Re: [PATCH 2/3] usb: mtu3: add memory barrier before set GPD's HWO

From: Greg Kroah-Hartman
Date: Mon Dec 13 2021 - 09:18:20 EST

Next message: Matthew Wilcox (Oracle): "[PATCH v2 2/3] vmcore: Convert read_from_oldmem() to take an iov_iter"
Previous message: kernel test robot: "drivers/remoteproc/imx_rproc.c:298:12: sparse: sparse: incorrect type in assignment (different address spaces)"
In reply to: Chunfeng Yun: "[PATCH 2/3] usb: mtu3: add memory barrier before set GPD's HWO"
Next in thread: Chunfeng Yun: "[PATCH 3/3] usb: mtu3: fix list_head check warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 09, 2021 at 11:14:23AM +0800, Chunfeng Yun wrote:
> There is a seldom issue that the controller access invalid address
> and trigger devapc or emimpu violation. That is due to memory access
> is out of order and cause gpd data is not correct.
> Make sure GPD is fully written before giving it to HW by setting its
> HWO.
>
> Fixes: 48e0d3735aa5 ("usb: mtu3: supports new QMU format")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Eddie Hung <eddie.hung@xxxxxxxxxxxx>
> Signed-off-by: Chunfeng Yun <chunfeng.yun@xxxxxxxxxxxx>
> ---
> drivers/usb/mtu3/mtu3_qmu.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/mtu3/mtu3_qmu.c b/drivers/usb/mtu3/mtu3_qmu.c
> index 3f414f91b589..34bb5ac67efe 100644
> --- a/drivers/usb/mtu3/mtu3_qmu.c
> +++ b/drivers/usb/mtu3/mtu3_qmu.c
> @@ -273,6 +273,8 @@ static int mtu3_prepare_tx_gpd(struct mtu3_ep *mep, struct mtu3_request *mreq)
> gpd->dw3_info |= cpu_to_le32(GPD_EXT_FLAG_ZLP);
> }
>
> + /* make sure GPD is fully written before giving it to HW */
> + mb();

So this means you are using mmio for this structure? If so, shouldn't
you be using normal io memory read/write calls as well and not just
"raw" pointers like this:

> gpd->dw0_info |= cpu_to_le32(GPD_FLAGS_IOC | GPD_FLAGS_HWO);

Are you sure this is ok?

Sprinkling around mb() calls is almost never the correct solution.

If you need to ensure that a write succeeds, shouldn't you do a read
from it afterward? Many busses require this, doesn't yours?

>
> mreq->gpd = gpd;
> @@ -306,6 +308,8 @@ static int mtu3_prepare_rx_gpd(struct mtu3_ep *mep, struct mtu3_request *mreq)
> gpd->next_gpd = cpu_to_le32(lower_32_bits(enq_dma));
> ext_addr |= GPD_EXT_NGP(mtu, upper_32_bits(enq_dma));
> gpd->dw3_info = cpu_to_le32(ext_addr);
> + /* make sure GPD is fully written before giving it to HW */
> + mb();

Again, mb(); does not ensure that memory-mapped i/o actually hits the
HW. Or if it does on your platform, how?

mb() is a compiler barrier, not a memory write to a bus barrier. Please
read Documentation/memory-barriers.txt for more details.

thanks,

greg k-h

Next message: Matthew Wilcox (Oracle): "[PATCH v2 2/3] vmcore: Convert read_from_oldmem() to take an iov_iter"
Previous message: kernel test robot: "drivers/remoteproc/imx_rproc.c:298:12: sparse: sparse: incorrect type in assignment (different address spaces)"
In reply to: Chunfeng Yun: "[PATCH 2/3] usb: mtu3: add memory barrier before set GPD's HWO"
Next in thread: Chunfeng Yun: "[PATCH 3/3] usb: mtu3: fix list_head check warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]