From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 95884C38142
	for <linux-mm@archiver.kernel.org>; Wed,  1 Feb 2023 08:16:49 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 324386B0072; Wed,  1 Feb 2023 03:16:49 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 2BE066B0080; Wed,  1 Feb 2023 03:16:49 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 14E806B0081; Wed,  1 Feb 2023 03:16:49 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id F3CFB6B0072
	for <linux-mm@kvack.org>; Wed,  1 Feb 2023 03:16:48 -0500 (EST)
Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id A457B1A0CD8
	for <linux-mm@kvack.org>; Wed,  1 Feb 2023 08:16:48 +0000 (UTC)
X-FDA: 80418016896.02.2EC119B
Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174])
	by imf05.hostedemail.com (Postfix) with ESMTP id CCA11100004
	for <linux-mm@kvack.org>; Wed,  1 Feb 2023 08:16:46 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b="f/bYjzCo";
	spf=pass (imf05.hostedemail.com: domain of jstultz@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=jstultz@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675239406; a=rsa-sha256;
	cv=none;
	b=Qmv6QdBIrJbbPdHQzI6MX12gWCEY440ftbgbHhiRJpserTfFBlVWYBaMg+typfsqT5pq2m
	ZHG7UWcyRaWn4Ad8fDtqexFtya74Mm26R15/UUrAJKgHgMERUdPn/lgJDKLExJDWWfC2rm
	mx2RiTt+8QBfrze3zT0tjuKRGZ8glyM=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b="f/bYjzCo";
	spf=pass (imf05.hostedemail.com: domain of jstultz@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=jstultz@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1675239406;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=w+WTgqSycW+YwdyyFHzyNDS1ahRVRlExnQu6jqzgcxA=;
	b=KQXnNG4wh0k5Sd6uIYMTJv9vScd2mVTDnQTZC8xCKBt+HG0DJduIwyYwuzHjSj/VpU5T+8
	hKeSwlTED07TasmW3huRUhbY1r/aWTZEy8VNbUzN9753Uz02Po2PdYqq4AUJ3zW1d1I/22
	AbZ3PdB9n1GRGCAh/rEUkYITXLheVdA=
Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-510476ee20aso128498997b3.3
        for <linux-mm@kvack.org>; Wed, 01 Feb 2023 00:16:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=w+WTgqSycW+YwdyyFHzyNDS1ahRVRlExnQu6jqzgcxA=;
        b=f/bYjzCozcQybMWzR7nGgOr7h+cRs8QusGTOsoqpbNgzYXYAiv2M0lVw1YeFT8QdTA
         m+ER3t091N1c7bjh3+h3bpSkSYnK0eIi5oW9LEQ9fwN0bDVEtNYBvzqm0RerlxhiBdft
         mqiZVyQXi8n/8pZ3oUhSD6JqcXvz3zlVOmYovJxfsVPlatsfHFl7kyo3W/eePfzW2/Xl
         Pkt9/zvqG6uYSjyJOQKU30VHObN2rAc8jQDMDBknpFCkB9/PRoJnhpnpKHu394yYtA8w
         oiT9cmDWCQVLu7OpJlDjiYUIp2WNYm91VfWxoZY0Skhoi69Nr0w8bVOyB+ext/awmQeu
         X22w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=w+WTgqSycW+YwdyyFHzyNDS1ahRVRlExnQu6jqzgcxA=;
        b=KTQFeJAuoaG1Yl2HXTQ20skyW7gQrwjEgvIqF5nwVupAj+1PTIphOFfMsgCzJisxe2
         SkrzQj0w/ZXy+JV56IXQEADdghrcrgA/r1lNWFLPskQxWv3l9SmovWyz9PC10+PRkww7
         KlbBSroKh+pG7UZRc8UmhyT/EnAd+D+eF1MNxKZWmBCFofMXbxQC3lj3xaE77nJAKhaS
         cg0be9L5bcCXaEZSfjN9EGAE0f/A2ybsPYnzF8jwsU+6U2Bq9vpPYrfKfmU314revor+
         odX71jdJzlxd1Mdg4NVb2vo8D6ijshXl5BecbS+e1fNklxNq3tmph+jRFTVjko5aIhiG
         hJPQ==
X-Gm-Message-State: AO0yUKUQtwL5u82EYIbrg2VPSPPxYGOpZ/LPqKAW3HT8T3c7S3GY/jk/
	765//c+0Zcgp5z0IVC2EJtKv0sS+9lhKA24n+U4d
X-Google-Smtp-Source: AK7set+theTnwE00kW19ZCesKtYS1cSJ1m2dS3+7cdOsE0cPll/6nx2B7R4+nCNkvlrk9lzH2qEY6ESPEQ7v7TUserU=
X-Received: by 2002:a81:e405:0:b0:506:6e0b:7441 with SMTP id
 r5-20020a81e405000000b005066e0b7441mr176361ywl.208.1675239405679; Wed, 01 Feb
 2023 00:16:45 -0800 (PST)
MIME-Version: 1.0
References: <20221101222520.never.109-kees@kernel.org> <20221101223321.1326815-5-keescook@chromium.org>
 <CAMSo37W3gRkP02tSCxGX71ZDAt3WgPZrkTRTM6J1iQ4gvUS9vg@mail.gmail.com> <CANDhNCogJrvt=yEXFK-xVmGjkcRxSNGZUqUeNw2MV9bFRrwPdQ@mail.gmail.com>
In-Reply-To: <CANDhNCogJrvt=yEXFK-xVmGjkcRxSNGZUqUeNw2MV9bFRrwPdQ@mail.gmail.com>
From: John Stultz <jstultz@google.com>
Date: Wed, 1 Feb 2023 00:16:34 -0800
Message-ID: <CANDhNCqHDJyj4-t5iMH1zDw6VKNUu5Fk-AzjvfV=DgqGVrF3KA@mail.gmail.com>
Subject: Re: [PATCH 5/6] driver core: Add __alloc_size hint to devm allocators
To: Yongqin Liu <yongqin.liu@linaro.org>, Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Kees Cook <keescook@chromium.org>, Vlastimil Babka <vbabka@suse.cz>, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Rasmus Villemoes <rasmus.villemoes@prevas.dk>, 
	Thomas Gleixner <tglx@linutronix.de>, Jason Gunthorpe <jgg@ziepe.ca>, Nishanth Menon <nm@ti.com>, 
	Michael Kelley <mikelley@microsoft.com>, Dan Williams <dan.j.williams@intel.com>, 
	Won Chung <wonchung@google.com>, David Gow <davidgow@google.com>, 
	Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>, 
	Joonsoo Kim <iamjoonsoo.kim@lge.com>, Roman Gushchin <roman.gushchin@linux.dev>, 
	Hyeonggon Yoo <42.hyeyoo@gmail.com>, Guenter Roeck <linux@roeck-us.net>, 
	Andy Shevchenko <andriy.shevchenko@intel.com>, Paolo Abeni <pabeni@redhat.com>, 
	Geert Uytterhoeven <geert@linux-m68k.org>, Nathan Chancellor <nathan@kernel.org>, 
	Nick Desaulniers <ndesaulniers@google.com>, Tom Rix <trix@redhat.com>, linux-kernel@vger.kernel.org, 
	linux-mm@kvack.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev, 
	Sumit Semwal <sumit.semwal@linaro.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspam-User: 
X-Rspamd-Queue-Id: CCA11100004
X-Rspamd-Server: rspam01
X-Stat-Signature: ia74ko8g993efu5bbw3g7tiz1usiao61
X-HE-Tag: 1675239406-909514
X-HE-Meta: U2FsdGVkX1+HRm560C37xpTfLrRBZ0z/aEaQNTJUWmgWytcOCqnzRwSQXty0AJLhn4MWfXR7dUtmRwq9I3YVABse5xPhF+NUQARxhqCEQGCL9E8Fkt6waVq3x8BwxXQmjEz0OjQmv4G6j/PcFP/jhIFhKGmUDUHqWLyRGRiQWBPQFrNrd7XqvghYGle8d2cXS+RRjNZBB2pU5OaT/fBgBCWSKV3f124du24BbbXP8N5iEtM3skBwTJroBEzOFLOLcjVLNa/FEMGna9duTusNm9k1trro4PIsJZR0AOlZrkjgDdR3YWM046IXv1pFc2nyN0JUmJq1FNqJW7NbjPs3QTNci9jbTGKeaPHgUbLB05q6le1QKpjCth31Zw/StT6GZnjI07YLI3L8n8noc6SGXdWq159diVZYAIxEBYioiFGcOwgZVX2vrVH4YKaYLo0LB/qLnK6noCidS9WUkCdNm4KCN9CE0wuu3TXfQp4DjGADXeWPAtn5jmW1JSPRGT0A0lg859H7ECWv6ovty3REIwLnZgxnIlfl3Ll6q3B2Kl8LZ7JW4xx3TllqrAXligOvMkty6FRFKqPi7i34Y3iTzldNSfJMMOQqDPe5/9cT5Fn9tm+4w+FFBm3HvjuvrQdyujGDy9POA4lpgQ7hCaJnH2x2oxWPKcynQUFUNXp5PUAbnnEUkoXhbK25m3X8beaZIK6h3UPZRjjVRQ+lWX9jniyjmnJRUpYMz9Dmb4BZzZGvBLfrTsXSOtDv1gyFCQ8VFdQQSOPQEEKg8Fm9IsPU2EfT0q9Rx8oWjqnJ6JXWY5RcKSurTjpNnVuFY0m2F1NODBiBfVylP/HSUljfk2G9JGjwe/FDyhDSdrQiM9mIsXZaEfLSbNhPchvm6oAlEQJv5lVC3PPWK2leuWNceycPG9zkLmIN91OGNb8RWjk25EBdjSRxgjp9eX6TXgQg3k4o9eiBIcs0rmMVs3GGWyN
 86wDP1jn
 cmsqgu0HmJm5avs6BEB4fgr/vcjNakeatFAmNOK7XFUyqxNKVwjZZwSJSIIpTrKIjjDQX2g/AEF32FhJLVmJQGnk8mUQVtt/fdmTV3Z7BBu43b7v6/u+OYN6hK6mtJwklMkWRDKuKtpXTwYjgtrinS86svo1gY6mq5Ijm3BJRMdB7ntVrBrydlkxOEqc2kZzfz9zbAiP1ZJi7YX+NqSRB3WTSNV4xsCivYjXAz+0/YbpMpG77tybge9LZYUnT/GRFr09xMd1Lf9QA0wE1F3AFnQDe19NLKw4CAU8SB2sJRlbdzbonyM2s8/3lNwxtcoam3VavEBaG0l8S6q2ux+D6fNZLFzzlBJBlH6sWr7a4zqMKpOm4hrll90dV/tYDydkdwalNt0AUCmDUwvqgGmwW9O6vydFh9pmRgUIu+chwLMls5XaERvEHcQEEnI+rTgM6kV2IrZPErgX6wQxvklGF/H4h2AghpG9sNgk+TbGOi7ZRdOeFP9yusE5VpQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Feb 1, 2023 at 12:11 AM John Stultz <jstultz@google.com> wrote:
> On Tue, Jan 31, 2023 at 11:36 PM Yongqin Liu <yongqin.liu@linaro.org> wrote:
> >
> > Hi, Kees
> >
> > This change causes "Kernel panic - not syncing: BRK handler: Fatal exception"
> > for the android-mainline based hikey960 build, with this commit reverted,
> > there is no problem for the build to boot to the homescreen.
> > Not sure if you have any idea about it and give some suggestions.
> >
> > Here is part of the kernel panic log:
> >
> >     [    9.479878][  T122] ueventd: Loading module
> > /vendor/lib/modules/spi-pl022.ko with args ''
> >     [    9.480276][  T115] apexd-bootstrap: Pre-allocated loop device 29
> >     [    9.480517][  T123] ueventd: LoadWithAliases was unable to load
> > of:Nhi3660_i2sT(null)Chisilicon,hi3660-i2s-1.0
> >     [    9.480632][  T121] Unexpected kernel BRK exception at EL1
> >     [    9.480637][  T121] Internal error: BRK handler:
> > 00000000f2000001 [#1] PREEMPT SMP
> >     [    9.480644][  T121] Modules linked in: cpufreq_dt(E+)
> > hisi_thermal(E+) phy_hi3660_usb3(E) btqca(E) hi6421_pmic_core(E)
> > btbcm(E) spi_pl022(E) hi3660_mailbox(E) i2c_designware_platform(E)
> > mali_kbase(OE) dw_mmc_k3(E) bluetooth(E) dw_mmc_pltfm(E) dw_mmc(E)
> > kirin_drm(E) rfkill(E) kirin_dsi(E) i2c_designware_core(E) k3dma(E)
> > drm_dma_helper(E) cma_heap(E) system_heap(E)
> >     [    9.480688][  T121] CPU: 4 PID: 121 Comm: ueventd Tainted: G
> >        OE      6.2.0-rc6-mainline-14196-g1d9f94ec75b9 #1
> >     [    9.480694][  T121] Hardware name: HiKey960 (DT)
> >     [    9.480697][  T121] pstate: 20400005 (nzCv daif +PAN -UAO -TCO
> > -DIT -SSBS BTYPE=--)
> >     [    9.480703][  T121] pc : hi3660_thermal_probe+0x6c/0x74 [hisi_thermal]
> >     [    9.480722][  T121] lr : hi3660_thermal_probe+0x38/0x74 [hisi_thermal]
> >     [    9.480733][  T121] sp : ffffffc00aa13700
> >     [    9.480735][  T121] x29: ffffffc00aa13700 x28: 0000007ff8ae8531
> > x27: 00000000000008c0
> >     [    9.480743][  T121] x26: ffffffc00aa2a300 x25: ffffffc00aa2ab40
> > x24: 000000000000001d
> >     [    9.480749][  T121] x23: ffffffc00a29d000 x22: 0000000000000000
> > x21: ffffff8001fa4a80
> >     [    9.480755][  T121] x20: 0000000000000001 x19: ffffff8001fa4a80
> > x18: ffffffc00a8810b0
> >     [    9.480761][  T121] x17: 000000007ab542f2 x16: 000000007ab542f2
> > x15: ffffffc00aa01000
> >     [    9.480767][  T121] x14: ffffffc00966f250 x13: ffffffc0b58f9000
> > x12: ffffffc00a055f10
> >     [    9.480771][  T123] ueventd: LoadWithAliases was unable to load
> > cpu:type:aarch64:feature:,0000,0001,0002,0003,0004,0005,0006,0007,000B
> >     [    9.480773][  T121]
> >     [    9.480774][  T121] x11: 0000000000000000 x10: 0000000000000001
> > x9 : 0000000100000000
> >     [    9.480780][  T123] ueventd:
> >     [    9.480780][  T121] x8 : ffffffc0044154cb x7 : 0000000000000000
> > x6 : 000000000000003f
> >     [    9.480786][  T121] x5 : 0000000000000020 x4 : ffffffc0098db323
> > x3 : ffffff801aeb62c0
> >     [    9.480792][  T121] x2 : ffffff801aeb62c0 x1 : 0000000000000000
> > x0 : ffffff8001fa4c80
> >     [    9.480798][  T121] Call trace:
> >     [    9.480801][  T121]  hi3660_thermal_probe+0x6c/0x74 [hisi_thermal]
> >     [    9.480813][  T121]  hisi_thermal_probe+0xbc/0x284 [hisi_thermal]
>
>
> Taking a look here, it looks pretty obvious:
>   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/thermal/hisi_thermal.c#n414
>
> data->nr_sensors = 1;
> data->sensor = devm_kzalloc(dev, sizeof(*data->sensor) *
>    data->nr_sensors, GFP_KERNEL);
>
> Here as nr_sensors=1, we allocate only one structure for the array.
> But then below that, we modify two entries, writing past the valid
> array, and corrupting data when writing the second sensor values.
>
> data->sensor[0].id = HI3660_BIG_SENSOR;
> data->sensor[0].irq_name = "tsensor_a73";
> data->sensor[0].data = data;
>
> data->sensor[1].id = HI3660_LITTLE_SENSOR;
> data->sensor[1].irq_name = "tsensor_a53";
> data->sensor[1].data = data;
>
> I suspect nr_sensors needs to be set to 2.

Looks like the bug was introduced here:
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d3a2a2bbadb4bf5856ed394ba09b8fbb7a80460

But that change seems to imply the dual zones weren't fully supported
at the time. I'm not sure if that's changed in the meantime, so
removing the second sensor writes may potentially be a better fix.

thanks
-john