From patchwork Tue Mar 5 19:36:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: dann frazier X-Patchwork-Id: 1053047 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=dannf.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=dannf-org.20150623.gappssmtp.com header.i=@dannf-org.20150623.gappssmtp.com header.b="H+8g8d1S"; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44FbMl3DQmz9sNj; Fri, 8 Mar 2019 03:15:47 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1h1vgI-0001XE-3k; Thu, 07 Mar 2019 16:15:38 +0000 Received: from mail-it1-f196.google.com ([209.85.166.196]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1h1Fs0-0001Ml-Mq for kernel-team@lists.ubuntu.com; Tue, 05 Mar 2019 19:36:56 +0000 Received: by mail-it1-f196.google.com with SMTP id m137so5869453ita.0 for ; Tue, 05 Mar 2019 11:36:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dannf-org.20150623.gappssmtp.com; s=20150623; h=from:date:to:subject:message-id:mime-version:content-disposition :user-agent; bh=WFhY3ZbQop0nmS2x+WPQbtghZ35m47Wjf8ZsR3Sjlqw=; b=H+8g8d1SfD+AYg30z1JAgXGj7dsLUrhrarLL+NRBGOqq5M72EQauvPKW7JiMPAp+i5 58LIF/2Z//pCAjYagbeeMNmQDhnYOSdkk2LJhoWSiRjCvy9Ug/zShvMwGQCFIiRHrqtH E1nybgyASoBQjjUhsDoKh6hQ/ngQ4rDRZg5/Ws/D6SO50rkWhtcIyGRXnL++c9IcgJLW GBf7pDEvWPRDyY+ZyGCiwJ+Kj3onsoaj1gcAIxhHdOC3to2mxv34IiaNYo7R8HAsxJfN dwFSub8dR14fmfH9ZL3AcXfgADdkwzVVCEOfwT3xVymalY9nZKRus1G3uLlkNJlFEiVN /nzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:subject:message-id:mime-version :content-disposition:user-agent; bh=WFhY3ZbQop0nmS2x+WPQbtghZ35m47Wjf8ZsR3Sjlqw=; b=nf7fWt23F5pY2rdXem2HDyAIOvazdg0RGyQO4ZDhyvmJDSMpXO0s06QN8evJN1MJu1 90tReot1gmPRoQ2tWIZr1XkrUWci2SV8dmPXYRZtasyu7bc9fW4523kEaHXQWwTeZExy 15Kb/feNOV96rLlW3PIqd715Z3b8TFliRU/Y69c3ah61Yq8dPc9FNrir7aPmwIIOjawq XMDLwr+1TWu9n/z8subgPxEWuD9FemOD6N5dqJNchmtzRXBZG8i7zxhXDTItJ2K7bS2e FeFUQajysWTXkri6sQcJ7LLNayEP5udqeNxo9XbqLsUYKM6/4W3drAqEbG6TWaSzbJHf VyMQ== X-Gm-Message-State: APjAAAUw5H0ZjWnUdYziiI51L6SpO45aeJQxzTq2FQV+BKXZucDaxv5o NYFSGFxPkPKDFopsBbM2ZyuB59+mpD7fGA== X-Google-Smtp-Source: APXvYqxJPhdTT5tt/JuFtQzEJ9PR4/0HiJL3ysa0h+JjMv0yc35JLkiQERtO7CiCvwiB9f3i8roc0A== X-Received: by 2002:a02:c84f:: with SMTP id r15mr2067768jao.97.1551814615177; Tue, 05 Mar 2019 11:36:55 -0800 (PST) Received: from localhost (c-107-2-141-103.hsd1.co.comcast.net. [107.2.141.103]) by smtp.gmail.com with ESMTPSA id q17sm4193866ior.71.2019.03.05.11.36.54 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 05 Mar 2019 11:36:54 -0800 (PST) From: dann frazier X-Google-Original-From: dann frazier Date: Tue, 5 Mar 2019 12:36:54 -0700 To: kernel-team@lists.ubuntu.com Subject: [PATCH][SRU Cosmic][SRU Bionic] iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout Message-ID: <20190305193654.GA17444@xps13.dannf> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Mailman-Approved-At: Thu, 07 Mar 2019 16:15:29 +0000 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Zhen Lei BugLink: https://bugs.launchpad.net/bugs/1818162 The condition break condition of: (int)(VAL - sync_idx) >= 0 in the __arm_smmu_sync_poll_msi() polling loop requires that sync_idx must be increased monotonically according to the sequence of the CMDs in the cmdq. However, since the msidata is populated using atomic_inc_return_relaxed() before taking the command-queue spinlock, then the following scenario can occur: CPU0 CPU1 msidata=0 msidata=1 insert cmd1 insert cmd0 smmu execute cmd1 smmu execute cmd0 poll timeout, because msidata=1 is overridden by cmd0, that means VAL=0, sync_idx=1. This is not a functional problem, since the caller will eventually either timeout or exit due to another CMD_SYNC, however it's clearly not what the code is supposed to be doing. Fix it, by incrementing the sequence count with the command-queue lock held, allowing us to drop the atomic operations altogether. Signed-off-by: Zhen Lei [will: dropped the specialised cmd building routine for now] Signed-off-by: Will Deacon (cherry picked from commit 0f02477d16980938a84aba8688a4e3a303306116) Signed-off-by: dann frazier Acked-by: Kleber Sacilotto de Souza Acked-by: Khalid Elmously --- drivers/iommu/arm-smmu-v3.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c index 9c30fb4fccef2..0367432de584d 100644 --- a/drivers/iommu/arm-smmu-v3.c +++ b/drivers/iommu/arm-smmu-v3.c @@ -623,7 +623,7 @@ struct arm_smmu_device { int gerr_irq; int combined_irq; - atomic_t sync_nr; + u32 sync_nr; unsigned long ias; /* IPA */ unsigned long oas; /* PA */ @@ -1008,14 +1008,13 @@ static int __arm_smmu_cmdq_issue_sync_msi(struct arm_smmu_device *smmu) struct arm_smmu_cmdq_ent ent = { .opcode = CMDQ_OP_CMD_SYNC, .sync = { - .msidata = atomic_inc_return_relaxed(&smmu->sync_nr), .msiaddr = virt_to_phys(&smmu->sync_count), }, }; - arm_smmu_cmdq_build_cmd(cmd, &ent); - spin_lock_irqsave(&smmu->cmdq.lock, flags); + ent.sync.msidata = ++smmu->sync_nr; + arm_smmu_cmdq_build_cmd(cmd, &ent); arm_smmu_cmdq_insert_cmd(smmu, cmd); spin_unlock_irqrestore(&smmu->cmdq.lock, flags); @@ -2294,7 +2293,6 @@ static int arm_smmu_init_structures(struct arm_smmu_device *smmu) { int ret; - atomic_set(&smmu->sync_nr, 0); ret = arm_smmu_init_queues(smmu); if (ret) return ret;