[PATCH 1/1] yeeloong_laptop: add missing EVENT_WLAN to sci_event se[], fix a kernel oops

[Tom Li]

In do_event_action(), we query the handler of a event by 

        sep = (struct sci_event *)&se[event];

But, we forget to add EVENT_WLAN to sci_event se[]. If we use EVENT_WLAN as the event key to query the handler, seq will become an invalid pointer. Then ec_read() it causes a kernel oops.

[   38.284000] (ff6/10)ec issued command 132 status : 0x9

[   38.288000] CPU 0 Unable to handle kernel paging request at virtual address 0000000100000000, epc == 0000000100000000, ra == ffffffff80564994

[   38.292000] Oops[#1]:

[   38.292000] CPU: 0 PID: 34 Comm: irq/10-sci Not tainted 3.15.3-yeeloong-gaizi #3

[   38.292000] task: 98000000bf2b8000 ti: 98000000bf3ac000 task.ti: 98000000bf3ac000

[   38.292000] $ 0   : 0000000000000000 ffffffffcfffffff 0000000100000000 0000000000000000

[   38.292000] $ 4   : 00000000000000c4 0000004200000000 ffffffff80966a18 0000000000006aa0

[   38.292000] $ 8   : 98000000bf2b8000 6465757373692063 0000000000000148 6174732032333120

[   38.292000] $12   : fffffffffffffffe ffffffffffffffe0 0000000000000000 ffffffff809e4948

[   38.292000] $16   : 0000000000000030 0000000000000030 00000000000000c4 ffffffff808815e8

[   38.292000] $20   : ffffffff80280000 ffffffff802782c8 0000000000000001 ffffffff809675d0

[   38.292000] $24   : 0000000000000001 00000000000015a0

[   38.292000] $28   : 98000000bf3ac000 98000000bf3afd80 ffffffff80950000 ffffffff80564994

[   38.292000] Hi    : 0000000000000042

[   38.292000] Lo    : 000000000c6ab000

[   38.292000] epc   : 0000000100000000 0x100000000

[   38.292000]     Not tainted

[   38.292000] ra    : ffffffff80564994 sci_irq_handler+0xcc/0x1d8

[   38.292000] Status: 140044e3 KX SX UX KERNEL EXL IE

[   38.292000] Cause : 10008008

[   38.292000] BadVA : 0000000100000000

[   38.292000] PrId  : 00006303 (ICT Loongson-2)

[   38.292000] Modules linked in: arc4 rtl8187 eeprom_93cx6 led_class mac80211 cfg80211 rfkill psmouse loongson2_cpufreq snd_cs5535audio 8139too mii snd_ac97_codec ac97_bus snd_pcm snd_timer snd soundcore ipv6

[   38.292000] Process irq/10-sci (pid: 34, threadinfo=98000000bf3ac000, task=98000000bf2b8000, tls=0000000000000000)

[   38.292000] Stack : ffffffff80280000 98000000bf3a8000 ffffffff8095ded0 0000000000000001

          ffffffff8095ded0 ffffffff802782fc ffffffff80280000 ffffffff802782c8

          0000000000000001 0000000000000001 98000000bf3a8000 ffffffff80278680

          0000000000000000 ffffffff80278430 98000000bf3a8080 ffffffff809d0000

          ffffffff808d0000 98000000bf3a8000 ffffffff80278538 98000000bf068780

          98000000bf2b8780 ffffffff80258fd0 0000000000000000 0000000000000000

          98000000bf3a8000 0000000000000000 98000000bf3afe50 98000000bf3afe50

          0000000000000000 98000000bf3afe68 98000000bf3afe68 0000000000000000

          ffffffff80258ef0 98000000bf3a8080 ffffffff809e0000 ffffffff809e0000

          0000000000000000 ffffffff80206ea0 0000000000000000 0000000000000000

          ...

[   38.292000] Call Trace:

[   38.292000] [<ffffffff80280000>] rcu_process_callbacks+0x4d8/0x500

[   38.292000] [<ffffffff802782fc>] irq_thread_fn+0x34/0x78

[   38.292000] [<ffffffff80280000>] rcu_process_callbacks+0x4d8/0x500

[   38.292000] [<ffffffff802782c8>] irq_thread_fn+0x0/0x78

[   38.292000] [<ffffffff80278680>] irq_thread+0x148/0x190

[   38.292000] [<ffffffff80278430>] irq_thread_dtor+0x0/0x108

[   38.292000] [<ffffffff80278538>] irq_thread+0x0/0x190

[   38.292000] [<ffffffff80258fd0>] kthread+0xe0/0xf8

[   38.292000] [<ffffffff80258ef0>] kthread+0x0/0xf8

[   38.292000] [<ffffffff80206ea0>] ret_from_kernel_thread+0x20/0x28

[   38.292000]

Code: (Bad address in epc)

[   38.296000] ---[ end trace f1ecc07587c77678 ]---

[   38.300000] CPU 0 Unable to handle kernel paging request at virtual address ffffffffffffffe0, epc == ffffffff802596c0, ra == ffffffff8027845c

[   38.308000] Oops[#2]:

[   38.308000] CPU: 0 PID: 34 Comm: irq/10-sci Tainted: G      D       3.15.3-yeeloong-gaizi #3

[   38.308000] task: 98000000bf2b8000 ti: 98000000bf3ac000 task.ti: 98000000bf3ac000

[   38.308000] $ 0   : 0000000000000000 ffffffffcfffffff 0000000000000000 98000000bf3afde0

[   38.308000] $ 4   : 98000000bf2b8000 0000000000000000 0000000000000001 0000000000000000

[   38.308000] $ 8   : 0000000000000000 0000000000000000 000000000000016f 0000000000000001

[   38.308000] $12   : 0000000000000000 0000000000000000 0000000000000000 0000000000000000

[   38.308000] $16   : 98000000bf2b8000 98000000bf2b8618 98000000bf2b8000 ffffffff809e0000

[   38.308000] $20   : 0000000000000000 0000000000000060 98000000bf2b8000 0000000000000001

[   38.308000] $24   : 0000000000000000 0000000000000000

[   38.308000] $28   : 98000000bf3ac000 98000000bf3afa70 ffffffff80950000 ffffffff8027845c

[   38.308000] Hi    : 0000000000000042

[   38.308000] Lo    : 000000000c6ab000

[   38.308000] epc   : ffffffff802596c0 kthread_data+0x10/0x18

[   38.308000]     Tainted: G      D

[   38.308000] ra    : ffffffff8027845c irq_thread_dtor+0x2c/0x108

[   38.308000] Status: 140044e3 KX SX UX KERNEL EXL IE

[   38.308000] Cause : 90008008

[   38.308000] BadVA : ffffffffffffffe0

[   38.308000] PrId  : 00006303 (ICT Loongson-2)

[   38.308000] Modules linked in: arc4 rtl8187 eeprom_93cx6 led_class mac80211 cfg80211 rfkill psmouse loongson2_cpufreq snd_cs5535audio 8139too mii snd_ac97_codec ac97_bus snd_pcm snd_timer snd soundcore ipv6

[   38.308000] Process irq/10-sci (pid: 34, threadinfo=98000000bf3ac000, task=98000000bf2b8000, tls=0000000000000000)

[   38.308000] Stack : 0000000000000000 ffffffff802782c8 000000000000000b 0000000000000000

          98000000bf2b8618 ffffffff8025545c 000000000000000b 000000000000000b

          000000000000000b ffffffff808d60c8 0000000000000000 ffffffff80235fc8

          ffffffff80950000 ffffffff80631f24 98000000bf3afb08 0000000000000000

          0000000000000001 ffffffff802350ac 98000000bf3afc50 000000000000000b

          ffffffff808d60c8 0000000000000000 ffffffff80280000 ffffffff802782c8

          0000000000000001 98000000bf3afc50 ffffffff80950000 ffffffff8020cc84

          0000000100000000 0000000000000000 98000000bf2b8000 ffffffff8021c968

          00030001bf3ac000 ffffffff809df420 ffffffffffff0000 0000000000000000

          0000000000000002 ffffffff80239bc8 000000000000000a 0000000100001ba1

          ...

[   38.308000] Call Trace:

[   38.308000] [<ffffffff802596c0>] kthread_data+0x10/0x18

[   38.308000] [<ffffffff8027845c>] irq_thread_dtor+0x2c/0x108

[   38.308000] [<ffffffff8025545c>] task_work_run+0xac/0x120

[   38.308000] [<ffffffff80235fc8>] do_exit+0x290/0x9b8

[   38.308000] [<ffffffff8020cc84>] die+0x13c/0x188

[   38.308000] [<ffffffff8021c968>] __do_page_fault+0x3b8/0x430

[   38.308000] [<ffffffff80206dc4>] resume_userspace_check+0x0/0x10

[   38.308000]

Code: 3c01cfff  3421ffff  03e1f824 <03e00008> dc42ffe0  67bdffe0  24060008  ffbf0018  dc850290

[   38.312000] ---[ end trace f1ecc07587c77679 ]---

The below patch adds EVENT_WLAN to sci_event se[], fixes the bug.

diff -uprN linux-3.15/drivers/platform/mips/yeeloong_laptop.c linux-3.15-fix-wifi-fn-button/drivers/platform/mips/yeeloong_laptop.c

--- linux-3.15/drivers/platform/mips/yeeloong_laptop.c  2014-07-03 07:57:10.039453595 +0800

+++ linux-3.15-fix-wifi-fn-button/drivers/platform/mips/yeeloong_laptop.c       2014-07-03 07:59:40.800815141 +0800

@@ -974,6 +974,7 @@ static const struct sci_event se[] = {

        [EVENT_DISPLAY_TOGGLE] = {0, switchvideomode_handler},

        [EVENT_USB_OC0] = {REG_USB2_FLAG, usb0_handler},

        [EVENT_USB_OC2] = {REG_USB2_FLAG, usb2_handler},

+      [EVENT_WLAN] = {REG_WLAN, NULL},

 };

 static void do_event_action(int event)