On 10/14/22 1:00 AM, Souradeep Chowdhury wrote:
The DCC is a DMA Engine designed to capture and store data
during system crash or software triggers. The DCC operates
based on user inputs via the debugfs interface. The user gives
addresses as inputs and these addresses are stored in the
dcc sram. In case of a system crash or a manual software
trigger by the user through the debugfs interface,
the dcc captures and stores the values at these addresses.
This patch contains the driver which has all the methods
pertaining to the debugfs interface, auxiliary functions to
support all the four fundamental operations of dcc namely
read, write, read/modify/write and loop. The probe method
here instantiates all the resources necessary for dcc to
operate mainly the dedicated dcc sram where it stores the
values. The DCC driver can be used for debugging purposes
without going for a reboot since it can perform software
triggers as well based on user inputs.
Also added the documentation for debugfs entries and explained
the functionalities of each debugfs file that has been created
for dcc.
The following is the justification of using debugfs interface
over the other alternatives like sysfs/ioctls
i) As can be seen from the debugfs attribute descriptions,
some of the debugfs attribute files here contains multiple
arguments which needs to be accepted from the user. This goes
against the design style of sysfs.
ii) The user input patterns have been made simple and convenient
in this case with the use of debugfs interface as user doesn't
need to shuffle between different files to execute one instruction
as was the case on using other alternatives.
Signed-off-by: Souradeep Chowdhury <quic_schowdhu@xxxxxxxxxxx>
I haven't followed any review feedback you have received
since verion 8 (which I reviewed), so if I say something
that conflicts with other feedback I apologize. I know
Bjorn had some comments too, so you're already going to
send another version.
Unfortunately I have some more input, including some things
that are basically bugs (because buffers could be overrun).
I will plan to review again once you've had a chance to
address my comments.
-Alex
---
Documentation/ABI/testing/debugfs-driver-dcc | 98 ++
drivers/soc/qcom/Kconfig | 8 +
drivers/soc/qcom/Makefile | 1 +
drivers/soc/qcom/dcc.c | 1355 ++++++++++++++++++++++++++
4 files changed, 1462 insertions(+)
create mode 100644 Documentation/ABI/testing/debugfs-driver-dcc
create mode 100644 drivers/soc/qcom/dcc.c
diff --git a/Documentation/ABI/testing/debugfs-driver-dcc b/Documentation/ABI/testing/debugfs-driver-dcc
new file mode 100644
index 0000000..387f67e
--- /dev/null
+++ b/Documentation/ABI/testing/debugfs-driver-dcc
@@ -0,0 +1,98 @@
+What: /sys/kernel/debug/dcc/.../ready
+Date: September 2022
+Contact: Souradeep Chowdhury <quic_schowdhu@xxxxxxxxxxx>
+Description:
+ This file is used to check the status of the dcc
+ hardware if it's ready to take the inputs. A 'Y'
+ here indicates dcc is in a ready condition.
+ Example:
+ cat /sys/kernel/debug/dcc/.../ready
+
+What: /sys/kernel/debug/dcc/.../trigger
+Date: September 2022
Again, update these dates before the final version goes out,
or... each time you send a new version, update them.
+Contact: Souradeep Chowdhury <quic_schowdhu@xxxxxxxxxxx>
+Description:
+ This is the debugfs interface for manual software
+ triggers. The user can simply enter a 1 against
+ the debugfs file and enable a manual trigger.
+ Example:
+ echo 1 > /sys/kernel/debug/dcc/.../trigger
+
+What: /sys/kernel/debug/dcc/.../config_reset
+Date: September 2022
+Contact: Souradeep Chowdhury <quic_schowdhu@xxxxxxxxxxx>
+Description:
+ This file is used to reset the configuration of
+ a dcc driver to the default configuration. This
+ means that all the previous addresses stored in
+ the driver gets removed and user needs to enter
+ the address values from the start.
+ Example:
+ echo 1 > /sys/kernel/debug/dcc/../config_reset
+
+What: /sys/kernel/debug/dcc/.../[list-number]/config
+Date: September 2022
+Contact: Souradeep Chowdhury <quic_schowdhu@xxxxxxxxxxx>
+Description:
+ This stores the addresses of the registers which
+ should be read in case of a hardware crash or
+ manual software triggers. The addresses entered here
+ are considered under all the 4 types of dcc
+ instructions Read type, Write type, Read Modify Write
+ type and Loop type. The lists need to be configured
+ sequentially and not in a overlapping manner. As an
+ example user can jump to list x only after list y is
+ configured and enabled. The format for entering all
+ types of instructions are explained in examples as
+ follows.
+ Example:
+ i)Read Type Instruction
+ echo R <1> <2> <3> >/sys/kernel/debug/dcc/../[list-number]/config
+ 1->Address to be considered for reading the value.
+ 2->The word count of the addresses, read n words
+ starting from address <1>. Each word is of 32 bits.
+ If not entered 1 is considered.
+ 3->Can be 'apb' or 'ahb' which indicates if it is apb or ahb
+ bus respectively. If not entered ahb is considered.
+ ii)Write Type Instruction
+ echo W <1> <2> <3> > /sys/kernel/debug/dcc/../[list-number]/config
+ 1->Address to be considered for writing the value.
+ 2->The value that needs to be written at the location.
+ 3->Can be a 'apb' or 'ahb' which indicates if it is apb or ahb
+ but respectively.
+ iii)Read Modify Write type instruction
+ echo RW <1> <2> <3> > /sys/kernel/debug/dcc/../[list-number]/config
+ 1->The address which needs to be considered for read then write.
+ 2->The value that needs to be written on the address.
+ 3->The mask of the value to be written.
+ iv)Loop Type Instruction
+ echo L <1> <2> <3> > /sys/kernel/debug/dcc/../[list-number]/config
+ 1->The loop count, the number of times the value of the addresses will be
+ captured.
+ 2->The address count, total number of addresses to be entered in this
+ instruction.
+ 3->The series of addresses to be entered separated by a space like <addr1>
+ <addr2>... and so on.
+
+What: /sys/kernel/debug/dcc/.../[list-number]/enable
+Date: September 2022
+Contact: Souradeep Chowdhury <quic_schowdhu@xxxxxxxxxxx>
+Description:
+ This debugfs interface is used for enabling the
+ the dcc hardware. Enable file is kept under the
+ directory list number for which the user wants
+ to enable it. For example if the user wants to
+ enable list 1, then he should go for
+ echo 1 > /sys/kernel/debug/dcc/.../1/enable.
+ On enabling the dcc, all the addresses entered
+ by the user for the corresponding list is written
+ into dcc sram which is read by the dcc hardware
+ on manual or crash induced triggers. Lists should
+ be enabled sequentially.For example after configuring
+ addresses for list 1 and enabling it, a user can
+ proceed to enable list 2 or vice versa.
+ Example:
+ echo 0 > /sys/kernel/debug/dcc/.../[list-number]/enable
+ (disable dcc for the corresponding list number)
+ echo 1 > /sys/kernel/debug/dcc/.../[list-number]/enable
+ (enable dcc for the corresponding list number)
diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig
index 024e420..d5730bf 100644
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -69,6 +69,14 @@ config QCOM_LLCC
SDM845. This provides interfaces to clients that use the LLCC.
Say yes here to enable LLCC slice driver.
+config QCOM_DCC
+ tristate "Qualcomm Technologies, Inc. Data Capture and Compare(DCC) engine driver"
+ depends on ARCH_QCOM || COMPILE_TEST
+ help
+ This option enables driver for Data Capture and Compare engine. DCC
+ driver provides interface to configure DCC block and read back
+ captured data from DCC's internal SRAM.
+
config QCOM_KRYO_L2_ACCESSORS
bool
depends on ARCH_QCOM && ARM64 || COMPILE_TEST
diff --git a/drivers/soc/qcom/Makefile b/drivers/soc/qcom/Makefile
index d66604a..b1fe812 100644
--- a/drivers/soc/qcom/Makefile
+++ b/drivers/soc/qcom/Makefile
@@ -4,6 +4,7 @@ obj-$(CONFIG_QCOM_AOSS_QMP) += qcom_aoss.o
obj-$(CONFIG_QCOM_GENI_SE) += qcom-geni-se.o
obj-$(CONFIG_QCOM_COMMAND_DB) += cmd-db.o
obj-$(CONFIG_QCOM_CPR) += cpr.o
+obj-$(CONFIG_QCOM_DCC) += dcc.o
obj-$(CONFIG_QCOM_GSBI) += qcom_gsbi.o
obj-$(CONFIG_QCOM_MDT_LOADER) += mdt_loader.o
obj-$(CONFIG_QCOM_OCMEM) += ocmem.o
diff --git a/drivers/soc/qcom/dcc.c b/drivers/soc/qcom/dcc.c
new file mode 100644
index 0000000..efad225
--- /dev/null
+++ b/drivers/soc/qcom/dcc.c
@@ -0,0 +1,1355 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (c) 2015-2021, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2022, Qualcomm Innovation Center, Inc. All rights reserved.
+ */
+
+#include <linux/bitfield.h>
+#include <linux/bitops.h>
+#include <linux/debugfs.h>
+#include <linux/delay.h>
+#include <linux/fs.h>
+#include <linux/io.h>
+#include <linux/iopoll.h>
+#include <linux/miscdevice.h>
+#include <linux/module.h>
+#include <linux/of.h>
+#include <linux/of_device.h>
+#include <linux/platform_device.h>
+#include <linux/slab.h>
+#include <linux/uaccess.h>
+
+#define STATUS_READY_TIMEOUT 5000 /*microseconds*/
Comments normally have spaces next to the asterisk.
I.e.:
/* microseconds */
Maybe this isn't that critical. But if you fix this, fix
it throughout.
+
+#define DCC_SRAM_NODE "dcc_sram"
+
+/* DCC registers */
+#define DCC_HW_INFO 0x04
+#define DCC_LL_NUM_INFO 0x10
+#define DCC_STATUS(vers) ((vers) == 1 ? 0x0c : 0x1c)
+#define DCC_LL_LOCK 0x00
+#define DCC_LL_CFG 0x04
+#define DCC_LL_BASE 0x08
+#define DCC_FD_BASE 0x0c
+#define DCC_LL_TIMEOUT 0x10
+#define DCC_LL_INT_ENABLE 0x18
+#define DCC_LL_INT_STATUS 0x1c
+#define DCC_LL_SW_TRIGGER 0x2c
+#define DCC_LL_BUS_ACCESS_STATUS 0x30
+
+#define DCC_MAP_LEVEL1 0x18
+#define DCC_MAP_LEVEL2 0x34
+#define DCC_MAP_LEVEL3 0x4C
+
+#define DCC_MAP_OFFSET1 0x10
+#define DCC_MAP_OFFSET2 0x18
+#define DCC_MAP_OFFSET3 0x1C
+#define DCC_MAP_OFFSET4 0x8
+
+/*Default value used if a bit 6 in the HW_INFO register is set.*/
+#define DCC_FIX_LOOP_OFFSET 16
+
+/*Mask to find version info from HW_Info register*/
+#define DCC_VER_INFO_MASK BIT(9)
+
+#define DCC_READ 0
+#define DCC_WRITE 1
+#define DCC_LOOP 2
+#define DCC_READ_WRITE 3
+
+#define MAX_DCC_OFFSET GENMASK(9, 2)
+#define MAX_DCC_LEN GENMASK(6, 0)
+#define MAX_LOOP_CNT GENMASK(7, 0)
+#define MAX_LOOP_ADDR 10
+
+#define DCC_ADDR_DESCRIPTOR 0x00
+#define DCC_ADDR_LIMIT 27
You appear to use DCC_ADDR_OFF_RANGE as the size of a
"word" when a word count is supplied. But if that's
the case, I think it's supposed to be 4, or better,
sizeof(u32). If it is the word size, DCC_WORD_SIZE
might be a better name (and defined it as sizeof(u32)).
+#define DCC_ADDR_OFF_RANGE 8
Then you use DCC_ADDR_RANGE_MASK to truncate an address
provided down to a multiple of 16 bytes. Why is that?
Is there a hardware limitation that makes 16 byte alignment
necessary? (A little more below, where they're used.)
+#define DCC_ADDR_RANGE_MASK GENMASK(31, 4)
+#define DCC_LOOP_DESCRIPTOR BIT(30)
+#define DCC_RD_MOD_WR_DESCRIPTOR BIT(31)
+#define DCC_LINK_DESCRIPTOR GENMASK(31, 30)
+#define DCC_STATUS_MASK GENMASK(1, 0)
You need one more tab before GENMASK() in the line above.
+#define DCC_LOCK_MASK BIT(0)
The above line has a bunch of spaces before BIT(0), and
it should just be tabs.
+#define DCC_LOOP_OFFSET_MASK BIT(6)
+#define DCC_TRIGGER_MASK BIT(9)
+
+#define DCC_WRITE_MASK BIT(15)
+#define DCC_WRITE_OFF_MASK GENMASK(7, 0)
+#define DCC_WRITE_LEN_MASK GENMASK(14, 8)
+
+#define DCC_READ_IND 0x00
+#define DCC_WRITE_IND (BIT(28))
+
+#define DCC_AHB_IND 0x00
+#define DCC_APB_IND BIT(29)
+
+#define DCC_MAX_LINK_LIST 8
+#define DCC_INVALID_LINK_LIST GENMASK(7, 0)
+
+#define DCC_VER_MASK1 GENMASK(6, 0)
+#define DCC_VER_MASK2 GENMASK(5, 0)
+
+#define DCC_SRAM_WORD_LENGTH 4
+
+#define DCC_RD_MOD_WR_ADDR 0xC105E
+
+/*DCC debugfs directory*/
+static struct dentry *dcc_dbg;
+
+enum dcc_descriptor_type {
+ DCC_READ_TYPE,
+ DCC_LOOP_TYPE,
+ DCC_READ_WRITE_TYPE,
+ DCC_WRITE_TYPE
+};
+
+struct dcc_config_entry {
+ u32 base;
+ u32 offset;
+ u32 len;
+ u32 loop_cnt;
+ u32 write_val;
+ u32 mask;
+ bool apb_bus;
+ enum dcc_descriptor_type desc_type;
+ struct list_head list;
+};
+
+/**
+ * struct dcc_drvdata - configuration information related to a dcc device
+ * @base: Base Address of the dcc device
+ * @dev: The device attached to the driver data
+ * @mutex: Lock to protect access and manipulation of dcc_drvdata
+ * @ram_base: Base address for the SRAM dedicated for the dcc device
+ * @ram_size: Total size of the SRAM dedicated for the dcc device
+ * @ram_offset: Offset to the SRAM dedicated for dcc device
+ * @mem_map_ver: Memory map version of DCC hardware
+ * @ram_cfg: Used for address limit calculation for dcc
+ * @ram_start: Starting address of DCC SRAM
+ * @sram_dev: Miscellaneous device equivalent of dcc SRAM
+ * @cfg_head: Points to the head of the linked list of addresses
+ * @dbg_dir: The dcc debugfs directory under which all the debugfs files are placed
+ * @nr_link_list: Total number of linkedlists supported by the DCC configuration
+ * @loopoff: Loop offset bits range for the addresses
+ * @enable_bitmap: Bitmap to capture the enabled status of each linked list of addresses
+ */
+struct dcc_drvdata {
+ void __iomem *base;
+ void *ram_base;
+ struct device *dev;
+ struct mutex mutex;
+ size_t ram_size;
+ size_t ram_offset;
+ int mem_map_ver;
+ phys_addr_t ram_cfg;
+ phys_addr_t ram_start;
+ struct miscdevice sram_dev;
+ struct list_head *cfg_head;
+ struct dentry *dbg_dir;
+ size_t nr_link_list;
+ u8 loopoff;
+ unsigned long *enable_bitmap;
+};
+
+struct dcc_cfg_attr {
+ u32 addr;
+ u32 prev_addr;
+ u32 prev_off;
+ u32 link;
+ u32 sram_offset;
+};
+
+struct dcc_cfg_loop_attr {
+ u32 loop;
+ u32 loop_cnt;
+ u32 loop_len;
+ u32 loop_off;
+ bool loop_start;
+};
The entire dcc_offset_conv() function, along with all of the
MAP_LEVEL and MAP_OFFSET definitions, can simply go away.
The only place dcc_offset_conv() is called is from dcc_readl().
And the only offset values passed to dcc_readl() are DCC_HW_INFO
and DCC_LL_NUM_INFO.
DCC_HW_INFO is actually read *before* drvdata->mem_map_ver is
even set, but in any case its value is 0x4, meaning the return
value of dcc_offset_conv(drvdata, DCC_HW_INFO) is simply 0x4
(or DCC_HW_INFO).
The value of DCC_LL_NUM_INFO is 0x10, which is less than
DCC_MAP_LEVEL1=0x18 (for mem_map_ver == 1) and also less
than DCC_MAP_LEVEL2=0x34 (for mem_map_ver == 2). So here
again, dcc_offset_conv(drvdata, DCC_LL_NUM_INFO) will always
return 0x10 (or DCC_LL_NUM_INFO).
Unless there is some reason to believe you need to read more
than just these two registers, all this mapping code is just
a distraction.
+static size_t dcc_offset_conv(struct dcc_drvdata *drvdata, size_t off)
+{
+ /* If the memory map version is 1, adjust the offset based on
+ * the dcc version mask. If the memory map version is 2
+ * adjust the offset if the dcc version mask is greater than
+ * map level 2.For other conditions, just return the offset.
+ */
+ if (drvdata->mem_map_ver == 1) {
+ if (FIELD_GET(DCC_VER_MASK1, off) >= DCC_MAP_LEVEL3)
+ return off - DCC_MAP_OFFSET3;
+ if (FIELD_GET(DCC_VER_MASK1, off) >= DCC_MAP_LEVEL2)
+ return off - DCC_MAP_OFFSET2;
+ else if (FIELD_GET(DCC_VER_MASK1, off) >= DCC_MAP_LEVEL1)
+ return off - DCC_MAP_OFFSET1;
+ } else if (drvdata->mem_map_ver == 2) {
+ if (FIELD_GET(DCC_VER_MASK1, off) >= DCC_MAP_LEVEL2)
+ return off - DCC_MAP_OFFSET4;
+ }
+
+ return off;
+}
+
+static inline u32 dcc_ll_offset(int version)
+{
+ return version == 1 ? 0x1c : (version == 2 ? 0x2c : 0x34);
+}
+
+static inline u32 dcc_readl(struct dcc_drvdata *drvdata, u32 off)
+{
+ return readl(drvdata->base + dcc_offset_conv(drvdata, off));
+}
+
+static inline void dcc_ll_writel(struct dcc_drvdata *drvdata,
+ u32 ll, u32 val, u32 off)
+{
+ u32 offset = dcc_ll_offset(drvdata->mem_map_ver) + off;
+
+ writel(val, drvdata->base + ll * 0x80 + offset);
+}
+
+static inline u32 dcc_ll_readl(struct dcc_drvdata *drvdata, u32 ll, u32 off)
+{
+ u32 offset = dcc_ll_offset(drvdata->mem_map_ver) + off;
+
+ return readl(drvdata->base + ll * 0x80 + offset);
+}
+
+static void dcc_sram_write_auto(struct dcc_drvdata *drvdata,
+ u32 val, u32 *off)
+{
+ memset(drvdata->ram_base + *off, val, DCC_SRAM_WORD_LENGTH);
+
+ *off += 4;
+}
+
+static int dcc_read_and_clear(struct dcc_drvdata *drvdata)
+{
+ int i;
+ u32 status;
+ u32 ll_cfg;
+ u32 tmp_ll_cfg;
+
+ for (i = 0; i < drvdata->nr_link_list; i++) {
+ if (!test_bit(i, drvdata->enable_bitmap))
+ continue;
+
+ status = dcc_ll_readl(drvdata, i, DCC_LL_BUS_ACCESS_STATUS);
+ if (!status)
+ continue;
+
+ dev_err(drvdata->dev, "Read access error for list %d err: 0x%x\n",
+ i, status);
+ ll_cfg = dcc_ll_readl(drvdata, i, DCC_LL_CFG);
+ tmp_ll_cfg = ll_cfg & ~DCC_TRIGGER_MASK;
+ dcc_ll_writel(drvdata, tmp_ll_cfg, i, DCC_LL_CFG);
+ dcc_ll_writel(drvdata, DCC_STATUS_MASK, i, DCC_LL_BUS_ACCESS_STATUS);
+ dcc_ll_writel(drvdata, ll_cfg, i, DCC_LL_CFG);
+ return -ENODATA;
+ }
+
+ return 0;
+}
+
+static int dcc_sw_trigger(struct dcc_drvdata *drvdata)
+{
+ void __iomem *addr;
+ int ret;
+ int i;
+ u32 ll_cfg;
+ u32 tmp_ll_cfg;
+ u32 val;
+
+ mutex_lock(&drvdata->mutex);
+
+ for (i = 0; i < drvdata->nr_link_list; i++) {
+ if (!test_bit(i, drvdata->enable_bitmap))
+ continue;
+ ll_cfg = dcc_ll_readl(drvdata, i, DCC_LL_CFG);
+ tmp_ll_cfg = ll_cfg & ~DCC_TRIGGER_MASK;
+ dcc_ll_writel(drvdata, tmp_ll_cfg, i, DCC_LL_CFG);
+ dcc_ll_writel(drvdata, 1, i, DCC_LL_SW_TRIGGER);
+ dcc_ll_writel(drvdata, ll_cfg, i, DCC_LL_CFG);
+ }
+
+ addr = drvdata->base + DCC_STATUS(drvdata->mem_map_ver);
+ if (readl_poll_timeout(addr, val, (FIELD_GET(DCC_STATUS_MASK, val) == 0),
Parentheses around (FIELD_GET(...) == 0) not needed here,
and you could just do !FIELD_GET(...).
+ 1, STATUS_READY_TIMEOUT)) {
+ dev_err(drvdata->dev, "DCC is busy after receiving sw trigger\n");
+ ret = -EBUSY;
+ goto out_unlock;
+ }
+
+ ret = dcc_read_and_clear(drvdata);
+
+out_unlock:
+ mutex_unlock(&drvdata->mutex);
+ return ret;
+}
+
+static void _dcc_ll_cfg_reset_link(struct dcc_cfg_attr *cfg)
+{
+ cfg->addr = 0x00;
+ cfg->link = 0;
+ cfg->prev_off = 0;
+ cfg->prev_addr = cfg->addr;
+}
+
+static void _dcc_emit_read_write(struct dcc_drvdata *drvdata,
+ struct dcc_config_entry *entry,
+ struct dcc_cfg_attr *cfg)
+{
+ if (cfg->link) {
+ /*
+ * write new offset = 1 to continue
+ * processing the list
+ */
+
+ dcc_sram_write_auto(drvdata, cfg->link, &cfg->sram_offset);
+
+ /* Reset link and prev_off */
+ _dcc_ll_cfg_reset_link(cfg);
+ }
+
+ cfg->addr = DCC_RD_MOD_WR_DESCRIPTOR;
+ dcc_sram_write_auto(drvdata, cfg->addr, &cfg->sram_offset);
+
+ dcc_sram_write_auto(drvdata, entry->mask, &cfg->sram_offset);
+
+ dcc_sram_write_auto(drvdata, entry->write_val, &cfg->sram_offset);
+
+ cfg->addr = 0;
+}
+
+static void _dcc_emit_loop(struct dcc_drvdata *drvdata, struct dcc_config_entry *entry,
+ struct dcc_cfg_attr *cfg,
+ struct dcc_cfg_loop_attr *cfg_loop,
+ u32 *total_len)
+{
+ /* Check if we need to write link of prev entry */
+ if (cfg->link)
+ dcc_sram_write_auto(drvdata, cfg->link, &cfg->sram_offset);
+
+ if (cfg_loop->loop_start) {
+ cfg_loop->loop = (cfg->sram_offset - cfg_loop->loop_off) / 4;
+ cfg_loop->loop |= (cfg_loop->loop_cnt << drvdata->loopoff) &
+ GENMASK(DCC_ADDR_LIMIT, drvdata->loopoff);
+ cfg_loop->loop |= DCC_LOOP_DESCRIPTOR;
+ *total_len += (*total_len - cfg_loop->loop_len) * cfg_loop->loop_cnt;
+
+ dcc_sram_write_auto(drvdata, cfg_loop->loop, &cfg->sram_offset);
+
+ cfg_loop->loop_start = false;
+ cfg_loop->loop_len = 0;
+ cfg_loop->loop_off = 0;
+ } else {
+ cfg_loop->loop_start = true;
+ cfg_loop->loop_cnt = entry->loop_cnt - 1;
+ cfg_loop->loop_len = *total_len;
+ cfg_loop->loop_off = cfg->sram_offset;
+ }
+
+ /* Reset link and prev_off */
+ _dcc_ll_cfg_reset_link(cfg);
+}
+
+static void _dcc_emit_write(struct dcc_drvdata *drvdata,
+ struct dcc_config_entry *entry,
+ struct dcc_cfg_attr *cfg,
+ u32 *total_len)
+{
+ u32 off;
+
+ if (cfg->link) {
+ /*
+ * write new offset = 1 to continue
+ * processing the list
+ */
+ dcc_sram_write_auto(drvdata, cfg->link, &cfg->sram_offset);
+
+ /* Reset link and prev_off */
+ cfg->addr = 0x00;
+ cfg->prev_off = 0;
+ cfg->prev_addr = cfg->addr;
+ }
+
+ off = entry->offset / 4;
+ /* write new offset-length pair to correct position */
+ cfg->link |= ((off & DCC_WRITE_OFF_MASK) | DCC_WRITE_MASK |
+ FIELD_PREP(DCC_WRITE_LEN_MASK, entry->len));
+ cfg->link |= DCC_LINK_DESCRIPTOR;
+
+ /* Address type */
+ cfg->addr = (entry->base >> 4) & GENMASK(DCC_ADDR_LIMIT, 0);
+ if (entry->apb_bus)
+ cfg->addr |= DCC_ADDR_DESCRIPTOR | DCC_WRITE_IND | DCC_APB_IND;
+ else
+ cfg->addr |= DCC_ADDR_DESCRIPTOR | DCC_WRITE_IND | DCC_AHB_IND;
+ dcc_sram_write_auto(drvdata, cfg->addr, &cfg->sram_offset);
+
+ dcc_sram_write_auto(drvdata, cfg->link, &cfg->sram_offset);
+
+ dcc_sram_write_auto(drvdata, entry->write_val, &cfg->sram_offset);
+
+ cfg->addr = 0x00;
+ cfg->link = 0;
+}
+
+static int _dcc_emit_read(struct dcc_drvdata *drvdata,
+ struct dcc_config_entry *entry,
+ struct dcc_cfg_attr *cfg,
+ u32 *pos, u32 *total_len)
+{
+ u32 off;
+ u32 temp_off;
+
+ cfg->addr = (entry->base >> 4) & GENMASK(27, 0);
+
+ if (entry->apb_bus)
+ cfg->addr |= DCC_ADDR_DESCRIPTOR | DCC_READ_IND | DCC_APB_IND;
+ else
+ cfg->addr |= DCC_ADDR_DESCRIPTOR | DCC_READ_IND | DCC_AHB_IND;
+
+ off = entry->offset / 4;
+
+ *total_len += entry->len * 4;
+
+ if (!cfg->prev_addr || cfg->prev_addr != cfg->addr || cfg->prev_off > off) {
+ /* Check if we need to write prev link entry */
+ if (cfg->link)
+ dcc_sram_write_auto(drvdata, cfg->link, &cfg->sram_offset);
+ dev_dbg(drvdata->dev, "DCC: sram address 0x%x\n", cfg->sram_offset);
+
+ /* Write address */
+ dcc_sram_write_auto(drvdata, cfg->addr, &cfg->sram_offset);
+
+ /* Reset link and prev_off */
+ cfg->link = 0;
+ cfg->prev_off = 0;
+ }
+
+ if ((off - cfg->prev_off) > 0xFF || entry->len > MAX_DCC_LEN) {
+ dev_err(drvdata->dev, "DCC: Programming error Base: 0x%x, offset 0x%x\n",
+ entry->base, entry->offset);
+ return -EINVAL;
+ }
+
+ if (cfg->link) {
+ /*
+ * link already has one offset-length so new
+ * offset-length needs to be placed at
+ * bits [29:15]
+ */
+ *pos = 15;
+
+ /* Clear bits [31:16] */
+ cfg->link &= GENMASK(14, 0);
+ } else {
+ /*
+ * link is empty, so new offset-length needs
+ * to be placed at bits [15:0]
+ */
+ *pos = 0;
+ cfg->link = 1 << 15;
+ }
+
+ /* write new offset-length pair to correct position */
+ temp_off = (off - cfg->prev_off) & GENMASK(7, 0);
+ cfg->link |= temp_off | ((entry->len << 8) & GENMASK(14, 8)) << *pos;
+
+ cfg->link |= DCC_LINK_DESCRIPTOR;
+
+ if (*pos) {
+ dcc_sram_write_auto(drvdata, cfg->link, &cfg->sram_offset);
+ cfg->link = 0;
+ }
+
+ cfg->prev_off = off + entry->len - 1;
+ cfg->prev_addr = cfg->addr;
+ return 0;
+}
+
+static int __dcc_emit_config(struct dcc_drvdata *drvdata, int curr_list)
+{
+ int ret;
+ u32 total_len, pos;
+ struct dcc_config_entry *entry;
+ struct dcc_cfg_attr cfg;
+ struct dcc_cfg_loop_attr cfg_loop;
+
+ memset(&cfg, 0, sizeof(cfg));
+ memset(&cfg_loop, 0, sizeof(cfg_loop));
+ cfg.sram_offset = drvdata->ram_cfg * 4;
+ total_len = 0;
+
+ list_for_each_entry(entry, &drvdata->cfg_head[curr_list], list) {
+ switch (entry->desc_type) {
+ case DCC_READ_WRITE_TYPE:
+ _dcc_emit_read_write(drvdata, entry, &cfg);
+ break;
+
+ case DCC_LOOP_TYPE:
+ _dcc_emit_loop(drvdata, entry, &cfg, &cfg_loop, &total_len);
+ break;
+
+ case DCC_WRITE_TYPE:
+ _dcc_emit_write(drvdata, entry, &cfg, &total_len);
+ break;
+
+ case DCC_READ_TYPE:
+ ret = _dcc_emit_read(drvdata, entry, &cfg, &pos, &total_len);
+ if (ret)
+ goto overstep;
+ break;
+ }
+ }
+
+ if (cfg.link)
+ dcc_sram_write_auto(drvdata, cfg.link, &cfg.sram_offset);
+
+ if (cfg_loop.loop_start) {
+ dev_err(drvdata->dev, "DCC: Programming error: Loop unterminated\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ /* Handling special case of list ending with a rd_mod_wr */
+ if (cfg.addr == DCC_RD_MOD_WR_DESCRIPTOR) {
+ cfg.addr = (DCC_RD_MOD_WR_ADDR) & GENMASK(27, 0);
+ cfg.addr |= DCC_ADDR_DESCRIPTOR;
+ dcc_sram_write_auto(drvdata, cfg.addr, &cfg.sram_offset);
+ }
+
+ /* Setting zero to indicate end of the list */
+ cfg.link = DCC_LINK_DESCRIPTOR;
+ dcc_sram_write_auto(drvdata, cfg.link, &cfg.sram_offset);
+
+ /*Check if sram offset exceeds the ram size*/
+ if (cfg.sram_offset > drvdata->ram_size)
+ goto overstep;
+
+ /* Update ram_cfg and check if the data will overstep */
+ drvdata->ram_cfg = (cfg.sram_offset + total_len) / 4;
+
+ if (cfg.sram_offset + total_len > drvdata->ram_size) {
+ cfg.sram_offset += total_len;
+ goto overstep;
+ }
+
+ drvdata->ram_start = cfg.sram_offset / 4;
+ return 0;
+overstep:
+ ret = -EINVAL;
+ memset(drvdata->ram_base, 0, drvdata->ram_size);
+
+err:
+ return ret;
+}
+
You could have dcc_valid_list() return Boolean and then it
reads nicely:
if (!dcc_valid_list(drvdata, curr_list))
/* ... error, list is not valid */
+static int dcc_valid_list(struct dcc_drvdata *drvdata, int curr_list)
+{
+ u32 lock_reg;
+
+ if (list_empty(&drvdata->cfg_head[curr_list]))
+ return -EINVAL;
+
+ if (test_bit(curr_list, drvdata->enable_bitmap)) {
+ dev_err(drvdata->dev, "List %d is already enabled\n", curr_list);
Maybe this seems picky, but...
This error message doesn't belong in the validity check, it belongs
in the caller.
Actually, I feel like all of this just belongs in dcc_enable(),
because it's doing more than just validity checking.
+ return -EINVAL;
+ }
+
+ lock_reg = dcc_ll_readl(drvdata, curr_list, DCC_LL_LOCK);
+ if (lock_reg & DCC_LOCK_MASK) {
+ dev_err(drvdata->dev, "List %d is already locked\n", curr_list);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static bool is_dcc_enabled(struct dcc_drvdata *drvdata)
+{
+ int list;
+
+ for (list = 0; list < drvdata->nr_link_list; list++)
+ if (test_bit(list, drvdata->enable_bitmap))
+ return true;
+
+ return false;
+}
+
+static int dcc_enable(struct dcc_drvdata *drvdata, int curr_list)
+{
+ int ret;
+ u32 ram_cfg_base;
+
+ mutex_lock(&drvdata->mutex);
+
+ ret = dcc_valid_list(drvdata, curr_list);
+ if (ret)
+ goto out_unlock;
+
+ /* Fill dcc sram with the poison value.
+ * This helps in understanding bus
+ * hang from registers returning a zero
+ */
+ if (!is_dcc_enabled(drvdata))
+ memset(drvdata->ram_base, 0xde, drvdata->ram_size);
+
+ /* 1. Take ownership of the list */
+ dcc_ll_writel(drvdata, DCC_LOCK_MASK, curr_list, DCC_LL_LOCK);
+
+ /* 2. Program linked-list in the SRAM */
+ ram_cfg_base = drvdata->ram_cfg;
+ ret = __dcc_emit_config(drvdata, curr_list);
+ if (ret) {
+ dcc_ll_writel(drvdata, 0, curr_list, DCC_LL_LOCK);
+ goto out_unlock;
+ }
+
+ /* 3. Program DCC_RAM_CFG reg */
+ dcc_ll_writel(drvdata, ram_cfg_base +
+ drvdata->ram_offset / 4, curr_list, DCC_LL_BASE);
+ dcc_ll_writel(drvdata, drvdata->ram_start +
+ drvdata->ram_offset / 4, curr_list, DCC_FD_BASE);
+ dcc_ll_writel(drvdata, 0xFFF, curr_list, DCC_LL_TIMEOUT);
+
+ /* 4. Clears interrupt status register */
+ dcc_ll_writel(drvdata, 0, curr_list, DCC_LL_INT_ENABLE);
+ dcc_ll_writel(drvdata, (BIT(0) | BIT(1) | BIT(2)),
+ curr_list, DCC_LL_INT_STATUS);
+
+ set_bit(curr_list, drvdata->enable_bitmap);
+
+ /* 5. Configure trigger */
+ dcc_ll_writel(drvdata, DCC_TRIGGER_MASK,
+ curr_list, DCC_LL_CFG);
+
+out_unlock:
+ mutex_unlock(&drvdata->mutex);
+ return ret;
+}
+
+static void dcc_disable(struct dcc_drvdata *drvdata, int curr_list)
+{
+ mutex_lock(&drvdata->mutex);
+
+ if (!test_bit(curr_list, drvdata->enable_bitmap))
+ goto out_unlock;
+ dcc_ll_writel(drvdata, 0, curr_list, DCC_LL_CFG);
+ dcc_ll_writel(drvdata, 0, curr_list, DCC_LL_BASE);
+ dcc_ll_writel(drvdata, 0, curr_list, DCC_FD_BASE);
+ dcc_ll_writel(drvdata, 0, curr_list, DCC_LL_LOCK);
+ clear_bit(curr_list, drvdata->enable_bitmap);
+out_unlock:
+ mutex_unlock(&drvdata->mutex);
+}
+
+static u32 dcc_filp_curr_list(const struct file *filp)
+{
+ struct dentry *dentry = file_dentry(filp);
+ int curr_list, ret;
+
+ ret = kstrtoint(dentry->d_parent->d_name.name, 0, &curr_list);
+ if (ret)
+ return ret;
+
+ return curr_list;
+}
+
+static ssize_t enable_read(struct file *filp, char __user *userbuf,
+ size_t count, loff_t *ppos)
+{
+ char *buf;
+ struct dcc_drvdata *drvdata = filp->private_data;
+
+ mutex_lock(&drvdata->mutex);
+
+ if (is_dcc_enabled(drvdata))
+ buf = "Y\n";
+ else
+ buf = "N\n";
+
+ mutex_unlock(&drvdata->mutex);
+
+ return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf) + 1);
+}
+
+static ssize_t enable_write(struct file *filp, const char __user *userbuf,
+ size_t count, loff_t *ppos)
+{
+ int ret = 0, curr_list;
+ bool val;
+ struct dcc_drvdata *drvdata = filp->private_data;
+
+ curr_list = dcc_filp_curr_list(filp);
+ if (curr_list < 0)
+ return curr_list;
+
+ ret = kstrtobool_from_user(userbuf, count, &val);
+ if (ret < 0)
+ return ret;
+
+ if (val) {
+ ret = dcc_enable(drvdata, curr_list);
+ if (ret)
+ return ret;
+ } else {
+ dcc_disable(drvdata, curr_list);
+ }
+
+ return count;
+}
+
+static const struct file_operations enable_fops = {
+ .read = enable_read,
+ .write = enable_write,
+ .open = simple_open,
+ .llseek = generic_file_llseek,
+};
+
+static ssize_t trigger_write(struct file *filp,
+ const char __user *user_buf, size_t count,
+ loff_t *ppos)
+{
+ int ret;
+ unsigned int val;
+ struct dcc_drvdata *drvdata = filp->private_data;
+
+ ret = kstrtouint_from_user(user_buf, count, 0, &val);
+ if (ret < 0)
+ return ret;
+
+ if (val != 1)
+ return -EINVAL;
+
+ ret = dcc_sw_trigger(drvdata);
+ if (ret < 0)
+ return ret;
+
+ return count;
+}
+
+static const struct file_operations trigger_fops = {
+ .write = trigger_write,
+ .open = simple_open,
+ .llseek = generic_file_llseek,
+};
+
+static int dcc_config_add(struct dcc_drvdata *drvdata, unsigned int addr,
+ unsigned int len, int apb_bus, int curr_list)
+{
+ int ret = 0;
+ struct dcc_config_entry *entry, *pentry;
+ unsigned int base, offset;
+
+ mutex_lock(&drvdata->mutex);
+
I have some questions about the way memory regions
are defined here.
- You round down the address using DCC_ADDR_RANGE_MASK.
Is that because the address has an alignment requirement?
- DCC_ADDR_RANGE_MASK is 0xfffffff0, meaning it's 16-byte
aligned. Is that the required alignment? (It is more
strict than the 32-bit word size.)
- Is there any requirement on the size (in bytes)? I.e.,
does it need to be 16-byte aligned? (You multiply the
count by 4, which I presume is sizeof(u32), the word size.)
- If the base address is affected by rounding down like
this, you aren't updating the length, which it seems
could omit a word at the end of the desired range.
- You are checking to be sure the word count doesn't exceed
the RAM size. But you're using DCC_ADDR_OFF_RANGE=8,
even though you said that a "word" is 32 bits.
+ if (!len || len > drvdata->ram_size / DCC_ADDR_OFF_RANGE) {Maybe:
+ dev_err(drvdata->dev, "DCC: Invalid length\n");
+ ret = -EINVAL;
+ goto out_unlock;
+ }
+
+ base = addr & DCC_ADDR_RANGE_MASK;
base = round_down(addr, DCC_WORD_SIZE);
Then you don't even need DCC_ADDR_RANGE_MASK.
And then:
len += base - addr;
And if necessary:
len = round_up(addr, DCC_WORD_SIZE);
And finally:
if (len > drvdata->ram_size / DCC_WORD_SIZE)
return -EINVAL;
+ if (!list_empty(&drvdata->cfg_head[curr_list])) {
+ pentry = list_last_entry(&drvdata->cfg_head[curr_list],
+ struct dcc_config_entry, list);
+
+ if (pentry->desc_type == DCC_READ_TYPE &&
+ addr >= (pentry->base + pentry->offset) &&
+ addr <= (pentry->base + pentry->offset + MAX_DCC_OFFSET)) {
+ /* Re-use base address from last entry */
+ base = pentry->base;
+
+ if ((pentry->len * 4 + pentry->base + pentry->offset)
+ == addr) {
+ len += pentry->len;
+
+ if (len > MAX_DCC_LEN)
+ pentry->len = MAX_DCC_LEN;
+ else
+ pentry->len = len;
+
+ addr = pentry->base + pentry->offset +
+ pentry->len * 4;
+ len -= pentry->len;
+ }
+ }
+ }
+
+ offset = addr - base;
+
+ while (len) {
+ entry = devm_kzalloc(drvdata->dev, sizeof(*entry), GFP_KERNEL);
+ if (!entry) {
+ ret = -ENOMEM;
+ goto out_unlock;
+ }
+
+ entry->base = base;
+ entry->offset = offset;
+ entry->len = min_t(u32, len, MAX_DCC_LEN);
+ entry->desc_type = DCC_READ_TYPE;
+ entry->apb_bus = apb_bus;
+ INIT_LIST_HEAD(&entry->list);
+ list_add_tail(&entry->list,
+ &drvdata->cfg_head[curr_list]);
+
+ len -= entry->len;
+ offset += MAX_DCC_LEN * 4;
+ }
+
+out_unlock:
+ mutex_unlock(&drvdata->mutex);
+ return ret;
+}
+
+static ssize_t dcc_config_add_read(struct dcc_drvdata *drvdata, char *buf, int curr_list)
+{
+ int len, nval, bus;
+ unsigned int base;
+ char apb_bus[4];
+
+ nval = sscanf(buf, "%x %i %s", &base, &len, apb_bus);
This sscanf() is not safe; it can overrun apb_bus[]. I
think you can fix that by using %3s (for apb_bus[4]).
+ if (nval <= 0 || nval > 3)
+ return -EINVAL;
+
+ if (nval == 1) {
+ len = 1;
+ bus = 0;
+ } else if (nval == 2) {
+ bus = 0;
+ } else if (!strcmp("apb", apb_bus)) {
+ bus = 1;
+ } else if (!strcmp("ahb", apb_bus)) {
+ bus = 0;
+ } else {
+ return -EINVAL;
+ }
+
+ return dcc_config_add(drvdata, base, len, bus, curr_list);
+}
+
+static void dcc_config_reset(struct dcc_drvdata *drvdata)
+{
+ struct dcc_config_entry *entry, *temp;
+ int curr_list;
+
+ mutex_lock(&drvdata->mutex);
+
+ for (curr_list = 0; curr_list < drvdata->nr_link_list; curr_list++) {
+ list_for_each_entry_safe(entry, temp,
+ &drvdata->cfg_head[curr_list], list) {
+ list_del(&entry->list);
+ }
+ }
+ drvdata->ram_start = 0;
+ drvdata->ram_cfg = 0;
+ mutex_unlock(&drvdata->mutex);
+}
+
+static ssize_t config_reset_write(struct file *filp,
+ const char __user *user_buf, size_t count,
+ loff_t *ppos)
+{
+ unsigned int val, ret;
+ struct dcc_drvdata *drvdata = filp->private_data;
+
+ ret = kstrtouint_from_user(user_buf, count, 0, &val);
+ if (ret < 0)
+ return ret;
+
+ if (val)
+ dcc_config_reset(drvdata);
+
+ return count;
+}
+
+static const struct file_operations config_reset_fops = {
+ .write = config_reset_write,
+ .open = simple_open,
+ .llseek = generic_file_llseek,
+};
+
+static ssize_t ready_read(struct file *filp, char __user *userbuf,
+ size_t count, loff_t *ppos)
+{
+ int ret = 0;
+ char *buf;
+ struct dcc_drvdata *drvdata = filp->private_data;
+
+ mutex_lock(&drvdata->mutex);
+
+ if (!is_dcc_enabled(drvdata)) {
+ ret = -EINVAL;
+ goto out_unlock;
+ }
+
+ if (!FIELD_GET(BIT(1), readl(drvdata->base + DCC_STATUS(drvdata->mem_map_ver))))
+ buf = "Y\n";
+ else
+ buf = "N\n";
+out_unlock:
+ mutex_unlock(&drvdata->mutex);
+
+ if (ret < 0)
+ return -EINVAL;
+ else
+ return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf) + 1);
+}
+
+static const struct file_operations ready_fops = {
+ .read = ready_read,
+ .open = simple_open,
+ .llseek = generic_file_llseek,
+};
+
+static int dcc_add_loop(struct dcc_drvdata *drvdata, unsigned long loop_cnt, int curr_list)
+{
+ struct dcc_config_entry *entry;
+
+ entry = devm_kzalloc(drvdata->dev, sizeof(*entry), GFP_KERNEL);
+ if (!entry)
+ return -ENOMEM;
+
+ entry->loop_cnt = min_t(u32, loop_cnt, MAX_LOOP_CNT);
+ entry->desc_type = DCC_LOOP_TYPE;
+ INIT_LIST_HEAD(&entry->list);
+ list_add_tail(&entry->list, &drvdata->cfg_head[curr_list]);
+
+ return 0;
+}
+
+static ssize_t dcc_config_add_loop(struct dcc_drvdata *drvdata, char *buf, int curr_list)
+{
+ int ret, cnt = 2, i = 0;
+ char *token, *input;
+ char delim[2] = " ";
+ unsigned int val[MAX_LOOP_ADDR];
+
+ input = buf;
+
+ token = strsep(&input, delim);
+ while (token) {
+ ret = kstrtoint(token, 0, &val[i++]);
As I said last time I reviewed this, nothing prevents you from
overrunning your val[] buffer here.
+ if (ret)
+ return ret;
+
+ token = strsep(&input, delim);
+ }
+
+ ret = dcc_add_loop(drvdata, val[0], curr_list);
+ if (ret)
+ return ret;
+
+ for (i = 0; i < val[1]; i++)
+ dcc_config_add(drvdata, val[cnt++], 1, 0, curr_list);
+
+ return dcc_add_loop(drvdata, 1, curr_list);
+}
+
+static int dcc_rd_mod_wr_add(struct dcc_drvdata *drvdata, unsigned int mask,
+ unsigned int val, int curr_list)
+{
+ int ret = 0;
+ struct dcc_config_entry *entry;
+
+ mutex_lock(&drvdata->mutex);
+
+ if (list_empty(&drvdata->cfg_head[curr_list])) {
+ dev_err(drvdata->dev, "DCC: No read address programmed\n");
+ ret = -EPERM;
+ goto out_unlock;
+ }
+
+ entry = devm_kzalloc(drvdata->dev, sizeof(*entry), GFP_KERNEL);
+ if (!entry) {
+ ret = -ENOMEM;
+ goto out_unlock;
+ }
+
+ entry->desc_type = DCC_READ_WRITE_TYPE;
+ entry->mask = mask;
+ entry->write_val = val;
+ INIT_LIST_HEAD(&entry->list);
+ list_add_tail(&entry->list, &drvdata->cfg_head[curr_list]);
+out_unlock:
+ mutex_unlock(&drvdata->mutex);
+ return ret;
+}
+
+static ssize_t dcc_config_add_read_write(struct dcc_drvdata *drvdata, char *buf, int curr_list)
+{
+ int ret;
+ int nval;
+ unsigned int addr, mask, val;
+
+ nval = sscanf(buf, "%x %x %x", &addr, &mask, &val);
+
+ if (nval <= 1 || nval > 3)
+ return -EINVAL;
+
+ ret = dcc_config_add(drvdata, addr, 1, 0, curr_list);
+ if (ret)
+ return ret;
+
+ return dcc_rd_mod_wr_add(drvdata, mask, val, curr_list);
+}
+
+static int dcc_add_write(struct dcc_drvdata *drvdata, unsigned int addr,
+ unsigned int write_val, int apb_bus, int curr_list)
+{
+ struct dcc_config_entry *entry;
+
+ entry = devm_kzalloc(drvdata->dev, sizeof(*entry), GFP_KERNEL);
+ if (!entry)
+ return -ENOMEM;
+
+ entry->desc_type = DCC_WRITE_TYPE;
+ entry->base = addr & GENMASK(31, 4);
+ entry->offset = addr - entry->base;
+ entry->write_val = write_val;
+ entry->len = 1;
+ entry->apb_bus = apb_bus;
+ INIT_LIST_HEAD(&entry->list);
There is no need to initialize the list pointers when you are
adding an entry to an existing list.
+ list_add_tail(&entry->list, &drvdata->cfg_head[curr_list]);
+
+ return 0;
+}
+
+static ssize_t dcc_config_add_write(struct dcc_drvdata *drvdata, char *buf, int curr_list)
+{
+ int bus;
+ int nval;
+ unsigned int addr, write_val;
+ char apb_bus[4];
+
+ nval = sscanf(buf, "%x %x %s", &addr, &write_val, apb_bus);
This sscanf() is not safe; it can overrun apb_bus[].
+
+ if (nval <= 1 || nval > 3)
+ return -EINVAL;
+
+ if (nval == 3) {
+ if (!strcmp("apb", apb_bus))
+ bus = 1;
+ else if (!strcmp("apb", apb_bus))
+ bus = 0;
+ else
+ return -EINVAL;
+ }
If nval == 2, bus is uninitialized at this point, and then passed
to dcc_add_write() below. The compiler should have warned you
about this.
+
+ return dcc_add_write(drvdata, addr, write_val, bus, curr_list);
+}
+
+static int config_show(struct seq_file *m, void *data)
+{
+ struct dcc_drvdata *drvdata = m->private;
+ struct dcc_config_entry *entry;
+ int index = 0, curr_list;
+
+ curr_list = dcc_filp_curr_list(m->file);
+ if (curr_list < 0)
+ return curr_list;
+
+ mutex_lock(&drvdata->mutex);
+
+ list_for_each_entry(entry,
Please join the line above with the line below.
+ &drvdata->cfg_head[curr_list], list) {
+ index++;
+ switch (entry->desc_type) {
+ case DCC_READ_WRITE_TYPE:
+ seq_printf(m, "RW mask: 0x%x, val: 0x%x\n index: 0x%x\n",
+ entry->mask, entry->write_val, index);
+ break;
+ case DCC_LOOP_TYPE:
+ seq_printf(m, "L index: 0x%x Loop: %d\n", index, entry->loop_cnt);
+ break;
+ case DCC_WRITE_TYPE:
+ seq_printf(m, "W Base:0x%x, Offset: 0x%x, val: 0x%x, APB: %d\n, Index: 0x%x\n",
+ entry->base, entry->offset, entry->write_val, entry->apb_bus,
+ index);
+ break;
+ case DCC_READ_TYPE:
+ seq_printf(m, "R Base:0x%x, Offset: 0x%x, len: 0x%x, APB: %d\n, Index: 0x%x\n",
+ entry->base, entry->offset, entry->len, entry->apb_bus, index);
+ }
+ }
+ mutex_unlock(&drvdata->mutex);
+ return 0;
+}
+
+static int config_open(struct inode *inode, struct file *file)
+{
+ struct dcc_drvdata *drvdata = inode->i_private;
+
+ return single_open(file, config_show, drvdata);
+}
+
+static ssize_t config_write(struct file *filp,
+ const char __user *user_buf, size_t count,
+ loff_t *ppos)
+{
+ int ret, curr_list;
+ char *token, buf[50];
+ char *delim = " ";
+ struct dcc_drvdata *drvdata = filp->private_data;
+
+ ret = copy_from_user(buf, user_buf, count);
Nothing prevents the user from passing you more than sizeof(buf)
bytes, which would overrun your buffer.
+ if (ret)Why is it important for the input buffer to end in newline?
+ return -EFAULT;
+ if (count > sizeof(buf) || count == 0)
+ return -EINVAL;
+
+ curr_list = dcc_filp_curr_list(filp);
+ if (curr_list < 0)
+ return curr_list;
+
+ if (buf[count - 1] == '\n')
+ buf[count - 1] = '\0';
+ else
+ return -EINVAL;
+
+ token = strsep((char **)&buf, delim);
OK this is weird. You should be passing the address
of a pointer here, but you're passing the address of
a character array. Honestly I'm not sure what it means
to increment the address of an array on the stack. Maybe
it's OK, but I suspect you're putting the cast in there
because the compiler complained about what you were doing.
Do this:
char buf[50];
char *bufp = buf;
/* ... */
token = strsep(&bufp, delim);
But to be honest I'm not sure why you're using strsep()
at all here. (I guess it terminates the token with \0.)
+
+ if (!strcmp("R", token)) {
+ ret = dcc_config_add_read(drvdata, buf, curr_list);
+ } else if (!strcmp("W", token)) {
+ ret = dcc_config_add_write(drvdata, buf, curr_list);
+ } else if (!strcmp("RW", token)) {
+ ret = dcc_config_add_read_write(drvdata, buf, curr_list);
+ } else if (!strcmp("L", token)) {
+ ret = dcc_config_add_loop(drvdata, buf, curr_list);
+ } else {
+ dev_err(drvdata->dev, "%s is not a correct input\n", token);
+ return -EINVAL;
+ }
+
+ if (ret)
+ return ret;
+
+ return count;
+}
+
+static const struct file_operations config_fops = {
+ .open = config_open,
+ .read = seq_read,
+ .write = config_write,
+ .llseek = seq_lseek,
+ .release = single_release,
+};
+
+static void dcc_delete_debug_dir(struct dcc_drvdata *dcc)
+{
+ debugfs_remove_recursive(dcc->dbg_dir);
+};
+
+static int dcc_create_debug_dir(struct dcc_drvdata *dcc)
+{
+ int i;
+ char list_num[10];
+ struct dentry *list;
+ struct device *dev = dcc->dev;
+
+ dcc_dbg = debugfs_create_dir(KBUILD_MODNAME, NULL);
You never remove this dcc_dbg directory. Why not?
And since you don't, dcc_dbg could just be a local
variable here rather than being a global. But it
seems to me this is the root directory you want to
remove when you're done.
+ if (!dcc_dbg) {
+ pr_err("can't create debugfs dir\n");
+ return -1;
+ }
+
+ dcc->dbg_dir = debugfs_create_dir(dev_name(dev), dcc_dbg);
+ if (!dcc->dbg_dir)
+ return -1;
+ for (i = 0; i <= dcc->nr_link_list; i++) {
+ sprintf(list_num, "%d", i);
+ list = debugfs_create_dir(list_num, dcc->dbg_dir);
Any of the debugfs_create_dir() calls could fail.
+ debugfs_create_file("enable", 0600, list, dcc, &enable_fops);
+ debugfs_create_file("config", 0600, list, dcc, &config_fops);
And any of the debugfs_create_file() calls here and
below could fail.
I think if *any* of these fails, you might as well give
up, because the entire interface for this functionality
is via these debugfs files.
+ }
+
+ debugfs_create_file("trigger", 0200, dcc->dbg_dir, dcc, &trigger_fops);
+ debugfs_create_file("ready", 0400, dcc->dbg_dir, dcc, &ready_fops);
+ debugfs_create_file("config_reset", 0200, dcc->dbg_dir,
+ dcc, &config_reset_fops);
+
+ return 0;
+}
+
+static ssize_t dcc_sram_read(struct file *file, char __user *data,
+ size_t len, loff_t *ppos)
+{
+ unsigned char *buf;
+ struct dcc_drvdata *drvdata = container_of(file->private_data,
+ struct dcc_drvdata,
+ sram_dev);
Indent the above arguments further. And/or assign the
local variable on a line by itself, separate from its
declaration.
+ /* EOF check */
+ if (*ppos >= drvdata->ram_size)
+ return 0;
+
+ if ((*ppos + len) > drvdata->ram_size)
+ len = (drvdata->ram_size - *ppos);
+
+ buf = kzalloc(len, GFP_KERNEL);
Now that you are using memremap() rather than ioremap()
for the ram_base memory, I don't think you have any need
to allocate a buffer here anymore.
+ if (!buf)
+ return -ENOMEM;
+
+ memcpy(buf, drvdata->ram_base + *ppos, len);
That is, you can simply copy_to_user() into the (user)
data pointer, from drvdata->ram_base + *ppos. Maybe
something like:
void *src;
/* ... */
src = drvdata->ram_base + *ppos;
if (copy_to_user(data, src, len))
return -EFAULT;
+ if (copy_to_user(data, buf, len)) {
+ kfree(buf);
+ return -EFAULT;
+ }
+
+ *ppos += len;
+
+ kfree(buf);
+
+ return len;
+}
+
+static const struct file_operations dcc_sram_fops = {
+ .owner = THIS_MODULE,
+ .read = dcc_sram_read,
+ .llseek = no_llseek,
+};
+
+static int dcc_sram_dev_init(struct dcc_drvdata *drvdata)
+{
+ drvdata->sram_dev.minor = MISC_DYNAMIC_MINOR;
+ drvdata->sram_dev.name = DCC_SRAM_NODE;
+ drvdata->sram_dev.fops = &dcc_sram_fops;
+
+ return misc_register(&drvdata->sram_dev);
+}
+
+static void dcc_sram_dev_exit(struct dcc_drvdata *drvdata)
+{
+ misc_deregister(&drvdata->sram_dev);
+}
+
+static int dcc_probe(struct platform_device *pdev)
+{
+ u32 val;
+ int ret = 0, i;
+ struct device *dev = &pdev->dev;
+ struct dcc_drvdata *dcc;
Why do you use "dcc" here and "drvdata" elsewhere?
+ struct resource *res;
+
+ dcc = devm_kzalloc(dev, sizeof(*dcc), GFP_KERNEL);
+ if (!dcc)
+ return -ENOMEM;
+
+ dcc->dev = &pdev->dev;
+ platform_set_drvdata(pdev, dcc);
+
+ dcc->base = devm_platform_ioremap_resource(pdev, 0);
+ if (IS_ERR(dcc->base))
+ return PTR_ERR(dcc->base);
+
+ res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
+ if (!res)
+ return -ENODEV;
+
+ dcc->ram_base = memremap(res->start, resource_size(res), MEMREMAP_WB);
+ if (!dcc->ram_base)
+ return -ENODEV;
From this point all, you need to memunmap(dcc->ram_base)
if you return early...
+
+ dcc->ram_size = resource_size(res);
+
+ dcc->ram_offset = (size_t)of_device_get_match_data(&pdev->dev);
+
+ val = dcc_readl(dcc, DCC_HW_INFO);
+
+ if (FIELD_GET(DCC_VER_INFO_MASK, val)) {
+ dcc->mem_map_ver = 3;
+ dcc->nr_link_list = dcc_readl(dcc, DCC_LL_NUM_INFO);
...so the test below needs to unmap dcc->ram_base before it
returns the error.
+ if (dcc->nr_link_list == 0)
+ return -EINVAL;
You could check for zero list count below and not duplicate it.
You could (should) also limit it to a fixed reasonable maximum.
What if the hardware tells you you've got a million lists?
+ } else if ((val & DCC_VER_MASK2) == DCC_VER_MASK2) {
+ dcc->mem_map_ver = 2;
+ dcc->nr_link_list = dcc_readl(dcc, DCC_LL_NUM_INFO);
+ if (dcc->nr_link_list == 0)
+ return -EINVAL;
+ } else {
+ dcc->mem_map_ver = 1;
+ dcc->nr_link_list = DCC_MAX_LINK_LIST;
+ }
+
+ /* Either set the fixed loop offset or calculate it
+ * from ram_size. Max consecutive addresses the
+ * dcc can loop is equivalent to the ram size
+ */
+ if (val & DCC_LOOP_OFFSET_MASK)
+ dcc->loopoff = DCC_FIX_LOOP_OFFSET;
+ else
+ dcc->loopoff = get_bitmask_order((dcc->ram_size +
+ dcc->ram_offset) / 4 - 1);
Here's what I said about the above last time:
This get_bitmask_order() call to determine the offset of a
register seems overly clever. I think it warrants a little
explanation why it's determined by the size of SRAM.
I think part of what confuses me is why you use the sum
of ram_size and ram_offset. I suppose 4 is DCC_WORD_SIZE
but I just don't know. The comment I was suggesting was
something about what loopoff actually represents, and why
it's calculated this way.
+
+ mutex_init(&dcc->mutex);
+
+ dcc->enable_bitmap = devm_kcalloc(dev, BITS_TO_LONGS(dcc->nr_link_list),
+ sizeof(*dcc->enable_bitmap), GFP_KERNEL);
+ if (!dcc->enable_bitmap)
+ return -ENOMEM;
+
+ dcc->cfg_head = devm_kcalloc(dev, dcc->nr_link_list,
+ sizeof(*dcc->cfg_head), GFP_KERNEL);
+ if (!dcc->cfg_head)
+ return -ENOMEM;
+
+ for (i = 0; i < dcc->nr_link_list; i++)
+ INIT_LIST_HEAD(&dcc->cfg_head[i]);
+
+ ret = dcc_sram_dev_init(dcc);
+ if (ret) {
+ dev_err(dcc->dev, "DCC: sram node not registered.\n");
+ return ret;
+ }
+
+ ret = dcc_create_debug_dir(dcc);
+ if (ret) {
+ dev_err(dcc->dev, "DCC: debugfs files not created.\n");
+ dcc_sram_dev_exit(dcc);
+ return ret;
+ }
+
+ return 0;
+}
+
+static int dcc_remove(struct platform_device *pdev)
+{
+ struct dcc_drvdata *drvdata = platform_get_drvdata(pdev);
+
+ dcc_delete_debug_dir(drvdata);
+ dcc_sram_dev_exit(drvdata);
+ dcc_config_reset(drvdata);
+ memunmap(drvdata->ram_base);
+
+ return 0;
+}
+
+static const struct of_device_id dcc_match_table[] = {
+ { .compatible = "qcom,sm8150-dcc", .data = (void *)0x5000 },
+ { .compatible = "qcom,sc7280-dcc", .data = (void *)0x12000 },
+ { .compatible = "qcom,sc7180-dcc", .data = (void *)0x6000 },
+ { .compatible = "qcom,sdm845-dcc", .data = (void *)0x6000 },
+ { }
+};
+MODULE_DEVICE_TABLE(of, dcc_match_table);
+
+static struct platform_driver dcc_driver = {
+ .probe = dcc_probe,
+ .remove = dcc_remove,
+ .driver = {
+ .name = "qcom-dcc",
+ .of_match_table = dcc_match_table,
+ },
+};
+
+module_platform_driver(dcc_driver);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Qualcomm Technologies Inc. DCC driver");
+
--
2.7.4