Hi, On Thu, 2014-11-20 at 10:07 +0000, Marc Zyngier wrote: > On Thu, Nov 20 2014 at 4:26:10 am GMT, Jiang Liu <jiang.liu@xxxxxxxxxxxxxxx> wrote: > > Hi Jiang, > > > On 2014/11/20 1:18, Marc Zyngier wrote: > >> Hi Yingjoe, > >> > >> On Wed, Nov 19 2014 at 2:14:08 pm GMT, Yingjoe Chen > >> <yingjoe.chen@xxxxxxxxxxxx> wrote: > >>> + > >>> +static const struct irq_domain_ops gic_irq_domain_hierarchy_ops = { > >>> + .xlate = gic_irq_domain_xlate, > >>> + .alloc = gic_irq_domain_alloc, > >>> + .free = irq_domain_free_irqs_top, > >> > >> I'm convinced that irq_domain_free_irqs_top is the wrong function to > >> call here, because you're calling it from the bottom, not the top-level > >> (it has no parent). > >> > >> I cannot verify this with your code as I don't a working platform with > >> GICv2m, but if I enable something similar on GICv3, it dies a very > >> painful way: > >> > >> Unable to handle kernel NULL pointer dereference at virtual address 00000018 > >> pgd = ffffffc03d059000 > >> [00000018] *pgd=0000000081356003, *pud=0000000081356003, *pmd=0000000000000000 > >> Internal error: Oops: 96000006 [#1] SMP > >> Modules linked in: > >> CPU: 4 PID: 1052 Comm: sh Not tainted 3.18.0-rc4+ #3311 > >> task: ffffffc03e320000 ti: ffffffc001390000 task.ti: ffffffc001390000 > >> PC is at irq_domain_free_irqs_recursive+0x1c/0x80 > >> LR is at irq_domain_free_irqs_common+0x88/0x9c > >> pc : [<ffffffc0000ed790>] lr : [<ffffffc0000ede20>] pstate: 60000145 > >> [...] > >> [<ffffffc0000ed790>] irq_domain_free_irqs_recursive+0x1c/0x80 > >> [<ffffffc0000ede1c>] irq_domain_free_irqs_common+0x84/0x9c > >> [<ffffffc0000ede98>] irq_domain_free_irqs_top+0x64/0x7c <-- gic_domain.free() > >> [<ffffffc0000ed798>] irq_domain_free_irqs_recursive+0x24/0x80 > >> [<ffffffc0000ee468>] irq_domain_free_irqs_parent+0x14/0x20 > >> [<ffffffc0003500b8>] its_irq_domain_free+0xc8/0x250 > >> [<ffffffc0000ed798>] irq_domain_free_irqs_recursive+0x24/0x80 > >> [<ffffffc0000ede1c>] irq_domain_free_irqs_common+0x84/0x9c > >> [<ffffffc0000ede98>] irq_domain_free_irqs_top+0x64/0x7c > >> [<ffffffc0000ef518>] msi_domain_free+0x70/0x88 > >> [<ffffffc0000ed798>] irq_domain_free_irqs_recursive+0x24/0x80 > >> [<ffffffc0000ee3ac>] irq_domain_free_irqs+0x108/0x17c > >> [<ffffffc0000efb68>] msi_domain_free_irqs+0x28/0x4c > >> [<ffffffc000369cac>] free_msi_irqs+0xb4/0x1c0 > >> [<ffffffc00036adec>] pci_disable_msix+0x3c/0x4c > >> [...] > >> > >> and I cannot see how this could work on the standard GIC either. > >> > >> Thomas, Jiang: could you please confirm or infirm my suspicions? My > >> understanding is that irq_domain_free_irqs_top can only be called from > >> the top-level domain. > > Hi Marc, > > It indicates that irq_domain_free_irqs_top() is not a good name. > > We have: > > 1) irq_domain_set_hwirq_and_chip() to set irq_chip and chip_data > > 2) irq_domain_set_info() to set irq_chip, chip_data, flow_handler and > > handler_data; > > 3) irq_domain_reset_irq_data() resets irq_chip and chip_data. > > 4) irq_domain_free_irqs_common() resets irq_chip, chip_data and calls > > parent domain's domain_ops.free() callback. > > 5) irq_domain_free_irqs_top() resets irq_chip, chip_data, flow handler, > > handler_data and call parent domain's domain_ops.free() callback. > > Yes, and this "call parent domain's free callback" is where the problem > lies. Here, it is called from the innermost domain, with no parent. > > > So there two possible improvements here: > > 1) Rename irq_domain_free_irqs_top() with better name, any suggestions? > > It's named as is because it's always called by the outer-most > > irqdomains on x86. > > 2) Change irq_domain_free_irqs_common() and irq_domain_free_irqs_top() > > to call parent domain's domain_ops.free() callback only if parent > > exists. By this way, they could be used for inner-most irqdomains. > > If OK, I will respin a version 4 patch set based on tip/irq/irqdomain. > > Thoughts? > > Checking the parent is probably a safe solution (this is not a hot path > anyway). I don't care much about the name though, and I the only thing I > can think of is irq_domain_free_irqs_reset_flow, which looks so bad it's > not even funny. I'll let the matter rest in your capable hands! ;-) I've applied Jiang's "irqdomain: Enhance irq_domain_free_irqs_common() to support parentless irqdomain" patch and it did fix the crash. Thanks Jiang, Marc Joe.C -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html