redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers/clocksource/timer-stm32.c
Daniel Lezcano c87806a8e5 clocksource/drivers/stm32: Fix kernel panic with multiple timers 
commit e0aeca3d8c upstream.

The current code hides a couple of bugs:

 - The global variable 'clock_event_ddata' is overwritten each time the
   init function is invoked.

This is fixed with a kmemdup() instead of assigning the global variable. That
prevents a memory corruption when several timers are defined in the DT.

 - The clockevent's event_handler is NULL if the time framework does
   not select the clockevent when registering it, this is fine but the init
   code generates in any case an interrupt leading to dereference this
   NULL pointer.

The stm32 timer works with shadow registers, a mechanism to cache the
registers. When a change is done in one buffered register, we need to
artificially generate an event to force the timer to copy the content
of the register to the shadowed register.

The auto-reload register (ARR) is one of the shadowed register as well as
the prescaler register (PSC), so in order to force the copy, we issue an
event which in turn leads to an interrupt and the NULL dereference.

This is fixed by inverting two lines where we clear the status register
before enabling the update event interrupt.

As this kernel crash is resulting from the combination of these two bugs,
the fixes are grouped into a single patch.

Tested-by: Benjamin Gaignard <benjamin.gaignard@st.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Acked-by: Benjamin Gaignard <benjamin.gaignard@st.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Maxime Coquelin <mcoquelin.stm32@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1515418139-23276-11-git-send-email-daniel.lezcano@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-16 20:23:09 +01:00

196 lines
4.6 KiB
C
Raw Blame History

/*
* Copyright (C) Maxime Coquelin 2015
* Author: Maxime Coquelin <mcoquelin.stm32@gmail.com>
* License terms: GNU General Public License (GPL), version 2
*
* Inspired by time-efm32.c from Uwe Kleine-Koenig
*/
#include <linux/kernel.h>
#include <linux/clocksource.h>
#include <linux/clockchips.h>
#include <linux/irq.h>
#include <linux/interrupt.h>
#include <linux/of.h>
#include <linux/of_address.h>
#include <linux/of_irq.h>
#include <linux/clk.h>
#include <linux/reset.h>
#define TIM_CR1 0x00
#define TIM_DIER 0x0c
#define TIM_SR 0x10
#define TIM_EGR 0x14
#define TIM_PSC 0x28
#define TIM_ARR 0x2c
#define TIM_CR1_CEN BIT(0)
#define TIM_CR1_OPM BIT(3)
#define TIM_CR1_ARPE BIT(7)
#define TIM_DIER_UIE BIT(0)
#define TIM_SR_UIF BIT(0)
#define TIM_EGR_UG BIT(0)
struct stm32_clock_event_ddata {
struct clock_event_device evtdev;
unsigned periodic_top;
void __iomem *base;
};
static int stm32_clock_event_shutdown(struct clock_event_device *evtdev)
{
struct stm32_clock_event_ddata *data =
container_of(evtdev, struct stm32_clock_event_ddata, evtdev);
void *base = data->base;
writel_relaxed(0, base + TIM_CR1);
return 0;
}
static int stm32_clock_event_set_periodic(struct clock_event_device *evtdev)
{
struct stm32_clock_event_ddata *data =
container_of(evtdev, struct stm32_clock_event_ddata, evtdev);
void *base = data->base;
writel_relaxed(data->periodic_top, base + TIM_ARR);
writel_relaxed(TIM_CR1_ARPE | TIM_CR1_CEN, base + TIM_CR1);
return 0;
}
static int stm32_clock_event_set_next_event(unsigned long evt,
struct clock_event_device *evtdev)
{
struct stm32_clock_event_ddata *data =
container_of(evtdev, struct stm32_clock_event_ddata, evtdev);
writel_relaxed(evt, data->base + TIM_ARR);
writel_relaxed(TIM_CR1_ARPE | TIM_CR1_OPM | TIM_CR1_CEN,
data->base + TIM_CR1);
return 0;
}
static irqreturn_t stm32_clock_event_handler(int irq, void *dev_id)
{
struct stm32_clock_event_ddata *data = dev_id;
writel_relaxed(0, data->base + TIM_SR);
data->evtdev.event_handler(&data->evtdev);
return IRQ_HANDLED;
}
static struct stm32_clock_event_ddata clock_event_ddata = {
.evtdev = {
.name = "stm32 clockevent",
.features = CLOCK_EVT_FEAT_ONESHOT | CLOCK_EVT_FEAT_PERIODIC,
.set_state_shutdown = stm32_clock_event_shutdown,
.set_state_periodic = stm32_clock_event_set_periodic,
.set_state_oneshot = stm32_clock_event_shutdown,
.tick_resume = stm32_clock_event_shutdown,
.set_next_event = stm32_clock_event_set_next_event,
.rating = 200,
},
};
static int __init stm32_clockevent_init(struct device_node *np)
{
struct stm32_clock_event_ddata *data = &clock_event_ddata;
struct clk *clk;
struct reset_control *rstc;
unsigned long rate, max_delta;
int irq, ret, bits, prescaler = 1;
data = kmemdup(&clock_event_ddata, sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
clk = of_clk_get(np, 0);
if (IS_ERR(clk)) {
ret = PTR_ERR(clk);
pr_err("failed to get clock for clockevent (%d)\n", ret);
goto err_clk_get;
}
ret = clk_prepare_enable(clk);
if (ret) {
pr_err("failed to enable timer clock for clockevent (%d)\n",
ret);
goto err_clk_enable;
}
rate = clk_get_rate(clk);
rstc = of_reset_control_get(np, NULL);
if (!IS_ERR(rstc)) {
reset_control_assert(rstc);
reset_control_deassert(rstc);
}
data->base = of_iomap(np, 0);
if (!data->base) {
ret = -ENXIO;
pr_err("failed to map registers for clockevent\n");
goto err_iomap;
}
irq = irq_of_parse_and_map(np, 0);
if (!irq) {
ret = -EINVAL;
pr_err("%pOF: failed to get irq.\n", np);
goto err_get_irq;
}
/* Detect whether the timer is 16 or 32 bits */
writel_relaxed(~0U, data->base + TIM_ARR);
max_delta = readl_relaxed(data->base + TIM_ARR);
if (max_delta == ~0U) {
prescaler = 1;
bits = 32;
} else {
prescaler = 1024;
bits = 16;
}
writel_relaxed(0, data->base + TIM_ARR);
writel_relaxed(prescaler - 1, data->base + TIM_PSC);
writel_relaxed(TIM_EGR_UG, data->base + TIM_EGR);
writel_relaxed(0, data->base + TIM_SR);
writel_relaxed(TIM_DIER_UIE, data->base + TIM_DIER);
data->periodic_top = DIV_ROUND_CLOSEST(rate, prescaler * HZ);
clockevents_config_and_register(&data->evtdev,
DIV_ROUND_CLOSEST(rate, prescaler),
0x1, max_delta);
ret = request_irq(irq, stm32_clock_event_handler, IRQF_TIMER,
"stm32 clockevent", data);
if (ret) {
pr_err("%pOF: failed to request irq.\n", np);
goto err_get_irq;
}
pr_info("%pOF: STM32 clockevent driver initialized (%d bits)\n",
np, bits);
return ret;
err_get_irq:
iounmap(data->base);
err_iomap:
clk_disable_unprepare(clk);
err_clk_enable:
clk_put(clk);
err_clk_get:
kfree(data);
return ret;
}
TIMER_OF_DECLARE(stm32, "st,stm32-timer", stm32_clockevent_init);
View git blame Copy permalink