Re: [PATCH 1/4] dmaengine: imx-sdma: fix buffer ownership

From: Philipp Puschmann
Date: Thu Sep 19 2019 - 05:20:21 EST

Next message: hev: "[PATCH RESEND v2] fs/epoll: Remove unnecessary wakeups of nested epoll that in ET mode"
Previous message: Xiaoming Ni: "[PATCH] tty:vt: Add check the return value of kzalloc to avoid oops"
In reply to: Lucas Stach: "Re: [PATCH 1/4] dmaengine: imx-sdma: fix buffer ownership"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 16.09.19 um 16:17 schrieb Lucas Stach:
> On Mi, 2019-09-11 at 16:49 +0200, Philipp Puschmann wrote:
>> BD_DONE flag marks ownership of the buffer. When 1 SDMA owns the buffer,
>> when 0 ARM owns it. When processing the buffers in
>> sdma_update_channel_loop the ownership of the currently processed buffer
>> was set to SDMA again before running the callback function of the the
>> buffer and while the sdma script may be running in parallel. So there was
>> the possibility to get the buffer overwritten by SDMA before it has been
>> processed by kernel leading to kind of random errors in the upper layers,
>> e.g. bluetooth.
>>
>> It may be further a good idea to make the status struct member volatile or
>> access it using writel or similar to rule out that the compiler sets the
>> BD_DONE flag before the callback routine has finished.
>>
>> Signed-off-by: Philipp Puschmann <philipp.puschmann@xxxxxxxxx>
>> ---
>> drivers/dma/imx-sdma.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c
>> index a01f4b5d793c..1abb14ff394d 100644
>> --- a/drivers/dma/imx-sdma.c
>> +++ b/drivers/dma/imx-sdma.c
>> @@ -802,7 +802,6 @@ static void sdma_update_channel_loop(struct sdma_channel *sdmac)
>> */
>>
>> desc->chn_real_count = bd->mode.count;
>> - bd->mode.status |= BD_DONE;
>> bd->mode.count = desc->period_len;
>> desc->buf_ptail = desc->buf_tail;
>> desc->buf_tail = (desc->buf_tail + 1) % desc->num_bd;
>> @@ -817,6 +816,8 @@ static void sdma_update_channel_loop(struct sdma_channel *sdmac)
>> dmaengine_desc_get_callback_invoke(&desc->vd.tx, NULL);
>> spin_lock(&sdmac->vc.lock);
>
> To address your comment from the second paragraph of the commit message
> there should be a dma_wmb() here before changing the status flag.
>
> Regards,
> Lucas

Hi Lucas,

thanks for your feedback. I will apply the hints to v2 of the patches.

Regards,
Philipp
>
>> + bd->mode.status |= BD_DONE;
>> +
>> if (error)
>> sdmac->status = old_status;
>> }
>

Next message: hev: "[PATCH RESEND v2] fs/epoll: Remove unnecessary wakeups of nested epoll that in ET mode"
Previous message: Xiaoming Ni: "[PATCH] tty:vt: Add check the return value of kzalloc to avoid oops"
In reply to: Lucas Stach: "Re: [PATCH 1/4] dmaengine: imx-sdma: fix buffer ownership"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]