[PATCH 4.4 59/73] i2c-eg20t: fix race between i2c init and interrupt enable

From: Greg Kroah-Hartman
Date: Wed Sep 28 2016 - 05:26:33 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 68/73] PM / hibernate: Restore processor state before using per-CPU variables"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 19/69] fix fault_in_multipages_...() on architectures with no-op access_ok()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 24/73] net: caif: fix misleading indentation"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 68/73] PM / hibernate: Restore processor state before using per-CPU variables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Yadi.hu <yadi.hu@xxxxxxxxxxxxx>

commit 371a015344b6e270e7e3632107d9554ec6d27a6b upstream.

the eg20t driver call request_irq() function before the pch_base_address,
base address of i2c controller's register, is assigned an effective value.

there is one possible scenario that an interrupt which isn't inside eg20t
arrives immediately after request_irq() is executed when i2c controller
shares an interrupt number with others. since the interrupt handler
pch_i2c_handler() has already active as shared action, it will be called
and read its own register to determine if this interrupt is from itself.

At that moment, since base address of i2c registers is not remapped
in kernel space yet,so the INT handler will access an illegal address
and then a error occurs.

Signed-off-by: Yadi.hu <yadi.hu@xxxxxxxxxxxxx>
Signed-off-by: Wolfram Sang <wsa@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/i2c/busses/i2c-eg20t.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)

--- a/drivers/i2c/busses/i2c-eg20t.c
+++ b/drivers/i2c/busses/i2c-eg20t.c
@@ -773,13 +773,6 @@ static int pch_i2c_probe(struct pci_dev
/* Set the number of I2C channel instance */
adap_info->ch_num = id->driver_data;

- ret = request_irq(pdev->irq, pch_i2c_handler, IRQF_SHARED,
- KBUILD_MODNAME, adap_info);
- if (ret) {
- pch_pci_err(pdev, "request_irq FAILED\n");
- goto err_request_irq;
- }
-
for (i = 0; i < adap_info->ch_num; i++) {
pch_adap = &adap_info->pch_data[i].pch_adapter;
adap_info->pch_i2c_suspended = false;
@@ -796,6 +789,17 @@ static int pch_i2c_probe(struct pci_dev
adap_info->pch_data[i].pch_base_address = base_addr + 0x100 * i;

pch_adap->dev.parent = &pdev->dev;
+ }
+
+ ret = request_irq(pdev->irq, pch_i2c_handler, IRQF_SHARED,
+ KBUILD_MODNAME, adap_info);
+ if (ret) {
+ pch_pci_err(pdev, "request_irq FAILED\n");
+ goto err_request_irq;
+ }
+
+ for (i = 0; i < adap_info->ch_num; i++) {
+ pch_adap = &adap_info->pch_data[i].pch_adapter;

pch_i2c_init(&adap_info->pch_data[i]);

Next message: Greg Kroah-Hartman: "[PATCH 4.4 68/73] PM / hibernate: Restore processor state before using per-CPU variables"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 19/69] fix fault_in_multipages_...() on architectures with no-op access_ok()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 24/73] net: caif: fix misleading indentation"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 68/73] PM / hibernate: Restore processor state before using per-CPU variables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]