This is a note to let you know that I've just added the patch titled pinctrl: samsung: Fix NULL pointer exception on external interrupts on S3C24xx to the 4.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: pinctrl-samsung-fix-null-pointer-exception-on-external-interrupts-on-s3c24xx.patch and it can be found in the queue-4.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From cee7413d84044a0c1919a7c70a2d761ae24390de Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzk@xxxxxxxxxx> Date: Thu, 15 Jun 2017 17:46:37 +0200 Subject: pinctrl: samsung: Fix NULL pointer exception on external interrupts on S3C24xx From: Krzysztof Kozlowski <krzk@xxxxxxxxxx> commit cee7413d84044a0c1919a7c70a2d761ae24390de upstream. After commit 8b1bd11c1f8f ("pinctrl: samsung: Add the support the multiple IORESOURCE_MEM for one pin-bank"), the S3C24xx (and probably S3C64xx as well) fails: Unable to handle kernel NULL pointer dereference at virtual address 000000a8 ... (s3c24xx_demux_eint4_7) from [<c004469c>] (__handle_domain_irq+0x6c/0xcc) (__handle_domain_irq) from [<c0009444>] (s3c24xx_handle_irq+0x6c/0x12c) (s3c24xx_handle_irq) from [<c000e5fc>] (__irq_svc+0x5c/0x78) Mentioned commit moved the pointer to controller's base IO memory address from each controller's driver data (samsung_pinctrl_drv_data) to per-bank structure (samsung_pin_bank). The external interrupt demux handlers (s3c24xx_demux_eint()) tried to get this base address from opaque pointer stored under irq_chip data: struct irq_data *irqd = irq_desc_get_irq_data(desc); struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd); ... pend = readl(bank->eint_base + EINTPEND_REG); which is wrong because this is hardware irq and it bank was never set for this irq_chip. For S3C24xx and S3C64xx, this partially reverts mentioned commit by bringing back the virt_base stored under each controller's driver data (samsung_pinctrl_drv_data). This virt_base address will be now duplicated: - samsung_pinctrl_drv_data->virt_base: used on S3C24xx and S3C64xx, - samsung_pin_bank->pctl_base: used on Exynos. Fixes: 8b1bd11c1f8f ("pinctrl: samsung: Add the support the multiple IORESOURCE_MEM for one pin-bank") Cc: Sergio Prado <sergio.prado@xxxxxxxxxxxxxx> Reported-by: Sergio Prado <sergio.prado@xxxxxxxxxxxxxx> Signed-off-by: Krzysztof Kozlowski <krzk@xxxxxxxxxx> Tested-by: Lihua Yao <ylhuajnu@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/pinctrl/samsung/pinctrl-s3c24xx.c | 37 +++++++++++++++------------ drivers/pinctrl/samsung/pinctrl-s3c64xx.c | 40 +++++++++++++----------------- drivers/pinctrl/samsung/pinctrl-samsung.c | 6 ++++ drivers/pinctrl/samsung/pinctrl-samsung.h | 5 +++ 4 files changed, 50 insertions(+), 38 deletions(-) --- a/drivers/pinctrl/samsung/pinctrl-s3c24xx.c +++ b/drivers/pinctrl/samsung/pinctrl-s3c24xx.c @@ -151,7 +151,7 @@ static void s3c24xx_eint_set_function(st u32 val; /* Make sure that pin is configured as interrupt */ - reg = bank->pctl_base + bank->pctl_offset; + reg = d->virt_base + bank->pctl_offset; shift = pin * bank_type->fld_width[PINCFG_TYPE_FUNC]; mask = (1 << bank_type->fld_width[PINCFG_TYPE_FUNC]) - 1; @@ -184,7 +184,7 @@ static int s3c24xx_eint_type(struct irq_ s3c24xx_eint_set_handler(data, type); /* Set up interrupt trigger */ - reg = bank->eint_base + EINT_REG(index); + reg = d->virt_base + EINT_REG(index); shift = EINT_OFFS(index); val = readl(reg); @@ -259,29 +259,32 @@ static void s3c2410_demux_eint0_3(struct static void s3c2412_eint0_3_ack(struct irq_data *data) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(data); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned long bitval = 1UL << data->hwirq; - writel(bitval, bank->eint_base + EINTPEND_REG); + writel(bitval, d->virt_base + EINTPEND_REG); } static void s3c2412_eint0_3_mask(struct irq_data *data) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(data); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned long mask; - mask = readl(bank->eint_base + EINTMASK_REG); + mask = readl(d->virt_base + EINTMASK_REG); mask |= (1UL << data->hwirq); - writel(mask, bank->eint_base + EINTMASK_REG); + writel(mask, d->virt_base + EINTMASK_REG); } static void s3c2412_eint0_3_unmask(struct irq_data *data) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(data); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned long mask; - mask = readl(bank->eint_base + EINTMASK_REG); + mask = readl(d->virt_base + EINTMASK_REG); mask &= ~(1UL << data->hwirq); - writel(mask, bank->eint_base + EINTMASK_REG); + writel(mask, d->virt_base + EINTMASK_REG); } static struct irq_chip s3c2412_eint0_3_chip = { @@ -316,31 +319,34 @@ static void s3c2412_demux_eint0_3(struct static void s3c24xx_eint_ack(struct irq_data *data) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(data); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned char index = bank->eint_offset + data->hwirq; - writel(1UL << index, bank->eint_base + EINTPEND_REG); + writel(1UL << index, d->virt_base + EINTPEND_REG); } static void s3c24xx_eint_mask(struct irq_data *data) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(data); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned char index = bank->eint_offset + data->hwirq; unsigned long mask; - mask = readl(bank->eint_base + EINTMASK_REG); + mask = readl(d->virt_base + EINTMASK_REG); mask |= (1UL << index); - writel(mask, bank->eint_base + EINTMASK_REG); + writel(mask, d->virt_base + EINTMASK_REG); } static void s3c24xx_eint_unmask(struct irq_data *data) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(data); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned char index = bank->eint_offset + data->hwirq; unsigned long mask; - mask = readl(bank->eint_base + EINTMASK_REG); + mask = readl(d->virt_base + EINTMASK_REG); mask &= ~(1UL << index); - writel(mask, bank->eint_base + EINTMASK_REG); + writel(mask, d->virt_base + EINTMASK_REG); } static struct irq_chip s3c24xx_eint_chip = { @@ -356,14 +362,13 @@ static inline void s3c24xx_demux_eint(st { struct s3c24xx_eint_data *data = irq_desc_get_handler_data(desc); struct irq_chip *chip = irq_desc_get_chip(desc); - struct irq_data *irqd = irq_desc_get_irq_data(desc); - struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd); + struct samsung_pinctrl_drv_data *d = data->drvdata; unsigned int pend, mask; chained_irq_enter(chip, desc); - pend = readl(bank->eint_base + EINTPEND_REG); - mask = readl(bank->eint_base + EINTMASK_REG); + pend = readl(d->virt_base + EINTPEND_REG); + mask = readl(d->virt_base + EINTMASK_REG); pend &= ~mask; pend &= range; --- a/drivers/pinctrl/samsung/pinctrl-s3c64xx.c +++ b/drivers/pinctrl/samsung/pinctrl-s3c64xx.c @@ -280,7 +280,7 @@ static void s3c64xx_irq_set_function(str u32 val; /* Make sure that pin is configured as interrupt */ - reg = bank->pctl_base + bank->pctl_offset; + reg = d->virt_base + bank->pctl_offset; shift = pin; if (bank_type->fld_width[PINCFG_TYPE_FUNC] * shift >= 32) { /* 4-bit bank type with 2 con regs */ @@ -308,8 +308,9 @@ static void s3c64xx_irq_set_function(str static inline void s3c64xx_gpio_irq_set_mask(struct irq_data *irqd, bool mask) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned char index = EINT_OFFS(bank->eint_offset) + irqd->hwirq; - void __iomem *reg = bank->eint_base + EINTMASK_REG(bank->eint_offset); + void __iomem *reg = d->virt_base + EINTMASK_REG(bank->eint_offset); u32 val; val = readl(reg); @@ -333,8 +334,9 @@ static void s3c64xx_gpio_irq_mask(struct static void s3c64xx_gpio_irq_ack(struct irq_data *irqd) { struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd); + struct samsung_pinctrl_drv_data *d = bank->drvdata; unsigned char index = EINT_OFFS(bank->eint_offset) + irqd->hwirq; - void __iomem *reg = bank->eint_base + EINTPEND_REG(bank->eint_offset); + void __iomem *reg = d->virt_base + EINTPEND_REG(bank->eint_offset); writel(1 << index, reg); } @@ -357,7 +359,7 @@ static int s3c64xx_gpio_irq_set_type(str s3c64xx_irq_set_handler(irqd, type); /* Set up interrupt trigger */ - reg = bank->eint_base + EINTCON_REG(bank->eint_offset); + reg = d->virt_base + EINTCON_REG(bank->eint_offset); shift = EINT_OFFS(bank->eint_offset) + irqd->hwirq; shift = 4 * (shift / 4); /* 4 EINTs per trigger selector */ @@ -409,8 +411,7 @@ static void s3c64xx_eint_gpio_irq(struct { struct irq_chip *chip = irq_desc_get_chip(desc); struct s3c64xx_eint_gpio_data *data = irq_desc_get_handler_data(desc); - struct irq_data *irqd = irq_desc_get_irq_data(desc); - struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd); + struct samsung_pinctrl_drv_data *drvdata = data->drvdata; chained_irq_enter(chip, desc); @@ -420,7 +421,7 @@ static void s3c64xx_eint_gpio_irq(struct unsigned int pin; unsigned int virq; - svc = readl(bank->eint_base + SERVICE_REG); + svc = readl(drvdata->virt_base + SERVICE_REG); group = SVC_GROUP(svc); pin = svc & SVC_NUM_MASK; @@ -515,15 +516,15 @@ static inline void s3c64xx_eint0_irq_set { struct s3c64xx_eint0_domain_data *ddata = irq_data_get_irq_chip_data(irqd); - struct samsung_pin_bank *bank = ddata->bank; + struct samsung_pinctrl_drv_data *d = ddata->bank->drvdata; u32 val; - val = readl(bank->eint_base + EINT0MASK_REG); + val = readl(d->virt_base + EINT0MASK_REG); if (mask) val |= 1 << ddata->eints[irqd->hwirq]; else val &= ~(1 << ddata->eints[irqd->hwirq]); - writel(val, bank->eint_base + EINT0MASK_REG); + writel(val, d->virt_base + EINT0MASK_REG); } static void s3c64xx_eint0_irq_unmask(struct irq_data *irqd) @@ -540,10 +541,10 @@ static void s3c64xx_eint0_irq_ack(struct { struct s3c64xx_eint0_domain_data *ddata = irq_data_get_irq_chip_data(irqd); - struct samsung_pin_bank *bank = ddata->bank; + struct samsung_pinctrl_drv_data *d = ddata->bank->drvdata; writel(1 << ddata->eints[irqd->hwirq], - bank->eint_base + EINT0PEND_REG); + d->virt_base + EINT0PEND_REG); } static int s3c64xx_eint0_irq_set_type(struct irq_data *irqd, unsigned int type) @@ -551,7 +552,7 @@ static int s3c64xx_eint0_irq_set_type(st struct s3c64xx_eint0_domain_data *ddata = irq_data_get_irq_chip_data(irqd); struct samsung_pin_bank *bank = ddata->bank; - struct samsung_pinctrl_drv_data *d = ddata->bank->drvdata; + struct samsung_pinctrl_drv_data *d = bank->drvdata; void __iomem *reg; int trigger; u8 shift; @@ -566,7 +567,7 @@ static int s3c64xx_eint0_irq_set_type(st s3c64xx_irq_set_handler(irqd, type); /* Set up interrupt trigger */ - reg = bank->eint_base + EINT0CON0_REG; + reg = d->virt_base + EINT0CON0_REG; shift = ddata->eints[irqd->hwirq]; if (shift >= EINT_MAX_PER_REG) { reg += 4; @@ -598,19 +599,14 @@ static struct irq_chip s3c64xx_eint0_irq static inline void s3c64xx_irq_demux_eint(struct irq_desc *desc, u32 range) { struct irq_chip *chip = irq_desc_get_chip(desc); - struct irq_data *irqd = irq_desc_get_irq_data(desc); - struct s3c64xx_eint0_domain_data *ddata = - irq_data_get_irq_chip_data(irqd); - struct samsung_pin_bank *bank = ddata->bank; - struct s3c64xx_eint0_data *data = irq_desc_get_handler_data(desc); - + struct samsung_pinctrl_drv_data *drvdata = data->drvdata; unsigned int pend, mask; chained_irq_enter(chip, desc); - pend = readl(bank->eint_base + EINT0PEND_REG); - mask = readl(bank->eint_base + EINT0MASK_REG); + pend = readl(drvdata->virt_base + EINT0PEND_REG); + mask = readl(drvdata->virt_base + EINT0MASK_REG); pend = pend & range & ~mask; pend &= range; --- a/drivers/pinctrl/samsung/pinctrl-samsung.c +++ b/drivers/pinctrl/samsung/pinctrl-samsung.c @@ -1013,6 +1013,12 @@ samsung_pinctrl_get_soc_data(struct sams bank->eint_base = virt_base[0]; bank->pctl_base = virt_base[bdata->pctl_res_idx]; } + /* + * Legacy platforms should provide only one resource with IO memory. + * Store it as virt_base because legacy driver needs to access it + * through samsung_pinctrl_drv_data. + */ + d->virt_base = virt_base[0]; for_each_child_of_node(node, np) { if (!of_find_property(np, "gpio-controller", NULL)) --- a/drivers/pinctrl/samsung/pinctrl-samsung.h +++ b/drivers/pinctrl/samsung/pinctrl-samsung.h @@ -247,6 +247,10 @@ struct samsung_pin_ctrl { /** * struct samsung_pinctrl_drv_data: wrapper for holding driver data together. * @node: global list node + * @virt_base: register base address of the controller; this will be equal + * to each bank samsung_pin_bank->pctl_base and used on legacy + * platforms (like S3C24XX or S3C64XX) which has to access the base + * through samsung_pinctrl_drv_data, not samsung_pin_bank). * @dev: device instance representing the controller. * @irq: interrpt number used by the controller to notify gpio interrupts. * @ctrl: pin controller instance managed by the driver. @@ -262,6 +266,7 @@ struct samsung_pin_ctrl { */ struct samsung_pinctrl_drv_data { struct list_head node; + void __iomem *virt_base; struct device *dev; int irq; Patches currently in stable-queue which might be from krzk@xxxxxxxxxx are queue-4.13/pinctrl-samsung-fix-invalid-register-offset-used-for-exynos5433-external-interrupts.patch queue-4.13/pinctrl-samsung-fix-null-pointer-exception-on-external-interrupts-on-s3c24xx.patch