From 34a35bddb9382fc2663e3137875ee58928f7d704 Mon Sep 17 00:00:00 2001 From: Stanislaw Gruszka Date: Fri, 5 Sep 2008 14:00:22 -0700 Subject: atmel_lcdfb: fix oops in rmmod when framebuffer fails to register If framebuffer registration failed in platform driver ->probe() callback, dev_get_drvdata() points to freed memory region, but ->remove() function try to use it and the following oops occurs: Unable to handle kernel NULL pointer dereference at virtual address 00000228 pgd = c3a20000 [00000228] *pgd=23a2b031, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] Modules linked in: atmel_lcdfb(-) cfbcopyarea cfbimgblt cfbfillrect [last unloaded: atmel_lcdfb] CPU: 0 Not tainted (2.6.27-rc2 #116) PC is at atmel_lcdfb_remove+0x14/0xf8 [atmel_lcdfb] LR is at platform_drv_remove+0x20/0x24 pc : [] lr : [] psr: a0000013 sp : c3a45e84 ip : c3a45ea0 fp : c3a45e9c r10: 00000002 r9 : c3a44000 r8 : c0026c04 r7 : 00000880 r6 : c02bb228 r5 : 00000000 r4 : c02bb230 r3 : bf007e3c r2 : c02bb230 r1 : 00000004 r0 : c02bb228 Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 0005317f Table: 23a20000 DAC: 00000015 Process rmmod (pid: 6799, stack limit = 0xc3a44260) Stack: (0xc3a45e84 to 0xc3a46000) 5e80: c02bb230 bf007e3c bf007e3c c3a45eac c3a45ea0 c0157d28 bf006bc0 5ea0: c3a45ec4 c3a45eb0 c0156d20 c0157d18 c02bb230 c02bb2d8 c3a45ee0 c3a45ec8 5ec0: c0156da8 c0156cb8 bf007e3c bf007ee0 c02c8e14 c3a45efc c3a45ee4 c0156018 5ee0: c0156d50 bf007e3c bf007ee0 00000000 c3a45f18 c3a45f00 c0157220 c0155f9c 5f00: 00000000 bf007ee0 bf008000 c3a45f28 c3a45f1c c0157e34 c01571ec c3a45f38 5f20: c3a45f2c bf006ba8 c0157e30 c3a45fa4 c3a45f3c c005772c bf006ba4 656d7461 5f40: 636c5f6c 00626664 c004c988 c3a45f80 c3a45f5c 00000000 c3a45fb0 00000000 5f60: ffffffff becaccd8 00000880 00000000 000a5e80 00000001 bf007ee0 00000880 5f80: c3a45f84 00000000 becaccd4 00000002 000003df 00000081 00000000 c3a45fa8 5fa0: c0026a60 c0057584 00000002 000003df 00900081 000a5e80 00000880 00000000 5fc0: becaccd4 00000002 000003df 00000000 000a5e80 00000001 00000002 0000005f 5fe0: 4004f5ec becacbe8 0001a158 4004f5fc 20000010 00900081 f9ffbadf 7bbfb2bb Backtrace: [] (atmel_lcdfb_remove+0x0/0xf8 [atmel_lcdfb]) from [] (platform_drv_remove+0x20/0x24) r6:bf007e3c r5:bf007e3c r4:c02bb230 [] (platform_drv_remove+0x0/0x24) from [] (__device_release_driver+0x78/0x98) [] (__device_release_driver+0x0/0x98) from [] (driver_detach+0x68/0x90) r5:c02bb2d8 r4:c02bb230 [] (driver_detach+0x0/0x90) from [] (bus_remove_driver+0x8c/0xb4) r6:c02c8e14 r5:bf007ee0 r4:bf007e3c [] (bus_remove_driver+0x0/0xb4) from [] (driver_unregister+0x44/0x48) r6:00000000 r5:bf007ee0 r4:bf007e3c [] (driver_unregister+0x0/0x48) from [] (platform_driver_unregister+0x14/0x18) r6:bf008000 r5:bf007ee0 r4:00000000 [] (platform_driver_unregister+0x0/0x18) from [] (atmel_lcdfb_exit+0x14/0x1c [atmel_lcdfb]) [] (atmel_lcdfb_exit+0x0/0x1c [atmel_lcdfb]) from [] (sys_delete_module+0x1b8/0x22c) [] (sys_delete_module+0x0/0x22c) from [] (ret_fast_syscall+0x0/0x2c) r7:00000081 r6:000003df r5:00000002 r4:becaccd4 Code: e92dd870 e24cb004 e59050c4 e1a06000 (e5954228) ---[ end trace 85476b184d9e68d8 ]--- This patch fixes the oops. Signed-off-by: Stanislaw Gruszka Acked-by: Nicolas Ferre Acked-by: Krzysztof Helt Cc: Haavard Skinnemoen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/video/atmel_lcdfb.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'drivers/video/atmel_lcdfb.c') diff --git a/drivers/video/atmel_lcdfb.c b/drivers/video/atmel_lcdfb.c index 9c5925927ec..5a24c6411d3 100644 --- a/drivers/video/atmel_lcdfb.c +++ b/drivers/video/atmel_lcdfb.c @@ -939,7 +939,7 @@ static int __init atmel_lcdfb_probe(struct platform_device *pdev) ret = register_framebuffer(info); if (ret < 0) { dev_err(dev, "failed to register framebuffer device: %d\n", ret); - goto free_cmap; + goto reset_drvdata; } /* add selected videomode to modelist */ @@ -955,7 +955,8 @@ static int __init atmel_lcdfb_probe(struct platform_device *pdev) return 0; - +reset_drvdata: + dev_set_drvdata(dev, NULL); free_cmap: fb_dealloc_cmap(&info->cmap); unregister_irqs: @@ -992,10 +993,11 @@ static int __exit atmel_lcdfb_remove(struct platform_device *pdev) { struct device *dev = &pdev->dev; struct fb_info *info = dev_get_drvdata(dev); - struct atmel_lcdfb_info *sinfo = info->par; + struct atmel_lcdfb_info *sinfo; - if (!sinfo) + if (!info || !info->par) return 0; + sinfo = info->par; cancel_work_sync(&sinfo->task); exit_backlight(sinfo); -- cgit v1.2.3 From 3aa04f1b07352be89960bddca4db0d5d8c09510c Mon Sep 17 00:00:00 2001 From: Haavard Skinnemoen Date: Sat, 13 Sep 2008 02:33:23 -0700 Subject: atmel_lcdfb: disable LCD and DMA engines when suspending When suspending the system with atmel_lcdfb enabled, I sometimes see this: atmel_lcdfb atmel_lcdfb.0: FIFO underflow 0x10 Which can be explained by the fact that we're not stopping the LCD controller and its DMA engine when suspending, we're just gating the clocks to them. There's another potential issue which may be harder to trigger but much more nasty: If we gate the clocks at _just_ the right moment, e.g. when the DMA engine is doing a bus transaction, we may cause the DMA engine to violate the system bus protocol and cause a lockup. Avoid these issues by shutting down the LCD controller before entering suspend (and restarting it when resuming). This prevents the underrun from happening in the first place, and prevents whatever nastiness is happening when the bus clock stops in the middle of a DMA transfer. Signed-off-by: Haavard Skinnemoen Acked-by: Nicolas Ferre Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/video/atmel_lcdfb.c | 84 ++++++++++++++++++++++++++------------------- 1 file changed, 49 insertions(+), 35 deletions(-) (limited to 'drivers/video/atmel_lcdfb.c') diff --git a/drivers/video/atmel_lcdfb.c b/drivers/video/atmel_lcdfb.c index 5a24c6411d3..75dac578104 100644 --- a/drivers/video/atmel_lcdfb.c +++ b/drivers/video/atmel_lcdfb.c @@ -208,6 +208,36 @@ static unsigned long compute_hozval(unsigned long xres, unsigned long lcdcon2) return value; } +static void atmel_lcdfb_stop_nowait(struct atmel_lcdfb_info *sinfo) +{ + /* Turn off the LCD controller and the DMA controller */ + lcdc_writel(sinfo, ATMEL_LCDC_PWRCON, + sinfo->guard_time << ATMEL_LCDC_GUARDT_OFFSET); + + /* Wait for the LCDC core to become idle */ + while (lcdc_readl(sinfo, ATMEL_LCDC_PWRCON) & ATMEL_LCDC_BUSY) + msleep(10); + + lcdc_writel(sinfo, ATMEL_LCDC_DMACON, 0); +} + +static void atmel_lcdfb_stop(struct atmel_lcdfb_info *sinfo) +{ + atmel_lcdfb_stop_nowait(sinfo); + + /* Wait for DMA engine to become idle... */ + while (lcdc_readl(sinfo, ATMEL_LCDC_DMACON) & ATMEL_LCDC_DMABUSY) + msleep(10); +} + +static void atmel_lcdfb_start(struct atmel_lcdfb_info *sinfo) +{ + lcdc_writel(sinfo, ATMEL_LCDC_DMACON, sinfo->default_dmacon); + lcdc_writel(sinfo, ATMEL_LCDC_PWRCON, + (sinfo->guard_time << ATMEL_LCDC_GUARDT_OFFSET) + | ATMEL_LCDC_PWR); +} + static void atmel_lcdfb_update_dma(struct fb_info *info, struct fb_var_screeninfo *var) { @@ -420,26 +450,8 @@ static void atmel_lcdfb_reset(struct atmel_lcdfb_info *sinfo) { might_sleep(); - /* LCD power off */ - lcdc_writel(sinfo, ATMEL_LCDC_PWRCON, sinfo->guard_time << ATMEL_LCDC_GUARDT_OFFSET); - - /* wait for the LCDC core to become idle */ - while (lcdc_readl(sinfo, ATMEL_LCDC_PWRCON) & ATMEL_LCDC_BUSY) - msleep(10); - - /* DMA disable */ - lcdc_writel(sinfo, ATMEL_LCDC_DMACON, 0); - - /* wait for DMA engine to become idle */ - while (lcdc_readl(sinfo, ATMEL_LCDC_DMACON) & ATMEL_LCDC_DMABUSY) - msleep(10); - - /* LCD power on */ - lcdc_writel(sinfo, ATMEL_LCDC_PWRCON, - (sinfo->guard_time << ATMEL_LCDC_GUARDT_OFFSET) | ATMEL_LCDC_PWR); - - /* DMA enable */ - lcdc_writel(sinfo, ATMEL_LCDC_DMACON, sinfo->default_dmacon); + atmel_lcdfb_stop(sinfo); + atmel_lcdfb_start(sinfo); } /** @@ -471,14 +483,7 @@ static int atmel_lcdfb_set_par(struct fb_info *info) info->var.xres, info->var.yres, info->var.xres_virtual, info->var.yres_virtual); - /* Turn off the LCD controller and the DMA controller */ - lcdc_writel(sinfo, ATMEL_LCDC_PWRCON, sinfo->guard_time << ATMEL_LCDC_GUARDT_OFFSET); - - /* Wait for the LCDC core to become idle */ - while (lcdc_readl(sinfo, ATMEL_LCDC_PWRCON) & ATMEL_LCDC_BUSY) - msleep(10); - - lcdc_writel(sinfo, ATMEL_LCDC_DMACON, 0); + atmel_lcdfb_stop_nowait(sinfo); if (info->var.bits_per_pixel == 1) info->fix.visual = FB_VISUAL_MONO01; @@ -583,13 +588,7 @@ static int atmel_lcdfb_set_par(struct fb_info *info) while (lcdc_readl(sinfo, ATMEL_LCDC_DMACON) & ATMEL_LCDC_DMABUSY) msleep(10); - dev_dbg(info->device, " * re-enable DMA engine\n"); - /* ...and enable it with updated configuration */ - lcdc_writel(sinfo, ATMEL_LCDC_DMACON, sinfo->default_dmacon); - - dev_dbg(info->device, " * re-enable LCDC core\n"); - lcdc_writel(sinfo, ATMEL_LCDC_PWRCON, - (sinfo->guard_time << ATMEL_LCDC_GUARDT_OFFSET) | ATMEL_LCDC_PWR); + atmel_lcdfb_start(sinfo); dev_dbg(info->device, " * DONE\n"); @@ -1032,11 +1031,20 @@ static int atmel_lcdfb_suspend(struct platform_device *pdev, pm_message_t mesg) struct fb_info *info = platform_get_drvdata(pdev); struct atmel_lcdfb_info *sinfo = info->par; + /* + * We don't want to handle interrupts while the clock is + * stopped. It may take forever. + */ + lcdc_writel(sinfo, ATMEL_LCDC_IDR, ~0UL); + sinfo->saved_lcdcon = lcdc_readl(sinfo, ATMEL_LCDC_CONTRAST_VAL); lcdc_writel(sinfo, ATMEL_LCDC_CONTRAST_CTR, 0); if (sinfo->atmel_lcdfb_power_control) sinfo->atmel_lcdfb_power_control(0); + + atmel_lcdfb_stop(sinfo); atmel_lcdfb_stop_clock(sinfo); + return 0; } @@ -1046,9 +1054,15 @@ static int atmel_lcdfb_resume(struct platform_device *pdev) struct atmel_lcdfb_info *sinfo = info->par; atmel_lcdfb_start_clock(sinfo); + atmel_lcdfb_start(sinfo); if (sinfo->atmel_lcdfb_power_control) sinfo->atmel_lcdfb_power_control(1); lcdc_writel(sinfo, ATMEL_LCDC_CONTRAST_CTR, sinfo->saved_lcdcon); + + /* Enable FIFO & DMA errors */ + lcdc_writel(sinfo, ATMEL_LCDC_IER, ATMEL_LCDC_UFLWI + | ATMEL_LCDC_OWRI | ATMEL_LCDC_MERI); + return 0; } -- cgit v1.2.3