Re: [PATCH] mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk

From: Ulf Hansson
Date: Mon Jun 14 2021 - 08:07:39 EST

Next message: Dan Carpenter: "Re: [PATCH] staging: rtl8188eu: convert DBG_88E calls in core/rtw_sta_mgt.c"
Previous message: Pavel Skripkin: "[PATCH] net: qrtr: fix OOB Read in qrtr_endpoint_post"
In reply to: Neil Armstrong: "[PATCH] mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Jun 2021 at 17:02, Neil Armstrong <narmstrong@xxxxxxxxxxxx> wrote:
>
> It has been reported that usage of memcpy() to/from an iomem mapping is invalid,
> and a recent arm64 memcpy update [1] triggers a memory abort when dram-access-quirk
> is used on the G12A/G12B platforms.
>
> This adds a local sg_copy_to_buffer which makes usage of io versions of memcpy
> when dram-access-quirk is enabled.
>
> Fixes: acdc8e71d9bb ("mmc: meson-gx: add dram-access-quirk")
> Reported-by: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>
> Suggested-by: Mark Rutland <mark.rutland@xxxxxxx>
> Signed-off-by: Neil Armstrong <narmstrong@xxxxxxxxxxxx>
> Tested-by: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>
>
> [1] 285133040e6c ("arm64: Import latest memcpy()/memmove() implementation")

Applied for fixes and by adding a stable tag, thanks!

Kind regards
Uffe

> ---
> drivers/mmc/host/meson-gx-mmc.c | 50 +++++++++++++++++++++++++++++----
> 1 file changed, 45 insertions(+), 5 deletions(-)
>
>
> Changes since RFC:
> - moved iomem address to bounce_iomem_buf otherwise sparse screamed when feeding memcpy_to/fromio with non iomem pointer
>
> diff --git a/drivers/mmc/host/meson-gx-mmc.c b/drivers/mmc/host/meson-gx-mmc.c
> index b8b771b643cc..3e9b28f18c70 100644
> --- a/drivers/mmc/host/meson-gx-mmc.c
> +++ b/drivers/mmc/host/meson-gx-mmc.c
> @@ -165,6 +165,7 @@ struct meson_host {
>
> unsigned int bounce_buf_size;
> void *bounce_buf;
> + void __iomem *bounce_iomem_buf;
> dma_addr_t bounce_dma_addr;
> struct sd_emmc_desc *descs;
> dma_addr_t descs_dma_addr;
> @@ -742,6 +743,47 @@ static void meson_mmc_desc_chain_transfer(struct mmc_host *mmc, u32 cmd_cfg)
> writel(start, host->regs + SD_EMMC_START);
> }
>
> +/* local sg copy to buffer version with _to/fromio usage for dram_access_quirk */
> +static void meson_mmc_copy_buffer(struct meson_host *host, struct mmc_data *data,
> + size_t buflen, bool to_buffer)
> +{
> + unsigned int sg_flags = SG_MITER_ATOMIC;
> + struct scatterlist *sgl = data->sg;
> + unsigned int nents = data->sg_len;
> + struct sg_mapping_iter miter;
> + unsigned int offset = 0;
> +
> + if (to_buffer)
> + sg_flags |= SG_MITER_FROM_SG;
> + else
> + sg_flags |= SG_MITER_TO_SG;
> +
> + sg_miter_start(&miter, sgl, nents, sg_flags);
> +
> + while ((offset < buflen) && sg_miter_next(&miter)) {
> + unsigned int len;
> +
> + len = min(miter.length, buflen - offset);
> +
> + /* When dram_access_quirk, the bounce buffer is a iomem mapping */
> + if (host->dram_access_quirk) {
> + if (to_buffer)
> + memcpy_toio(host->bounce_iomem_buf + offset, miter.addr, len);
> + else
> + memcpy_fromio(miter.addr, host->bounce_iomem_buf + offset, len);
> + } else {
> + if (to_buffer)
> + memcpy(host->bounce_buf + offset, miter.addr, len);
> + else
> + memcpy(miter.addr, host->bounce_buf + offset, len);
> + }
> +
> + offset += len;
> + }
> +
> + sg_miter_stop(&miter);
> +}
> +
> static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd)
> {
> struct meson_host *host = mmc_priv(mmc);
> @@ -785,8 +827,7 @@ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd)
> if (data->flags & MMC_DATA_WRITE) {
> cmd_cfg |= CMD_CFG_DATA_WR;
> WARN_ON(xfer_bytes > host->bounce_buf_size);
> - sg_copy_to_buffer(data->sg, data->sg_len,
> - host->bounce_buf, xfer_bytes);
> + meson_mmc_copy_buffer(host, data, xfer_bytes, true);
> dma_wmb();
> }
>
> @@ -955,8 +996,7 @@ static irqreturn_t meson_mmc_irq_thread(int irq, void *dev_id)
> if (meson_mmc_bounce_buf_read(data)) {
> xfer_bytes = data->blksz * data->blocks;
> WARN_ON(xfer_bytes > host->bounce_buf_size);
> - sg_copy_from_buffer(data->sg, data->sg_len,
> - host->bounce_buf, xfer_bytes);
> + meson_mmc_copy_buffer(host, data, xfer_bytes, false);
> }
>
> next_cmd = meson_mmc_get_next_command(cmd);
> @@ -1176,7 +1216,7 @@ static int meson_mmc_probe(struct platform_device *pdev)
> * instead of the DDR memory
> */
> host->bounce_buf_size = SD_EMMC_SRAM_DATA_BUF_LEN;
> - host->bounce_buf = host->regs + SD_EMMC_SRAM_DATA_BUF_OFF;
> + host->bounce_iomem_buf = host->regs + SD_EMMC_SRAM_DATA_BUF_OFF;
> host->bounce_dma_addr = res->start + SD_EMMC_SRAM_DATA_BUF_OFF;
> } else {
> /* data bounce buffer */
> --
> 2.25.1
>

Next message: Dan Carpenter: "Re: [PATCH] staging: rtl8188eu: convert DBG_88E calls in core/rtw_sta_mgt.c"
Previous message: Pavel Skripkin: "[PATCH] net: qrtr: fix OOB Read in qrtr_endpoint_post"
In reply to: Neil Armstrong: "[PATCH] mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]