00/10] Enable CPR for IPQ9574 [v4,01/10] soc: qcom: cpr3: Fix 'acc_desc' usage [v4,02/10] cpufreq: qcom-nvmem: Add support for IPQ9574 [v4,03/10] dt-bindings: power: rpmpd: Add IPQ9574 power domains [v4,04/10] dt-bindings: soc: qcom: cpr3: Add bindings for IPQ9574 [v4,05/10] pmdomain: qcom: rpmpd: Add IPQ9574 power domains [v4,06/10] dt-bindings: clock: Add CPR clock defines for IPQ9574 [v4,07/10] clk: qcom: gcc-ipq9574: Add CPR clock definition [v4,08/10] soc: qcom: cpr3: Add IPQ9574 definitions [v4,09/10] dt-bindings: opp: v2-qcom-level: Update minItems for oloop-vadj & cloop-vadj [v4,10/10] dts: arm64: qcom: ipq9574: Enable CPR

Message ID

20240703091651.2820236-2-quic_varada@quicinc.com (mailing list archive)

State

Not Applicable

Headers

From: Varadarajan Narayanan <quic_varada@quicinc.com>
To: <vireshk@kernel.org>, <nm@ti.com>, <sboyd@kernel.org>, <robh@kernel.org>,
        <krzk+dt@kernel.org>, <conor+dt@kernel.org>,
        <angelogioacchino.delregno@collabora.com>, <andersson@kernel.org>,
        <konrad.dybcio@linaro.org>, <mturquette@baylibre.com>,
        <ilia.lin@kernel.org>, <rafael@kernel.org>, <ulf.hansson@linaro.org>,
        <quic_sibis@quicinc.com>, <quic_rjendra@quicinc.com>,
        <quic_rohiagar@quicinc.com>, <abel.vesa@linaro.org>,
        <otto.pflueger@abscue.de>, <danila@jiaxyga.com>,
        <quic_varada@quicinc.com>, <quic_ipkumar@quicinc.com>,
        <luca@z3ntu.xyz>, <stephan.gerhold@kernkonzept.com>,
 <nks@flawful.org>,
        <linux-pm@vger.kernel.org>, <devicetree@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <linux-arm-msm@vger.kernel.org>,
        <linux-clk@vger.kernel.org>
Subject: [PATCH v4 01/10] soc: qcom: cpr3: Fix 'acc_desc' usage
Date: Wed, 3 Jul 2024 14:46:42 +0530
Message-ID: <20240703091651.2820236-2-quic_varada@quicinc.com>
In-Reply-To: <20240703091651.2820236-1-quic_varada@quicinc.com>
References: <20240703091651.2820236-1-quic_varada@quicinc.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

Enable CPR for IPQ9574 | expand

Commit Message

Varadarajan Narayanan July 3, 2024, 9:16 a.m. UTC

cpr3 code assumes that 'acc_desc' is available for SoCs
implementing CPR version 4 or less. However, IPQ9574 SoC
implements CPRv4 without ACC. This causes NULL pointer accesses
resulting in crashes. Hence, check if 'acc_desc' is populated
before using it.

Signed-off-by: Varadarajan Narayanan <quic_varada@quicinc.com>
---
v4: Undo the acc_desc validation in probe function as that could
    affect other SoC.
---
 drivers/pmdomain/qcom/cpr3.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Dmitry Baryshkov July 3, 2024, 10:46 a.m. UTC | #1

On Wed, Jul 03, 2024 at 02:46:42PM GMT, Varadarajan Narayanan wrote:
> cpr3 code assumes that 'acc_desc' is available for SoCs
> implementing CPR version 4 or less. However, IPQ9574 SoC
> implements CPRv4 without ACC. This causes NULL pointer accesses
> resulting in crashes. Hence, check if 'acc_desc' is populated
> before using it.
> 
> Signed-off-by: Varadarajan Narayanan <quic_varada@quicinc.com>
> ---
> v4: Undo the acc_desc validation in probe function as that could
>     affect other SoC.
> ---
>  drivers/pmdomain/qcom/cpr3.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/pmdomain/qcom/cpr3.c b/drivers/pmdomain/qcom/cpr3.c
> index c7790a71e74f..6ceb7605f84d 100644
> --- a/drivers/pmdomain/qcom/cpr3.c
> +++ b/drivers/pmdomain/qcom/cpr3.c
> @@ -2399,12 +2399,12 @@ static int cpr_pd_attach_dev(struct generic_pm_domain *domain,
>  		if (ret)
>  			goto exit;
>  
> -		if (acc_desc->config)
> +		if (acc_desc && acc_desc->config)
>  			regmap_multi_reg_write(drv->tcsr, acc_desc->config,
>  					       acc_desc->num_regs_per_fuse);
>  
>  		/* Enable ACC if required */
> -		if (acc_desc->enable_mask)
> +		if (acc_desc && acc_desc->enable_mask)
>  			regmap_update_bits(drv->tcsr, acc_desc->enable_reg,
>  					   acc_desc->enable_mask,
>  					   acc_desc->enable_mask);

Should the same fix be applied to other places which access acc_desc?
For example cpr_pre_voltage() and cpr_post_voltage() which call
cpr_set_acc()?

Varadarajan Narayanan July 4, 2024, 5 a.m. UTC | #2

On Wed, Jul 03, 2024 at 01:46:54PM +0300, Dmitry Baryshkov wrote:
> On Wed, Jul 03, 2024 at 02:46:42PM GMT, Varadarajan Narayanan wrote:
> > cpr3 code assumes that 'acc_desc' is available for SoCs
> > implementing CPR version 4 or less. However, IPQ9574 SoC
> > implements CPRv4 without ACC. This causes NULL pointer accesses
> > resulting in crashes. Hence, check if 'acc_desc' is populated
> > before using it.
> >
> > Signed-off-by: Varadarajan Narayanan <quic_varada@quicinc.com>
> > ---
> > v4: Undo the acc_desc validation in probe function as that could
> >     affect other SoC.
> > ---
> >  drivers/pmdomain/qcom/cpr3.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/pmdomain/qcom/cpr3.c b/drivers/pmdomain/qcom/cpr3.c
> > index c7790a71e74f..6ceb7605f84d 100644
> > --- a/drivers/pmdomain/qcom/cpr3.c
> > +++ b/drivers/pmdomain/qcom/cpr3.c
> > @@ -2399,12 +2399,12 @@ static int cpr_pd_attach_dev(struct generic_pm_domain *domain,
> >  		if (ret)
> >  			goto exit;
> >
> > -		if (acc_desc->config)
> > +		if (acc_desc && acc_desc->config)
> >  			regmap_multi_reg_write(drv->tcsr, acc_desc->config,
> >  					       acc_desc->num_regs_per_fuse);
> >
> >  		/* Enable ACC if required */
> > -		if (acc_desc->enable_mask)
> > +		if (acc_desc && acc_desc->enable_mask)
> >  			regmap_update_bits(drv->tcsr, acc_desc->enable_reg,
> >  					   acc_desc->enable_mask,
> >  					   acc_desc->enable_mask);
>
> Should the same fix be applied to other places which access acc_desc?
> For example cpr_pre_voltage() and cpr_post_voltage() which call
> cpr_set_acc()?

With this patch alone, if acc_desc is NULL, cpr_probe() will fail
at the start itself because of this check

	if (!data->acc_desc && desc->cpr_type < CTRL_TYPE_CPRH)
		return -EINVAL;

After applying this patch series, cpr_probe will cross the above
check to accomodate IPQ9574. However, the check below will ensure
drv->tcsr is not initialized.

	if (desc->cpr_type < CTRL_TYPE_CPRH &&
	    !of_device_is_compatible(dev->of_node, "qcom,ipq9574-cpr4"))

cpr_pre_voltage() and cpr_post_voltage() call cpr_set_acc() only
if drv->tcsr is not NULL. Hence acc_desc need not be checked.

Will add the check to cpr_pre_voltage() and cpr_post_voltage() if
you feel it will make it more robust regardless of the changes to
cpr_probe in future. Please let me know.

Thanks
Varada

Dmitry Baryshkov July 5, 2024, 3:16 p.m. UTC | #3

On Thu, Jul 04, 2024 at 10:30:50AM GMT, Varadarajan Narayanan wrote:
> On Wed, Jul 03, 2024 at 01:46:54PM +0300, Dmitry Baryshkov wrote:
> > On Wed, Jul 03, 2024 at 02:46:42PM GMT, Varadarajan Narayanan wrote:
> > > cpr3 code assumes that 'acc_desc' is available for SoCs
> > > implementing CPR version 4 or less. However, IPQ9574 SoC
> > > implements CPRv4 without ACC. This causes NULL pointer accesses
> > > resulting in crashes. Hence, check if 'acc_desc' is populated
> > > before using it.
> > >
> > > Signed-off-by: Varadarajan Narayanan <quic_varada@quicinc.com>
> > > ---
> > > v4: Undo the acc_desc validation in probe function as that could
> > >     affect other SoC.
> > > ---
> > >  drivers/pmdomain/qcom/cpr3.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/pmdomain/qcom/cpr3.c b/drivers/pmdomain/qcom/cpr3.c
> > > index c7790a71e74f..6ceb7605f84d 100644
> > > --- a/drivers/pmdomain/qcom/cpr3.c
> > > +++ b/drivers/pmdomain/qcom/cpr3.c
> > > @@ -2399,12 +2399,12 @@ static int cpr_pd_attach_dev(struct generic_pm_domain *domain,
> > >  		if (ret)
> > >  			goto exit;
> > >
> > > -		if (acc_desc->config)
> > > +		if (acc_desc && acc_desc->config)
> > >  			regmap_multi_reg_write(drv->tcsr, acc_desc->config,
> > >  					       acc_desc->num_regs_per_fuse);
> > >
> > >  		/* Enable ACC if required */
> > > -		if (acc_desc->enable_mask)
> > > +		if (acc_desc && acc_desc->enable_mask)
> > >  			regmap_update_bits(drv->tcsr, acc_desc->enable_reg,
> > >  					   acc_desc->enable_mask,
> > >  					   acc_desc->enable_mask);
> >
> > Should the same fix be applied to other places which access acc_desc?
> > For example cpr_pre_voltage() and cpr_post_voltage() which call
> > cpr_set_acc()?
> 
> With this patch alone, if acc_desc is NULL, cpr_probe() will fail
> at the start itself because of this check
> 
> 	if (!data->acc_desc && desc->cpr_type < CTRL_TYPE_CPRH)
> 		return -EINVAL;
> 
> After applying this patch series, cpr_probe will cross the above
> check to accomodate IPQ9574. However, the check below will ensure
> drv->tcsr is not initialized.
> 
> 	if (desc->cpr_type < CTRL_TYPE_CPRH &&
> 	    !of_device_is_compatible(dev->of_node, "qcom,ipq9574-cpr4"))
> 
> cpr_pre_voltage() and cpr_post_voltage() call cpr_set_acc() only
> if drv->tcsr is not NULL. Hence acc_desc need not be checked.
> 
> Will add the check to cpr_pre_voltage() and cpr_post_voltage() if
> you feel it will make it more robust regardless of the changes to
> cpr_probe in future. Please let me know.

Having !acc_desc check instead of the of_device_is_compatible would
solve the issue.

diff --git a/drivers/pmdomain/qcom/cpr3.c b/drivers/pmdomain/qcom/cpr3.c
index c7790a71e74f..6ceb7605f84d 100644
--- a/drivers/pmdomain/qcom/cpr3.c
+++ b/drivers/pmdomain/qcom/cpr3.c
@@ -2399,12 +2399,12 @@  static int cpr_pd_attach_dev(struct generic_pm_domain *domain,
 		if (ret)
 			goto exit;
 
-		if (acc_desc->config)
+		if (acc_desc && acc_desc->config)
 			regmap_multi_reg_write(drv->tcsr, acc_desc->config,
 					       acc_desc->num_regs_per_fuse);
 
 		/* Enable ACC if required */
-		if (acc_desc->enable_mask)
+		if (acc_desc && acc_desc->enable_mask)
 			regmap_update_bits(drv->tcsr, acc_desc->enable_reg,
 					   acc_desc->enable_mask,
 					   acc_desc->enable_mask);

[v4,01/10] soc: qcom: cpr3: Fix 'acc_desc' usage

Commit Message

Comments

Patch