| Message ID | 20221230194315.809903-2-t.schramm@manjaro.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3043113wrt;
Fri, 30 Dec 2022 11:52:49 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXve1ozU72uY2GttKeAuTVeGOSEpN9bMprKfI4yyAeCn3uFQaWsQBiBiuJUPWWoW9e6PXnie
X-Received: by 2002:a05:6a20:4c09:b0:b2:50c3:bb73 with SMTP id
fm9-20020a056a204c0900b000b250c3bb73mr36347504pzb.13.1672429969214;
Fri, 30 Dec 2022 11:52:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672429969; cv=none;
d=google.com; s=arc-20160816;
b=ZKLv5fNu/u8i7i6oDk4Eplv1mFObQYJgU7HGWVxjOlNG/aFH45jaCDMELZqAgOEAQr
B/5I28qjJBnHCWPrdpgYpHkwMXlJ1F+E19czalKPLAN1R8ZzoxLuuYu526MZeO8TUNLf
Dr3MF3GCA0i3gitm3zIOxkBx/RQ0PagvdcgGXz/HiTDe/82NbFpbl/KPHfSUk4pxNCe4
K9rwXPix8yYKDp9TFB5qqMUK6lx6p9fUvy7t6Rj3bbJCdx7QaSOMNIQjlpEW70RqZhiH
JL5moEXjmxeF3pRj+fAN/tOOGpOA0WNfTb7w1rZbUcAaEJqUKd/tB5NH4fzc+u3UHSGi
4Lew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:dkim-signature
:from;
bh=iltt/tMF0HVdVDpikGptnZa6QFjij3xktJX/OGyMXc8=;
b=UfcJbEw77VB5y4pYtug/f1lfUl11sHSwQjgit5qlm9+uamxuv02p2S2wcnI9YJX1kE
zm5UakDkV2hWrS0DyadI+ltp/Q3qNrIY7eroFQQ4/Q0y1SprFlAyyaOeh3Yfdcl38APU
wb0vJF1gmR8Lf/ChkMFGqA9HOP5LnvuU5CnnC7mZ3q7Q7uVVHfEgO5CFkMCuj1FZaR3V
B53+HVaJsKnZtfm/un8UVNzMatBAQo42uHM4NzMw8kNR/Jt4z06O3BXzWpq6NeIUd7B0
L0fD+GsgsdUscSVd8gNa/TLJP3mV1EhmfjsLkQA5wQPpQRIJ3Zsao1YMPHsUQ7VYoi+h
FEWA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@manjaro.org header.s=2021 header.b=Vgjh7tPf;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=manjaro.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
j1-20020a634a41000000b004790794f0a7si21862471pgl.1.2022.12.30.11.52.37;
Fri, 30 Dec 2022 11:52:49 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@manjaro.org header.s=2021 header.b=Vgjh7tPf;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=manjaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231294AbiL3TuN (ORCPT <rfc822;cscallsign@gmail.com> + 99 others);
Fri, 30 Dec 2022 14:50:13 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42396 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229527AbiL3TuH (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 30 Dec 2022 14:50:07 -0500
X-Greylist: delayed 401 seconds by postgrey-1.37 at lindbergh.monkeyblade.net;
Fri, 30 Dec 2022 11:50:05 PST
Received: from mail.manjaro.org (mail.manjaro.org [IPv6:2a01:4f8:c0c:51f3::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C036FB96;
Fri, 30 Dec 2022 11:50:05 -0800 (PST)
From: Tobias Schramm <t.schramm@manjaro.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manjaro.org; s=2021;
t=1672429403;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=iltt/tMF0HVdVDpikGptnZa6QFjij3xktJX/OGyMXc8=;
b=Vgjh7tPfRRKofr5UvamVpINgNBLUEF9phH9TaRNShWEra44F74wNyM5HO/r4Dmoa+4ZazC
sRujewX6dn+nGUgksLcb5Nss/aDptgvko5CqgBRavJQRKeqDveocOryhYXzrGF55dhIJmE
YdGCTh38P/k3O60Ksowc4FrsnNymTDsl78wlrz3xYnE71+OWwDHWE+Gp196GN42ypqlEJD
iM5jdwIeli0Ak0UK9TlhkT1u9yxG/JDr1qUTQMOKrB3rpfbXLxee/qIa2WAr/7slqfUXDV
HLsQbT8qTkkG9w/0oy72mSr/BruWVP0AD5sKkg8YnQpFeljckJa4G8x9Py4UlA==
To: Ludovic Desroches <ludovic.desroches@microchip.com>
Cc: Ulf Hansson <ulf.hansson@linaro.org>,
Nicolas Ferre <nicolas.ferre@microchip.com>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Claudiu Beznea <claudiu.beznea@microchip.com>,
linux-mmc@vger.kernel.org, linux-kernel@vger.kernel.org,
Tobias Schramm <t.schramm@manjaro.org>
Subject: [PATCH 1/1] mmc: atmel-mci: fix race between stop command and start
of next command
Date: Fri, 30 Dec 2022 20:43:15 +0100
Message-Id: <20221230194315.809903-2-t.schramm@manjaro.org>
In-Reply-To: <20221230194315.809903-1-t.schramm@manjaro.org>
References: <20221230194315.809903-1-t.schramm@manjaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Authentication-Results: ORIGINATING;
auth=pass smtp.auth=t.schramm@manjaro.org
smtp.mailfrom=t.schramm@manjaro.org
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
T_FILL_THIS_FORM_SHORT autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1753669927584889876?=
X-GMAIL-MSGID: =?utf-8?q?1753669927584889876?=
|
| Series |
Fix race between stop command and start of next command in atmel-mci
|
|
Commit Message
Tobias Schramm
Dec. 30, 2022, 7:43 p.m. UTC
This commit fixes a race between completion of stop command and start of a
new command.
Previously the command ready interrupt was enabled before stop command
was written to the command register. This caused the command ready
interrupt to fire immediately since the CMDRDY flag is asserted constantly
while there is no command in progress.
Consequently the command state machine will immediately advance to the
next state when the tasklet function is executed again, no matter
actual completion state of the stop command.
Thus a new command can then be dispatched immediately, interrupting and
corrupting the stop command on the CMD line.
Fix that by dropping the command ready interrupt enable before calling
atmci_send_stop_cmd. atmci_send_stop_cmd does already enable the
command ready interrupt, no further writes to ATMCI_IER are necessary.
Signed-off-by: Tobias Schramm <t.schramm@manjaro.org>
---
drivers/mmc/host/atmel-mci.c | 3 ---
1 file changed, 3 deletions(-)
Comments
On Fri, 30 Dec 2022 at 20:43, Tobias Schramm <t.schramm@manjaro.org> wrote: > > This commit fixes a race between completion of stop command and start of a > new command. > Previously the command ready interrupt was enabled before stop command > was written to the command register. This caused the command ready > interrupt to fire immediately since the CMDRDY flag is asserted constantly > while there is no command in progress. > Consequently the command state machine will immediately advance to the > next state when the tasklet function is executed again, no matter > actual completion state of the stop command. > Thus a new command can then be dispatched immediately, interrupting and > corrupting the stop command on the CMD line. > Fix that by dropping the command ready interrupt enable before calling > atmci_send_stop_cmd. atmci_send_stop_cmd does already enable the > command ready interrupt, no further writes to ATMCI_IER are necessary. > > Signed-off-by: Tobias Schramm <t.schramm@manjaro.org> This looks reasonable to me. I assume we should tag this for stable kernels too? Moreover, I would like to get an ack from Ludovic before applying. Kind regards Uffe > --- > drivers/mmc/host/atmel-mci.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c > index bb9bbf1c927b..dd18440a90c5 100644 > --- a/drivers/mmc/host/atmel-mci.c > +++ b/drivers/mmc/host/atmel-mci.c > @@ -1817,7 +1817,6 @@ static void atmci_tasklet_func(struct tasklet_struct *t) > atmci_writel(host, ATMCI_IER, ATMCI_NOTBUSY); > state = STATE_WAITING_NOTBUSY; > } else if (host->mrq->stop) { > - atmci_writel(host, ATMCI_IER, ATMCI_CMDRDY); > atmci_send_stop_cmd(host, data); > state = STATE_SENDING_STOP; > } else { > @@ -1850,8 +1849,6 @@ static void atmci_tasklet_func(struct tasklet_struct *t) > * command to send. > */ > if (host->mrq->stop) { > - atmci_writel(host, ATMCI_IER, > - ATMCI_CMDRDY); > atmci_send_stop_cmd(host, data); > state = STATE_SENDING_STOP; > } else { > -- > 2.30.2 >
On 30/12/2022 20:43, Tobias Schramm wrote: > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe > > This commit fixes a race between completion of stop command and start of a > new command. > Previously the command ready interrupt was enabled before stop command > was written to the command register. This caused the command ready > interrupt to fire immediately since the CMDRDY flag is asserted constantly > while there is no command in progress. > Consequently the command state machine will immediately advance to the > next state when the tasklet function is executed again, no matter > actual completion state of the stop command. > Thus a new command can then be dispatched immediately, interrupting and > corrupting the stop command on the CMD line. > Fix that by dropping the command ready interrupt enable before calling > atmci_send_stop_cmd. atmci_send_stop_cmd does already enable the > command ready interrupt, no further writes to ATMCI_IER are necessary. > > Signed-off-by: Tobias Schramm <t.schramm@manjaro.org> Hi, In theory this changes make sense. I'm always afraid when something is changed in this driver which handles many version of the IP... As we never encountered this issue until now, I can't really test this fix. I checked on an old board at91sam9m10g45-ek that mmc is still working and it's okay. So Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com> Regards, Ludovic > --- > drivers/mmc/host/atmel-mci.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c > index bb9bbf1c927b..dd18440a90c5 100644 > --- a/drivers/mmc/host/atmel-mci.c > +++ b/drivers/mmc/host/atmel-mci.c > @@ -1817,7 +1817,6 @@ static void atmci_tasklet_func(struct tasklet_struct *t) > atmci_writel(host, ATMCI_IER, ATMCI_NOTBUSY); > state = STATE_WAITING_NOTBUSY; > } else if (host->mrq->stop) { > - atmci_writel(host, ATMCI_IER, ATMCI_CMDRDY); > atmci_send_stop_cmd(host, data); > state = STATE_SENDING_STOP; > } else { > @@ -1850,8 +1849,6 @@ static void atmci_tasklet_func(struct tasklet_struct *t) > * command to send. > */ > if (host->mrq->stop) { > - atmci_writel(host, ATMCI_IER, > - ATMCI_CMDRDY); > atmci_send_stop_cmd(host, data); > state = STATE_SENDING_STOP; > } else { > -- > 2.30.2 >
On Thu, 26 Jan 2023 at 15:44, <Ludovic.Desroches@microchip.com> wrote: > > On 30/12/2022 20:43, Tobias Schramm wrote: > > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe > > > > This commit fixes a race between completion of stop command and start of a > > new command. > > Previously the command ready interrupt was enabled before stop command > > was written to the command register. This caused the command ready > > interrupt to fire immediately since the CMDRDY flag is asserted constantly > > while there is no command in progress. > > Consequently the command state machine will immediately advance to the > > next state when the tasklet function is executed again, no matter > > actual completion state of the stop command. > > Thus a new command can then be dispatched immediately, interrupting and > > corrupting the stop command on the CMD line. > > Fix that by dropping the command ready interrupt enable before calling > > atmci_send_stop_cmd. atmci_send_stop_cmd does already enable the > > command ready interrupt, no further writes to ATMCI_IER are necessary. > > > > Signed-off-by: Tobias Schramm <t.schramm@manjaro.org> > > Hi, > > In theory this changes make sense. I'm always afraid when something is > changed in this driver which handles many version of the IP... > > As we never encountered this issue until now, I can't really test this > fix. I checked on an old board at91sam9m10g45-ek that mmc is still > working and it's okay. > > So > Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com> > > Regards, > Ludovic Thanks for your ack and thoughts! It's not clear to me whether the problem is hypothetical or in fact a real problem. Tobias can you help to fill in here? Nevertheless I have applied this for next, to allow more testing to be done. In the meantime, we can discuss whether we should add a stable tag or leave that to later as manual backports. [...] Kind regards Uffe
diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c index bb9bbf1c927b..dd18440a90c5 100644 --- a/drivers/mmc/host/atmel-mci.c +++ b/drivers/mmc/host/atmel-mci.c @@ -1817,7 +1817,6 @@ static void atmci_tasklet_func(struct tasklet_struct *t) atmci_writel(host, ATMCI_IER, ATMCI_NOTBUSY); state = STATE_WAITING_NOTBUSY; } else if (host->mrq->stop) { - atmci_writel(host, ATMCI_IER, ATMCI_CMDRDY); atmci_send_stop_cmd(host, data); state = STATE_SENDING_STOP; } else { @@ -1850,8 +1849,6 @@ static void atmci_tasklet_func(struct tasklet_struct *t) * command to send. */ if (host->mrq->stop) { - atmci_writel(host, ATMCI_IER, - ATMCI_CMDRDY); atmci_send_stop_cmd(host, data); state = STATE_SENDING_STOP; } else {