| Message ID | 20240205-cdns-qspi-pm-fix-v2-2-2e7bbad49a46@bootlin.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-52859-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id
ma11csp927483dyb;
Mon, 5 Feb 2024 06:59:17 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IHpewUebLg3/TA8lISfEiO9KAVPs4jSYAzf/eXzP3jt+XDPY9QKldMIsRD33a1Sy17h6fjl
X-Received: by 2002:a05:620a:1474:b0:785:6e67:6d87 with SMTP id
j20-20020a05620a147400b007856e676d87mr5762712qkl.18.1707145157152;
Mon, 05 Feb 2024 06:59:17 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707145157; cv=pass;
d=google.com; s=arc-20160816;
b=Xqaw3IEOHvq5iUpoCtCyCh5craIJLVysjvcdlg5HalFi8+94ju+cECiSv6ofMMBJuc
6Mw+4TQ+IIbBcTmdvqKuKF1OhF9xqvfMJu3q4lnYXO3FkNK/yEX8lvOuRwCto6571vrX
8TzoCZLcIdLEdIgEDb7KLRe7swP5rXudGNe+51Nubyu1fj/7mLWpy18sQ5ljVKj3kSlp
Nc1+wJMmrLtZr39TJsS0FB3wtPgdJ3C0G7w7W8oJTBYlz+/A8P4j7v4i2Bg2zyFstb3g
FPkSacFPSU9iyYUbefA03uOUVmGmO2PxJEoFCNDhIgZx1pTFmDBS6yVNSzvck0J3JFwl
kl0A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
:mime-version:list-unsubscribe:list-subscribe:list-id:precedence
:subject:date:from:dkim-signature;
bh=2dW3YRsN3P/j/sY75FzxRXD8f2o0gC9+4GEJkf/Bos8=;
fh=cmUftPyjova8vfrRCkzB3LPCrEAU6RSKaUj8yBgep1w=;
b=H00VmO2UpMvO3EBO+3XUoCL8oxItUmAwux43Frxa5jGHq7cd9xaov6ZsgnJVkFnoEO
+FlI56yrwwNWsPOOalD7w1T5+Kpi6TOaDM7NuxMoSRCz5v2pCc8gRxadKhcSZsnR+A4J
cNTO6Cs4kqHMCIiqr4kYVOY+sajwlzZtKtB/+GII+jhao3aMUYQvg4iZx7dcTmu2xLEn
a5FkMQF/6oZ6pUQYhu6dXEGckib1iWZRdXpXb7DvReO6dktk13afM/pbXGQHVPmLlfw2
jAEqca0sYAv+ocSBpafJaNU7i+PU4PPeeo9PHQQXGRQzP78SkyeOFHq7R9gDl/Pm+/Ch
RHSQ==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@bootlin.com header.s=gm1 header.b=kzvfDQtO;
arc=pass (i=1 spf=pass spfdomain=bootlin.com dkim=pass
dkdomain=bootlin.com dmarc=pass fromdomain=bootlin.com);
spf=pass (google.com: domain of
linux-kernel+bounces-52859-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-52859-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=bootlin.com
X-Forwarded-Encrypted: i=1;
AJvYcCWLD9HOa8JA+/hmgZhyNYr42bGAAJ7QY2tSSaVLLiAS9HCkYkpK9Cnf8ow4GWIBXCgrnprwvqWvA+8YgO/ohFTbiiJaeA==
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org.
[2604:1380:45d1:ec00::1])
by mx.google.com with ESMTPS id
j6-20020a05620a146600b0078585ef0fb7si773084qkl.481.2024.02.05.06.59.17
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 05 Feb 2024 06:59:17 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-52859-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@bootlin.com header.s=gm1 header.b=kzvfDQtO;
arc=pass (i=1 spf=pass spfdomain=bootlin.com dkim=pass
dkdomain=bootlin.com dmarc=pass fromdomain=bootlin.com);
spf=pass (google.com: domain of
linux-kernel+bounces-52859-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-52859-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=bootlin.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ny.mirrors.kernel.org (Postfix) with ESMTPS id EB10B1C21DA6
for <ouuuleilei@gmail.com>; Mon, 5 Feb 2024 14:59:16 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 7ABCB3F8CA;
Mon, 5 Feb 2024 14:57:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=bootlin.com header.i=@bootlin.com
header.b="kzvfDQtO"
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
[217.70.183.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 952B62D054;
Mon, 5 Feb 2024 14:57:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=217.70.183.200
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1707145060; cv=none;
b=Zv2iQPlV8PLLWiFmoRFe57m9Crc+/qV8o1t0WwYB2O+L8FF93u0UQFORuTh2vg6Ox0rT8zOsizJj4bVRpRsJnVWYb5Ql+qItMFS7I96UAKHEo2oLsAisQ/b46BZkRT4NtdCEMVgLnYI+Ns9LVaIeQAgJ6t+KOEYDA8j9G55Xhao=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1707145060; c=relaxed/simple;
bh=0TIv8do25e/uL4lq4tvg5O/ua8nIaVhna6ZlQbpAaHs=;
h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
In-Reply-To:To:Cc;
b=uGV6t7EhyxX+9lMe5pJXlahf3UFHb91EMBbZc2gdFbGUe517ppWH27/JEEqEFU9Ie2Jlk1y3RTmZ7hd6VYbju1hk1rVi7xnYzZ5B19P+Ey+rQqecslkhbR9d13GvbXe3B7UCQvHJKcf7l8ZdgPv1BP9gXxvntVeF3962P9w/VEo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=bootlin.com;
spf=pass smtp.mailfrom=bootlin.com;
dkim=pass (2048-bit key) header.d=bootlin.com header.i=@bootlin.com
header.b=kzvfDQtO; arc=none smtp.client-ip=217.70.183.200
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=bootlin.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=bootlin.com
Received: by mail.gandi.net (Postfix) with ESMTPSA id 1A9F520010;
Mon, 5 Feb 2024 14:57:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=gm1;
t=1707145051;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=2dW3YRsN3P/j/sY75FzxRXD8f2o0gC9+4GEJkf/Bos8=;
b=kzvfDQtOo6/Vma01SnlkXEt4R6RXIKcub5Z85ty5eZbHB0g6f9mzimhgyVoHvWrCDc7zbM
YItcz0fwfImmnCPXLr0oIDtX/U6+IA2c0kHG7LsSQKVlWbnPJvWQXGBuuduTmS2CK5Myb5
ZIBf0iK0vFyzq5qLqDEBOpyQPaUk8PJYytpQcruA+ZZ93JhCakpb6Ufq6p9WpJ9CQprqBC
w4uUCIkS2JH0TwJBYOV/+pMiNlH8dqvn1zyef/m3MTMtTLazqch+oX3U7IfzerLYp4YnaZ
vArJcemC99BrioYouxkSHzLR6JJzYHflxI4/0bDdUNRc4TbS4FSu1P6tTCtV4Q==
From: =?utf-8?q?Th=C3=A9o_Lebrun?= <theo.lebrun@bootlin.com>
Date: Mon, 05 Feb 2024 15:57:30 +0100
Subject: [PATCH v2 2/4] spi: cadence-qspi: fix pointer reference in runtime
PM hooks
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-Id: <20240205-cdns-qspi-pm-fix-v2-2-2e7bbad49a46@bootlin.com>
References: <20240205-cdns-qspi-pm-fix-v2-0-2e7bbad49a46@bootlin.com>
In-Reply-To: <20240205-cdns-qspi-pm-fix-v2-0-2e7bbad49a46@bootlin.com>
To: Mark Brown <broonie@kernel.org>, Apurva Nandan <a-nandan@ti.com>,
Dhruva Gole <d-gole@ti.com>
Cc: linux-spi@vger.kernel.org, linux-kernel@vger.kernel.org,
Gregory CLEMENT <gregory.clement@bootlin.com>,
Vladimir Kondratiev <vladimir.kondratiev@mobileye.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Tawfik Bayouk <tawfik.bayouk@mobileye.com>,
=?utf-8?q?Th=C3=A9o_Lebrun?= <theo.lebrun@bootlin.com>
X-Mailer: b4 0.12.4
X-GND-Sasl: theo.lebrun@bootlin.com
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1790071440550546926
X-GMAIL-MSGID: 1790071440550546926
|
| Series |
spi: cadence-qspi: Fix runtime PM and system-wide suspend
|
|
Commit Message
Théo Lebrun
Feb. 5, 2024, 2:57 p.m. UTC
dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI
controller. Neither embed the other; this lead to memory corruption.
On a given platform (Mobileye EyeQ5) the memory corruption is hidden
inside cqspi->f_pdata. Also, this uninitialised memory is used as a
mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().
Fixes: 2087e85bb66e ("spi: cadence-quadspi: fix suspend-resume implementations")
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
---
drivers/spi/spi-cadence-quadspi.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
Comments
On Mon, Feb 05, 2024 at 03:57:30PM +0100, Théo Lebrun wrote: > dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI > controller. Neither embed the other; this lead to memory corruption. > > On a given platform (Mobileye EyeQ5) the memory corruption is hidden > inside cqspi->f_pdata. Also, this uninitialised memory is used as a > mutex (ctlr->bus_lock_mutex) by spi_controller_suspend(). Please place fixes at the start of serieses so that they don't end up with spurious dependencies on other changes and can more easily be applied as fixes.
Hi Mark, On Feb 05, 2024 at 15:12:10 +0000, Mark Brown wrote: > On Mon, Feb 05, 2024 at 03:57:30PM +0100, Théo Lebrun wrote: > > dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI > > controller. Neither embed the other; this lead to memory corruption. > > > > On a given platform (Mobileye EyeQ5) the memory corruption is hidden > > inside cqspi->f_pdata. Also, this uninitialised memory is used as a > > mutex (ctlr->bus_lock_mutex) by spi_controller_suspend(). > > Please place fixes at the start of serieses so that they don't end up > with spurious dependencies on other changes and can more easily be > applied as fixes. Didn't really understand the comment here, aren't the 1,2 and 3 patches fixes and the last one the non-fix? Thus fixes are indeed placed at start of this series right? Can you help understand with some example series?
On Feb 05, 2024 at 15:57:30 +0100, Théo Lebrun wrote: > dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI > controller. Neither embed the other; this lead to memory corruption. > > On a given platform (Mobileye EyeQ5) the memory corruption is hidden > inside cqspi->f_pdata. Also, this uninitialised memory is used as a > mutex (ctlr->bus_lock_mutex) by spi_controller_suspend(). > > Fixes: 2087e85bb66e ("spi: cadence-quadspi: fix suspend-resume implementations") > Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com> > --- > drivers/spi/spi-cadence-quadspi.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c > index 720b28d2980c..1a27987638f0 100644 > --- a/drivers/spi/spi-cadence-quadspi.c > +++ b/drivers/spi/spi-cadence-quadspi.c > @@ -1930,10 +1930,9 @@ static void cqspi_remove(struct platform_device *pdev) > static int cqspi_runtime_suspend(struct device *dev) > { > struct cqspi_st *cqspi = dev_get_drvdata(dev); > - struct spi_controller *host = dev_get_drvdata(dev); Or you could do: + struct spi_controller *host = cqspi->host; > int ret; > > - ret = spi_controller_suspend(host); > + ret = spi_controller_suspend(cqspi->host); And avoid changing these? > cqspi_controller_enable(cqspi, 0); > > clk_disable_unprepare(cqspi->clk); > @@ -1944,7 +1943,6 @@ static int cqspi_runtime_suspend(struct device *dev) > static int cqspi_runtime_resume(struct device *dev) > { > struct cqspi_st *cqspi = dev_get_drvdata(dev); > - struct spi_controller *host = dev_get_drvdata(dev); > > clk_prepare_enable(cqspi->clk); > cqspi_wait_idle(cqspi); > @@ -1953,7 +1951,7 @@ static int cqspi_runtime_resume(struct device *dev) > cqspi->current_cs = -1; > cqspi->sclk = 0; > > - return spi_controller_resume(host); > + return spi_controller_resume(cqspi->host); ditto. Thanks, Dhruva Gole <d-gole@ti.com> > } > > static DEFINE_RUNTIME_DEV_PM_OPS(cqspi_dev_pm_ops, cqspi_runtime_suspend, > > -- > 2.43.0 > >
Hello, On Wed Feb 7, 2024 at 9:42 AM CET, Dhruva Gole wrote: > On Feb 05, 2024 at 15:57:30 +0100, Théo Lebrun wrote: > > dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI > > controller. Neither embed the other; this lead to memory corruption. > > > > On a given platform (Mobileye EyeQ5) the memory corruption is hidden > > inside cqspi->f_pdata. Also, this uninitialised memory is used as a > > mutex (ctlr->bus_lock_mutex) by spi_controller_suspend(). > > > > Fixes: 2087e85bb66e ("spi: cadence-quadspi: fix suspend-resume implementations") > > Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com> > > --- > > drivers/spi/spi-cadence-quadspi.c | 6 ++---- > > 1 file changed, 2 insertions(+), 4 deletions(-) > > > > diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c > > index 720b28d2980c..1a27987638f0 100644 > > --- a/drivers/spi/spi-cadence-quadspi.c > > +++ b/drivers/spi/spi-cadence-quadspi.c > > @@ -1930,10 +1930,9 @@ static void cqspi_remove(struct platform_device *pdev) > > static int cqspi_runtime_suspend(struct device *dev) > > { > > struct cqspi_st *cqspi = dev_get_drvdata(dev); > > - struct spi_controller *host = dev_get_drvdata(dev); > > Or you could do: > + struct spi_controller *host = cqspi->host; Indeed. I preferred minimizing line count as I didn't see a benefit to introducing a new variable. It goes away new patch anyway. If you prefer it this way tell me and I'll fix it for next revision. Thanks Dhruva, -- Théo Lebrun, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
On Wed, Feb 07, 2024 at 02:09:02PM +0530, Dhruva Gole wrote: > On Feb 05, 2024 at 15:12:10 +0000, Mark Brown wrote: > > Please place fixes at the start of serieses so that they don't end up > > with spurious dependencies on other changes and can more easily be > > applied as fixes. > Didn't really understand the comment here, aren't the 1,2 and 3 patches > fixes and the last one the non-fix? Thus fixes are indeed placed at > start of this series right? Patch 1 is a rename, this is obviously cosmetic and not a bug fix.
On Feb 07, 2024 at 10:28:59 +0100, Théo Lebrun wrote: > Hello, > > On Wed Feb 7, 2024 at 9:42 AM CET, Dhruva Gole wrote: > > On Feb 05, 2024 at 15:57:30 +0100, Théo Lebrun wrote: > > > dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI > > > controller. Neither embed the other; this lead to memory corruption. > > > > > > On a given platform (Mobileye EyeQ5) the memory corruption is hidden > > > inside cqspi->f_pdata. Also, this uninitialised memory is used as a > > > mutex (ctlr->bus_lock_mutex) by spi_controller_suspend(). > > > > > > Fixes: 2087e85bb66e ("spi: cadence-quadspi: fix suspend-resume implementations") > > > Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com> > > > --- > > > drivers/spi/spi-cadence-quadspi.c | 6 ++---- > > > 1 file changed, 2 insertions(+), 4 deletions(-) > > > > > > diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c > > > index 720b28d2980c..1a27987638f0 100644 > > > --- a/drivers/spi/spi-cadence-quadspi.c > > > +++ b/drivers/spi/spi-cadence-quadspi.c > > > @@ -1930,10 +1930,9 @@ static void cqspi_remove(struct platform_device *pdev) > > > static int cqspi_runtime_suspend(struct device *dev) > > > { > > > struct cqspi_st *cqspi = dev_get_drvdata(dev); > > > - struct spi_controller *host = dev_get_drvdata(dev); > > > > Or you could do: > > + struct spi_controller *host = cqspi->host; > > Indeed. I preferred minimizing line count as I didn't see a benefit to > introducing a new variable. It goes away new patch anyway. If you > prefer it this way tell me and I'll fix it for next revision. I mean since you're going to have to respin then do make this change, it will further minimise the number of lines of change right? It goes away in last patch but if atall in some older kernel only suspend resume support is there then only this will get picked so it's still not useless code.
Hey, On Feb 07, 2024 at 09:50:16 +0000, Mark Brown wrote: > On Wed, Feb 07, 2024 at 02:09:02PM +0530, Dhruva Gole wrote: > > On Feb 05, 2024 at 15:12:10 +0000, Mark Brown wrote: > > > > Please place fixes at the start of serieses so that they don't end up > > > with spurious dependencies on other changes and can more easily be > > > applied as fixes. > > > Didn't really understand the comment here, aren't the 1,2 and 3 patches > > fixes and the last one the non-fix? Thus fixes are indeed placed at > > start of this series right? > > Patch 1 is a rename, this is obviously cosmetic and not a bug fix. Well, Theo, seems like you better fix the first patch, then reorder and send a v3 :)
diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index 720b28d2980c..1a27987638f0 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1930,10 +1930,9 @@ static void cqspi_remove(struct platform_device *pdev) static int cqspi_runtime_suspend(struct device *dev) { struct cqspi_st *cqspi = dev_get_drvdata(dev); - struct spi_controller *host = dev_get_drvdata(dev); int ret; - ret = spi_controller_suspend(host); + ret = spi_controller_suspend(cqspi->host); cqspi_controller_enable(cqspi, 0); clk_disable_unprepare(cqspi->clk); @@ -1944,7 +1943,6 @@ static int cqspi_runtime_suspend(struct device *dev) static int cqspi_runtime_resume(struct device *dev) { struct cqspi_st *cqspi = dev_get_drvdata(dev); - struct spi_controller *host = dev_get_drvdata(dev); clk_prepare_enable(cqspi->clk); cqspi_wait_idle(cqspi); @@ -1953,7 +1951,7 @@ static int cqspi_runtime_resume(struct device *dev) cqspi->current_cs = -1; cqspi->sclk = 0; - return spi_controller_resume(host); + return spi_controller_resume(cqspi->host); } static DEFINE_RUNTIME_DEV_PM_OPS(cqspi_dev_pm_ops, cqspi_runtime_suspend,