From patchwork Mon Nov 11 02:28:48 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Huang Shijie X-Patchwork-Id: 290048 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:770:15f::2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id D293E2C00C7 for ; Mon, 11 Nov 2013 00:37:56 +1100 (EST) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VfVCr-0003NI-Jf; Sun, 10 Nov 2013 13:37:37 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VfVCq-0004Co-0Q; Sun, 10 Nov 2013 13:37:36 +0000 Received: from mail-pb0-x235.google.com ([2607:f8b0:400e:c01::235]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VfVCm-0004CT-Ex for linux-mtd@lists.infradead.org; Sun, 10 Nov 2013 13:37:33 +0000 Received: by mail-pb0-f53.google.com with SMTP id up7so4054965pbc.40 for ; Sun, 10 Nov 2013 05:37:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z38d5ilG5Cjm+lWyThig9c5g9ZOyFwdgz9CzpzlI8l4=; b=Z9KkiNcfj9ep2EBiKkjnPp5X9FCPC7WrdkSb1tmfQDr6vMf2ipVyvNMk9RIvwjmDMO 5ZP4bio7WcFUjb1gxz2y8MDGzUPGmdFQoMSNQzBPdx95MS1hbwZVX2SYkzXlGed6mTnZ eIiTHEyVxWThjbJMQk30UYhMBRkXHDUi5fTcGkgL+mTLH/k17wJqWvgFc8ujb8zNBwku Wpw8rjUOLhTHf6kRACfbheIOD5fswvEVjYXZazXV66luA4iptYxNxqUKzq/jNSgiRNu+ EP3diWUUiZBfCX85YqcBIHvrTopddyRwvDnU/rZvKAyVxu2fXB1eRbauZYM/Th7nu03P 8U6g== X-Received: by 10.68.137.138 with SMTP id qi10mr24725894pbb.113.1384090228232; Sun, 10 Nov 2013 05:30:28 -0800 (PST) Received: from localhost.localdomain.Home ([114.94.208.194]) by mx.google.com with ESMTPSA id uw6sm24465983pbc.8.2013.11.10.05.30.21 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 10 Nov 2013 05:30:27 -0800 (PST) From: Huang Shijie To: dwmw2@infradead.org Subject: [PATCH] mtd: gpmi: wake up the process at the end of the DMA callback Date: Sun, 10 Nov 2013 21:28:48 -0500 Message-Id: <1384136928-4585-1-git-send-email-shijie8@gmail.com> X-Mailer: git-send-email 1.7.4.4 In-Reply-To: <1383728007-15564-1-git-send-email-b32955@freescale.com> References: <1383728007-15564-1-git-send-email-b32955@freescale.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20131110_083732_645309_73564B60 X-CRM114-Status: GOOD ( 16.59 ) X-Spam-Score: 1.4 (+) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (1.4 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (shijie8[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 3.2 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (shijie8[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: Huang Shijie , computersforpeace@gmail.com, linux-mtd@lists.infradead.org, stable@vger.kernel.org, dedekind1@gmail.com X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org [1] The gpmi uses the nand_command_lp to issue the commands to NAND chips. The gpmi issues a DMA operation with gpmi_cmd_ctrl when it handles a NAND_CMD_NONE control command. So when we read a page(NAND_CMD_READ0) from the NAND, we may send two DMA operations back-to-back. If we do not serialize the two DMA operations, we will meet a bug when 1.1) we enable CONFIG_DMA_API_DEBUG, CONFIG_DMADEVICES_DEBUG, and CONFIG_DEBUG_SG. 1.2) Use the following commands in an UART console and a SSH console: cmd 1: while true;do dd if=/dev/mtd0 of=/dev/null;done cmd 1: while true;do dd if=/dev/mmcblk0 of=/dev/null;done The kernel log shows below: ----------------------------------------------------------------- kernel BUG at lib/scatterlist.c:28! Unable to handle kernel NULL pointer dereference at virtual address 00000000 ......................... [<80044a0c>] (__bug+0x18/0x24) from [<80249b74>] (sg_next+0x48/0x4c) [<80249b74>] (sg_next+0x48/0x4c) from [<80255398>] (debug_dma_unmap_sg+0x170/0x1a4) [<80255398>] (debug_dma_unmap_sg+0x170/0x1a4) from [<8004af58>] (dma_unmap_sg+0x14/0x6c) [<8004af58>] (dma_unmap_sg+0x14/0x6c) from [<8027e594>] (mxs_dma_tasklet+0x18/0x1c) [<8027e594>] (mxs_dma_tasklet+0x18/0x1c) from [<8007d444>] (tasklet_action+0x114/0x164) ----------------------------------------------------------------- 1.3) Assume the two DMA operations is X (first) and Y (second). The root cause of the bug: Assume process P issues DMA X, and sleep on the completion @this->dma_done. X's tasklet callback is dma_irq_callback. It firstly wake up the process sleeping on the completion @this->dma_done, and then trid to unmap the scatterlist S. The waked process P will issue Y in another ARM core. Y initializes S->sg_magic to zero with sg_init_one(), while dma_irq_callback is unmapping S at the same time. See the diagram: ARM core 0 | ARM core 1 ------------------------------------------------------------- (P issues DMA X, then sleep) --> | | (X's tasklet wakes P) --> | | | <-- (P begin to issue DMA Y) | (X's tasklet unmap the | scatterlist S with dma_unmap_sg) --> | <-- (Y calls sg_init_one() to init | scatterlist S) | [2] This patch serialize both the X and Y in the following way: Unmap the DMA scatterlist S firstly, and wake up the process at the end of the DMA callback, in such a way, Y will be executed after X. After this patch: ARM core 0 | ARM core 1 ------------------------------------------------------------- (P issues DMA X, then sleep) --> | | (X's tasklet wakes P) --> | | (X's tasklet unmap the | scatterlist S with dma_unmap_sg) --> | | | <-- (P begin to issue DMA Y) | | <-- (Y calls sg_init_one() to init | scatterlist S) | Cc: stable@vger.kernel.org Signed-off-by: Huang Shijie --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c index 4b6d802..f8dc560 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -394,8 +394,6 @@ static void dma_irq_callback(void *param) struct gpmi_nand_data *this = param; struct completion *dma_c = &this->dma_done; - complete(dma_c); - switch (this->dma_type) { case DMA_FOR_COMMAND: dma_unmap_sg(this->dev, &this->cmd_sgl, 1, DMA_TO_DEVICE); @@ -420,6 +418,8 @@ static void dma_irq_callback(void *param) default: pr_err("in wrong DMA operation.\n"); } + + complete(dma_c); } int start_dma_without_bch_irq(struct gpmi_nand_data *this,