Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
openwrt_lede
/
target
/
linux
/
apm821xx
/
patches-4.4
/
012-dmaengine-Add-transfer-termination-synchronization-s.patch

012-dmaengine-Add-transfer-termination-synchronization-s.patch 12 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 
  1. From b36f09c3c441a6e59eab9315032e7d546571de3f Mon Sep 17 00:00:00 2001
    2. 

  2. From: Lars-Peter Clausen <lars@metafoo.de>
    3. 

  3. Date: Tue, 20 Oct 2015 11:46:28 +0200
    4. 

  4. Subject: [PATCH] dmaengine: Add transfer termination synchronization support
    5. 

  5. 

  6. The DMAengine API has a long standing race condition that is inherent to
    7. 

  7. the API itself. Calling dmaengine_terminate_all() is supposed to stop and
    8. 

  8. abort any pending or active transfers that have previously been submitted.
    9. 

  9. Unfortunately it is possible that this operation races against a currently
    10. 

  10. running (or with some drivers also scheduled) completion callback.
    11. 

  11. 

  12. Since the API allows dmaengine_terminate_all() to be called from atomic
    13. 

  13. context as well as from within a completion callback it is not possible to
    14. 

  14. synchronize to the execution of the completion callback from within
    15. 

  15. dmaengine_terminate_all() itself.
    16. 

  16. 

  17. This means that a user of the DMAengine API does not know when it is safe
    18. 

  18. to free resources used in the completion callback, which can result in a
    19. 

  19. use-after-free race condition.
    20. 

  20. 

  21. This patch addresses the issue by introducing an explicit synchronization
    22. 

  22. primitive to the DMAengine API called dmaengine_synchronize().
    23. 

  23. 

  24. The existing dmaengine_terminate_all() is deprecated in favor of
    25. 

  25. dmaengine_terminate_sync() and dmaengine_terminate_async(). The former
    26. 

  26. aborts all pending and active transfers and synchronizes to the current
    27. 

  27. context, meaning it will wait until all running completion callbacks have
    28. 

  28. finished. This means it is only possible to call this function from
    29. 

  29. non-atomic context. The later function does not synchronize, but can still
    30. 

  30. be used in atomic context or from within a complete callback. It has to be
    31. 

  31. followed up by dmaengine_synchronize() before a client can free the
    32. 

  32. resources used in a completion callback.
    33. 

  33. 

  34. In addition to this the semantics of the device_terminate_all() callback
    35. 

  35. are slightly relaxed by this patch. It is now OK for a driver to only
    36. 

  36. schedule the termination of the active transfer, but does not necessarily
    37. 

  37. have to wait until the DMA controller has completely stopped. The driver
    38. 

  38. must ensure though that the controller has stopped and no longer accesses
    39. 

  39. any memory when the device_synchronize() callback returns.
    40. 

  40. 

  41. This was in part done since most drivers do not pay attention to this
    42. 

  42. anyway at the moment and to emphasize that this needs to be done when the
    43. 

  43. device_synchronize() callback is implemented. But it also helps with
    44. 

  44. implementing support for devices where stopping the controller can require
    45. 

  45. operations that may sleep.
    46. 

  46. 

  47. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
    48. 

  48. Signed-off-by: Vinod Koul <vinod.koul@intel.com>
    49. 

  49. ---
    50. 

  50.  Documentation/dmaengine/client.txt   | 38 ++++++++++++++-
    51. 

  51.  Documentation/dmaengine/provider.txt | 20 +++++++-
    52. 

  52.  drivers/dma/dmaengine.c              |  5 +-
    53. 

  53.  include/linux/dmaengine.h            | 90 ++++++++++++++++++++++++++++++++++++
    54. 

  54.  4 files changed, 148 insertions(+), 5 deletions(-)
    55. 

  55. 

  56. --- a/Documentation/dmaengine/client.txt
    57. 

  57. +++ b/Documentation/dmaengine/client.txt
    58. 

  58. @@ -117,7 +117,7 @@ The slave DMA usage consists of followin
    59. 

  59.  	transaction.
    60. 

  60.  
    61. 

  61.  	For cyclic DMA, a callback function may wish to terminate the
    62. 

  62. -	DMA via dmaengine_terminate_all().
    63. 

  63. +	DMA via dmaengine_terminate_async().
    64. 

  64.  
    65. 

  65.  	Therefore, it is important that DMA engine drivers drop any
    66. 

  66.  	locks before calling the callback function which may cause a
    67. 

  67. @@ -155,12 +155,29 @@ The slave DMA usage consists of followin
    68. 

  68.  
    69. 

  69.  Further APIs:
    70. 

  70.  
    71. 

  71. -1. int dmaengine_terminate_all(struct dma_chan *chan)
    72. 

  72. +1. int dmaengine_terminate_sync(struct dma_chan *chan)
    73. 

  73. +   int dmaengine_terminate_async(struct dma_chan *chan)
    74. 

  74. +   int dmaengine_terminate_all(struct dma_chan *chan) /* DEPRECATED */
    75. 

  75.  
    76. 

  76.     This causes all activity for the DMA channel to be stopped, and may
    77. 

  77.     discard data in the DMA FIFO which hasn't been fully transferred.
    78. 

  78.     No callback functions will be called for any incomplete transfers.
    79. 

  79.  
    80. 

  80. +   Two variants of this function are available.
    81. 

  81. +
    82. 

  82. +   dmaengine_terminate_async() might not wait until the DMA has been fully
    83. 

  83. +   stopped or until any running complete callbacks have finished. But it is
    84. 

  84. +   possible to call dmaengine_terminate_async() from atomic context or from
    85. 

  85. +   within a complete callback. dmaengine_synchronize() must be called before it
    86. 

  86. +   is safe to free the memory accessed by the DMA transfer or free resources
    87. 

  87. +   accessed from within the complete callback.
    88. 

  88. +
    89. 

  89. +   dmaengine_terminate_sync() will wait for the transfer and any running
    90. 

  90. +   complete callbacks to finish before it returns. But the function must not be
    91. 

  91. +   called from atomic context or from within a complete callback.
    92. 

  92. +
    93. 

  93. +   dmaengine_terminate_all() is deprecated and should not be used in new code.
    94. 

  94. +
    95. 

  95.  2. int dmaengine_pause(struct dma_chan *chan)
    96. 

  96.  
    97. 

  97.     This pauses activity on the DMA channel without data loss.
    98. 

  98. @@ -186,3 +203,20 @@ Further APIs:
    99. 

  99.  	a running DMA channel.  It is recommended that DMA engine users
    100. 

  100.  	pause or stop (via dmaengine_terminate_all()) the channel before
    101. 

  101.  	using this API.
    102. 

  102. +
    103. 

  103. +5. void dmaengine_synchronize(struct dma_chan *chan)
    104. 

  104. +
    105. 

  105. +  Synchronize the termination of the DMA channel to the current context.
    106. 

  106. +
    107. 

  107. +  This function should be used after dmaengine_terminate_async() to synchronize
    108. 

  108. +  the termination of the DMA channel to the current context. The function will
    109. 

  109. +  wait for the transfer and any running complete callbacks to finish before it
    110. 

  110. +  returns.
    111. 

  111. +
    112. 

  112. +  If dmaengine_terminate_async() is used to stop the DMA channel this function
    113. 

  113. +  must be called before it is safe to free memory accessed by previously
    114. 

  114. +  submitted descriptors or to free any resources accessed within the complete
    115. 

  115. +  callback of previously submitted descriptors.
    116. 

  116. +
    117. 

  117. +  The behavior of this function is undefined if dma_async_issue_pending() has
    118. 

  118. +  been called between dmaengine_terminate_async() and this function.
    119. 

  119. --- a/Documentation/dmaengine/provider.txt
    120. 

  120. +++ b/Documentation/dmaengine/provider.txt
    121. 

  121. @@ -327,8 +327,24 @@ supported.
    122. 

  122.  
    123. 

  123.     * device_terminate_all
    124. 

  124.       - Aborts all the pending and ongoing transfers on the channel
    125. 

  125. -     - This command should operate synchronously on the channel,
    126. 

  126. -       terminating right away all the channels
    127. 

  127. +     - For aborted transfers the complete callback should not be called
    128. 

  128. +     - Can be called from atomic context or from within a complete
    129. 

  129. +       callback of a descriptor. Must not sleep. Drivers must be able
    130. 

  130. +       to handle this correctly.
    131. 

  131. +     - Termination may be asynchronous. The driver does not have to
    132. 

  132. +       wait until the currently active transfer has completely stopped.
    133. 

  133. +       See device_synchronize.
    134. 

  134. +
    135. 

  135. +   * device_synchronize
    136. 

  136. +     - Must synchronize the termination of a channel to the current
    137. 

  137. +       context.
    138. 

  138. +     - Must make sure that memory for previously submitted
    139. 

  139. +       descriptors is no longer accessed by the DMA controller.
    140. 

  140. +     - Must make sure that all complete callbacks for previously
    141. 

  141. +       submitted descriptors have finished running and none are
    142. 

  142. +       scheduled to run.
    143. 

  143. +     - May sleep.
    144. 

  144. +
    145. 

  145.  
    146. 

  146.  Misc notes (stuff that should be documented, but don't really know
    147. 

  147.  where to put them)
    148. 

  148. --- a/drivers/dma/dmaengine.c
    149. 

  149. +++ b/drivers/dma/dmaengine.c
    150. 

  150. @@ -266,8 +266,11 @@ static void dma_chan_put(struct dma_chan
    151. 

  151.  	module_put(dma_chan_to_owner(chan));
    152. 

  152.  
    153. 

  153.  	/* This channel is not in use anymore, free it */
    154. 

  154. -	if (!chan->client_count && chan->device->device_free_chan_resources)
    155. 

  155. +	if (!chan->client_count && chan->device->device_free_chan_resources) {
    156. 

  156. +		/* Make sure all operations have completed */
    157. 

  157. +		dmaengine_synchronize(chan);
    158. 

  158.  		chan->device->device_free_chan_resources(chan);
    159. 

  159. +	}
    160. 

  160.  
    161. 

  161.  	/* If the channel is used via a DMA request router, free the mapping */
    162. 

  162.  	if (chan->router && chan->router->route_free) {
    163. 

  163. --- a/include/linux/dmaengine.h
    164. 

  164. +++ b/include/linux/dmaengine.h
    165. 

  165. @@ -681,6 +681,8 @@ struct dma_filter {
    166. 

  166.   *	paused. Returns 0 or an error code
    167. 

  167.   * @device_terminate_all: Aborts all transfers on a channel. Returns 0
    168. 

  168.   *	or an error code
    169. 

  169. + * @device_synchronize: Synchronizes the termination of a transfers to the
    170. 

  170. + *  current context.
    171. 

  171.   * @device_tx_status: poll for transaction completion, the optional
    172. 

  172.   *	txstate parameter can be supplied with a pointer to get a
    173. 

  173.   *	struct with auxiliary transfer status information, otherwise the call
    174. 

  174. @@ -765,6 +767,7 @@ struct dma_device {
    175. 

  175.  	int (*device_pause)(struct dma_chan *chan);
    176. 

  176.  	int (*device_resume)(struct dma_chan *chan);
    177. 

  177.  	int (*device_terminate_all)(struct dma_chan *chan);
    178. 

  178. +	void (*device_synchronize)(struct dma_chan *chan);
    179. 

  179.  
    180. 

  180.  	enum dma_status (*device_tx_status)(struct dma_chan *chan,
    181. 

  181.  					    dma_cookie_t cookie,
    182. 

  182. @@ -874,6 +877,13 @@ static inline struct dma_async_tx_descri
    183. 

  183.  			src_sg, src_nents, flags);
    184. 

  184.  }
    185. 

  185.  
    186. 

  186. +/**
    187. 

  187. + * dmaengine_terminate_all() - Terminate all active DMA transfers
    188. 

  188. + * @chan: The channel for which to terminate the transfers
    189. 

  189. + *
    190. 

  190. + * This function is DEPRECATED use either dmaengine_terminate_sync() or
    191. 

  191. + * dmaengine_terminate_async() instead.
    192. 

  192. + */
    193. 

  193.  static inline int dmaengine_terminate_all(struct dma_chan *chan)
    194. 

  194.  {
    195. 

  195.  	if (chan->device->device_terminate_all)
    196. 

  196. @@ -882,6 +892,86 @@ static inline int dmaengine_terminate_al
    197. 

  197.  	return -ENOSYS;
    198. 

  198.  }
    199. 

  199.  
    200. 

  200. +/**
    201. 

  201. + * dmaengine_terminate_async() - Terminate all active DMA transfers
    202. 

  202. + * @chan: The channel for which to terminate the transfers
    203. 

  203. + *
    204. 

  204. + * Calling this function will terminate all active and pending descriptors
    205. 

  205. + * that have previously been submitted to the channel. It is not guaranteed
    206. 

  206. + * though that the transfer for the active descriptor has stopped when the
    207. 

  207. + * function returns. Furthermore it is possible the complete callback of a
    208. 

  208. + * submitted transfer is still running when this function returns.
    209. 

  209. + *
    210. 

  210. + * dmaengine_synchronize() needs to be called before it is safe to free
    211. 

  211. + * any memory that is accessed by previously submitted descriptors or before
    212. 

  212. + * freeing any resources accessed from within the completion callback of any
    213. 

  213. + * perviously submitted descriptors.
    214. 

  214. + *
    215. 

  215. + * This function can be called from atomic context as well as from within a
    216. 

  216. + * complete callback of a descriptor submitted on the same channel.
    217. 

  217. + *
    218. 

  218. + * If none of the two conditions above apply consider using
    219. 

  219. + * dmaengine_terminate_sync() instead.
    220. 

  220. + */
    221. 

  221. +static inline int dmaengine_terminate_async(struct dma_chan *chan)
    222. 

  222. +{
    223. 

  223. +	if (chan->device->device_terminate_all)
    224. 

  224. +		return chan->device->device_terminate_all(chan);
    225. 

  225. +
    226. 

  226. +	return -EINVAL;
    227. 

  227. +}
    228. 

  228. +
    229. 

  229. +/**
    230. 

  230. + * dmaengine_synchronize() - Synchronize DMA channel termination
    231. 

  231. + * @chan: The channel to synchronize
    232. 

  232. + *
    233. 

  233. + * Synchronizes to the DMA channel termination to the current context. When this
    234. 

  234. + * function returns it is guaranteed that all transfers for previously issued
    235. 

  235. + * descriptors have stopped and and it is safe to free the memory assoicated
    236. 

  236. + * with them. Furthermore it is guaranteed that all complete callback functions
    237. 

  237. + * for a previously submitted descriptor have finished running and it is safe to
    238. 

  238. + * free resources accessed from within the complete callbacks.
    239. 

  239. + *
    240. 

  240. + * The behavior of this function is undefined if dma_async_issue_pending() has
    241. 

  241. + * been called between dmaengine_terminate_async() and this function.
    242. 

  242. + *
    243. 

  243. + * This function must only be called from non-atomic context and must not be
    244. 

  244. + * called from within a complete callback of a descriptor submitted on the same
    245. 

  245. + * channel.
    246. 

  246. + */
    247. 

  247. +static inline void dmaengine_synchronize(struct dma_chan *chan)
    248. 

  248. +{
    249. 

  249. +	if (chan->device->device_synchronize)
    250. 

  250. +		chan->device->device_synchronize(chan);
    251. 

  251. +}
    252. 

  252. +
    253. 

  253. +/**
    254. 

  254. + * dmaengine_terminate_sync() - Terminate all active DMA transfers
    255. 

  255. + * @chan: The channel for which to terminate the transfers
    256. 

  256. + *
    257. 

  257. + * Calling this function will terminate all active and pending transfers
    258. 

  258. + * that have previously been submitted to the channel. It is similar to
    259. 

  259. + * dmaengine_terminate_async() but guarantees that the DMA transfer has actually
    260. 

  260. + * stopped and that all complete callbacks have finished running when the
    261. 

  261. + * function returns.
    262. 

  262. + *
    263. 

  263. + * This function must only be called from non-atomic context and must not be
    264. 

  264. + * called from within a complete callback of a descriptor submitted on the same
    265. 

  265. + * channel.
    266. 

  266. + */
    267. 

  267. +static inline int dmaengine_terminate_sync(struct dma_chan *chan)
    268. 

  268. +{
    269. 

  269. +	int ret;
    270. 

  270. +
    271. 

  271. +	ret = dmaengine_terminate_async(chan);
    272. 

  272. +	if (ret)
    273. 

  273. +		return ret;
    274. 

  274. +
    275. 

  275. +	dmaengine_synchronize(chan);
    276. 

  276. +
    277. 

  277. +	return 0;
    278. 

  278. +}
    279. 

  279. +
    280. 

  280.  static inline int dmaengine_pause(struct dma_chan *chan)
    281. 

  281.  {
    282. 

  282.  	if (chan->device->device_pause)
    283.