[PATCH 0/3] ARM: at91/tclib: fix segmentation fault

Gaël PORTAY gael.portay at gmail.com
Tue Aug 19 15:07:49 PDT 2014

Hi every one,

This set of patches fix a segmentation fault happening when kexec-ing
kernel on an at91 platform (see backtrace below).

While the previous kernel shuts down, the tcb_clksrc driver leaves its
interruptions unmasked. When the new kernel initiliazes any tclib making use of
a TC block, an interruption may happen before the interrupt handler is set,
causing a kernel segmentation fault.

To prevent from such cases from happening, the last patch sets up the shutdown
callback which masks interruptions when the machine is shutdown. Furthermore,
it also masks the interruptions at probe to make sure no interruption happens
before the handler is set. This will prevent freshly kexec-ed kernel from
crashing when launched from a kernel which does not properly mask interruptions
at shutdown.

Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0004000
[00000000] *pgd=00000000
Internal error: Oops: 80000005 [#1] ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 3.16.0+ #144
task: c1828aa0 ti: c182a000 task.ti: c182a000
PC is at 0x0
LR is at ch2_irq+0x28/0x30
pc : [<00000000>]    lr : [<c01db904>]    psr: 000000d3
sp : c182bd38  ip : c182bd48  fp : c182bd44
r10: c0373390  r9 : c1825b00  r8 : 60000053
r7 : 00000000  r6 : 00000000  r5 : 00000013  r4 : c036e800
r3 : 00000000  r2 : 00002004  r1 : c036e760  r0 : c036e760
Flags: nzcv  IRQs off  FIQs off  Mode SVC_32  ISA ARM  Segment kernel
Control: 0005317f  Table: 20004000  DAC: 00000017
Process swapper (pid: 1, stack limit = 0xc182a1c0)
Stack: (0xc182bd38 to 0xc182c000)
bd20:                                                       c182bd7c c182bd48
bd40: c0045430 c01db8ec 00000000 c18c6f40 c182bd74 c1825b00 c035cec4 00000000
bd60: c182be2c 60000053 c1825b34 00000000 c182bd94 c182bd80 c0045570 c0045408
bd80: 00000000 c1825b00 c182bdac c182bd98 c0047f34 c0045550 00000013 c036619c
bda0: c182bdc4 c182bdb0 c0044da4 c0047e98 0000007f 00000013 c182bde4 c182bdc8
bdc0: c0009e34 c0044d8c fefff000 c0046728 60000053 ffffffff c182bdf4 c182bde8
bde0: c00086a8 c0009ddc c182be74 c182bdf8 c000cb80 c0008674 00000000 00000013
be00: 00000000 00014200 c1825b00 c036e800 00000013 c035ed98 60000053 c1825b34
be20: 00000000 c182be74 c182be20 c182be40 c0047994 c0046728 60000053 ffffffff
be40: 00000013 c036e800 c182be64 c1825b00 00000013 c036e800 c035ed98 c03874bc
be60: 00000004 c036e700 c182be94 c182be78 c004689c c0046398 c036e760 c18c6080
be80: 00000000 c035ed10 c182bedc c182be98 c0348b08 c004684c 0000000c c034dac8
bea0: 004c4b3f c028c338 c036e760 00000013 c014ecc8 c18e67e0 c035b9c0 c0348884
bec0: c035b9c0 c182a020 00000000 00000000 c182bf54 c182bee0 c00089fc c0348894
bee0: c00da51c c1ffcc78 c182bf0c c182bef8 c002d100 c002d09c c1ffcc78 00000000
bf00: c182bf54 c182bf10 c002d308 c0336570 c182bf3c c0334e44 00000003 00000003
bf20: 00000030 c0334b44 c0044d74 00000003 00000003 c034dac8 c0350a94 c0373440
bf40: c0373440 00000030 c182bf94 c182bf58 c0336d24 c000890c 00000003 00000003
bf60: c0336560 c182bf64 c182bf64 6e616e0d 00000000 c0272fc8 00000000 00000000
bf80: 00000000 00000000 c182bfac c182bf98 c0272fd8 c0336bd8 c182a000 00000000
bfa0: 00000000 c182bfb0 c00095d0 c0272fd8 00000000 00000000 00000000 00000000
bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 374d27cd 33cc33e4
[<c01db8dc>] (ch2_irq) from [<c0045430>] (handle_irq_event_percpu+0x38/0x148)
[<c00453f8>] (handle_irq_event_percpu) from [<c0045570>] (handle_irq_event+0x30/0x40)
 r10:00000000 r9:c1825b34 r8:60000053 r7:c182be2c r6:00000000 r5:c035cec4
[<c0045540>] (handle_irq_event) from [<c0047f34>] (handle_fasteoi_irq+0xac/0x11c)
 r4:c1825b00 r3:00000000
[<c0047e88>] (handle_fasteoi_irq) from [<c0044da4>] (generic_handle_irq+0x28/0x38)
 r5:c036619c r4:00000013
[<c0044d7c>] (generic_handle_irq) from [<c0009e34>] (handle_IRQ+0x68/0x88)
 r4:00000013 r3:0000007f
[<c0009dcc>] (handle_IRQ) from [<c00086a8>] (at91_aic_handle_irq+0x44/0x4c)
 r6:ffffffff r5:60000053 r4:c0046728 r3:fefff000
[<c0008664>] (at91_aic_handle_irq) from [<c000cb80>] (__irq_svc+0x40/0x4c)
Exception stack(0xc182bdf8 to 0xc182be40)
bde0:                                                       00000000 00000013
be00: 00000000 00014200 c1825b00 c036e800 00000013 c035ed98 60000053 c1825b34
be20: 00000000 c182be74 c182be20 c182be40 c0047994 c0046728 60000053 ffffffff
[<c0046388>] (__setup_irq) from [<c004689c>] (setup_irq+0x60/0x8c)
 r10:c036e700 r9:00000004 r8:c03874bc r7:c035ed98 r6:c036e800 r5:00000013
[<c004683c>] (setup_irq) from [<c0348b08>] (tcb_clksrc_init+0x284/0x31c)
 r6:c035ed10 r5:00000000 r4:c18c6080 r3:c036e760
[<c0348884>] (tcb_clksrc_init) from [<c00089fc>] (do_one_initcall+0x100/0x1b4)
 r10:00000000 r9:00000000 r8:c182a020 r7:c035b9c0 r6:c0348884 r5:c035b9c0
[<c00088fc>] (do_one_initcall) from [<c0336d24>] (kernel_init_freeable+0x15c/0x224)
 r9:00000030 r8:c0373440 r7:c0373440 r6:c0350a94 r5:c034dac8 r4:00000003
[<c0336bc8>] (kernel_init_freeable) from [<c0272fd8>] (kernel_init+0x10/0xec)
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c0272fc8 r4:00000000
[<c0272fc8>] (kernel_init) from [<c00095d0>] (ret_from_fork+0x14/0x24)
 r4:00000000 r3:c182a000
Code: bad PC value
---[ end trace 5b30f0017e282e47 ]---
Kernel panic - not syncing: Fatal exception in interrupt

Your sincerly,

Gaël PORTAY (3):
  ARM: at91/tclib: prefer using of devm_* functions
  ARM: at91/tclib: move initialization from alloc to probe
  ARM: at91/tclib: mask interruptions at shutdown and probe

 drivers/clocksource/tcb_clksrc.c |   2 +-
 drivers/misc/atmel_tclib.c       | 101 +++++++++++++++++----------------------
 drivers/pwm/pwm-atmel-tcb.c      |   2 +-
 include/linux/atmel_tc.h         |   8 ++--
 4 files changed, 51 insertions(+), 62 deletions(-)


