Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
openwrt_lede
/
target
/
linux
/
brcm2708
/
patches-4.4
/
0426-vchiq_arm-Avoid-use-of-mutex-in-add_completion.patch

0426-vchiq_arm-Avoid-use-of-mutex-in-add_completion.patch 5.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192 
  1. From 96d2e8f913ef4e62b93a2fd42412655643d24ad1 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Phil Elwell <phil@raspberrypi.org>
    3. 

  3. Date: Mon, 20 Jun 2016 13:51:44 +0100
    4. 

  4. Subject: [PATCH] vchiq_arm: Avoid use of mutex in add_completion
    5. 

  5. 

  6. Claiming the completion_mutex within add_completion did prevent some
    7. 

  7. messages appearing twice, but provokes a deadlock caused by vcsm using
    8. 

  8. vchiq within a page fault handler.
    9. 

  9. 

  10. Revert the use of completion_mutex, and instead fix the original
    11. 

  11. problem using more memory barriers.
    12. 

  12. 

  13. Signed-off-by: Phil Elwell <phil@raspberrypi.org>
    14. 

  14. ---
    15. 

  15.  .../vc04_services/interface/vchiq_arm/vchiq_arm.c  | 55 +++++++++++-----------
    16. 

  16.  .../vc04_services/interface/vchiq_arm/vchiq_core.c | 14 ++++--
    17. 

  17.  2 files changed, 37 insertions(+), 32 deletions(-)
    18. 

  18. 

  19. --- a/drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c
    20. 

  20. +++ b/drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c
    21. 

  21. @@ -64,10 +64,10 @@
    22. 

  22.  #define VCHIQ_MINOR 0
    23. 

  23.  
    24. 

  24.  /* Some per-instance constants */
    25. 

  25. -#define MAX_COMPLETIONS 16
    26. 

  26. +#define MAX_COMPLETIONS 128
    27. 

  27.  #define MAX_SERVICES 64
    28. 

  28.  #define MAX_ELEMENTS 8
    29. 

  29. -#define MSG_QUEUE_SIZE 64
    30. 

  30. +#define MSG_QUEUE_SIZE 128
    31. 

  31.  
    32. 

  32.  #define KEEPALIVE_VER 1
    33. 

  33.  #define KEEPALIVE_VER_MIN KEEPALIVE_VER
    34. 

  34. @@ -208,28 +208,24 @@ add_completion(VCHIQ_INSTANCE_T instance
    35. 

  35.  	void *bulk_userdata)
    36. 

  36.  {
    37. 

  37.  	VCHIQ_COMPLETION_DATA_T *completion;
    38. 

  38. +	int insert;
    39. 

  39.  	DEBUG_INITIALISE(g_state.local)
    40. 

  40.  
    41. 

  41. -	mutex_lock(&instance->completion_mutex);
    42. 

  42. -
    43. 

  43. -	while (instance->completion_insert ==
    44. 

  44. -		(instance->completion_remove + MAX_COMPLETIONS)) {
    45. 

  45. +	insert = instance->completion_insert;
    46. 

  46. +	while ((insert - instance->completion_remove) >= MAX_COMPLETIONS) {
    47. 

  47.  		/* Out of space - wait for the client */
    48. 

  48.  		DEBUG_TRACE(SERVICE_CALLBACK_LINE);
    49. 

  49.  		vchiq_log_trace(vchiq_arm_log_level,
    50. 

  50.  			"add_completion - completion queue full");
    51. 

  51.  		DEBUG_COUNT(COMPLETION_QUEUE_FULL_COUNT);
    52. 

  52.  
    53. 

  53. -		mutex_unlock(&instance->completion_mutex);
    54. 

  54.  		if (down_interruptible(&instance->remove_event) != 0) {
    55. 

  55.  			vchiq_log_info(vchiq_arm_log_level,
    56. 

  56.  				"service_callback interrupted");
    57. 

  57.  			return VCHIQ_RETRY;
    58. 

  58.  		}
    59. 

  59.  
    60. 

  60. -		mutex_lock(&instance->completion_mutex);
    61. 

  61.  		if (instance->closing) {
    62. 

  62. -			mutex_unlock(&instance->completion_mutex);
    63. 

  63.  			vchiq_log_info(vchiq_arm_log_level,
    64. 

  64.  				"service_callback closing");
    65. 

  65.  			return VCHIQ_SUCCESS;
    66. 

  66. @@ -237,9 +233,7 @@ add_completion(VCHIQ_INSTANCE_T instance
    67. 

  67.  		DEBUG_TRACE(SERVICE_CALLBACK_LINE);
    68. 

  68.  	}
    69. 

  69.  
    70. 

  70. -	completion =
    71. 

  71. -		 &instance->completions[instance->completion_insert &
    72. 

  72. -		 (MAX_COMPLETIONS - 1)];
    73. 

  73. +	completion = &instance->completions[insert & (MAX_COMPLETIONS - 1)];
    74. 

  74.  
    75. 

  75.  	completion->header = header;
    76. 

  76.  	completion->reason = reason;
    77. 

  77. @@ -260,12 +254,9 @@ add_completion(VCHIQ_INSTANCE_T instance
    78. 

  78.  	wmb();
    79. 

  79.  
    80. 

  80.  	if (reason == VCHIQ_MESSAGE_AVAILABLE)
    81. 

  81. -		user_service->message_available_pos =
    82. 

  82. -			instance->completion_insert;
    83. 

  83. -
    84. 

  84. -	instance->completion_insert++;
    85. 

  85. +		user_service->message_available_pos = insert;
    86. 

  86.  
    87. 

  87. -	mutex_unlock(&instance->completion_mutex);
    88. 

  88. +	instance->completion_insert = ++insert;
    89. 

  89.  
    90. 

  90.  	up(&instance->insert_event);
    91. 

  91.  
    92. 

  92. @@ -795,6 +786,7 @@ vchiq_ioctl(struct file *file, unsigned
    93. 

  93.  			instance->completion_insert)
    94. 

  94.  			&& !instance->closing) {
    95. 

  95.  			int rc;
    96. 

  96. +
    97. 

  97.  			DEBUG_TRACE(AWAIT_COMPLETION_LINE);
    98. 

  98.  			mutex_unlock(&instance->completion_mutex);
    99. 

  99.  			rc = down_interruptible(&instance->insert_event);
    100. 

  100. @@ -809,24 +801,29 @@ vchiq_ioctl(struct file *file, unsigned
    101. 

  101.  		}
    102. 

  102.  		DEBUG_TRACE(AWAIT_COMPLETION_LINE);
    103. 

  103.  
    104. 

  104. -		/* A read memory barrier is needed to stop prefetch of a stale
    105. 

  105. -		** completion record
    106. 

  106. -		*/
    107. 

  107. -		rmb();
    108. 

  108. -
    109. 

  109.  		if (ret == 0) {
    110. 

  110.  			int msgbufcount = args.msgbufcount;
    111. 

  111. +			int remove;
    112. 

  112. +
    113. 

  113. +			remove = instance->completion_remove;
    114. 

  114. +
    115. 

  115.  			for (ret = 0; ret < args.count; ret++) {
    116. 

  116.  				VCHIQ_COMPLETION_DATA_T *completion;
    117. 

  117.  				VCHIQ_SERVICE_T *service;
    118. 

  118.  				USER_SERVICE_T *user_service;
    119. 

  119.  				VCHIQ_HEADER_T *header;
    120. 

  120. -				if (instance->completion_remove ==
    121. 

  121. -					instance->completion_insert)
    122. 

  122. +
    123. 

  123. +				if (remove == instance->completion_insert)
    124. 

  124.  					break;
    125. 

  125. +
    126. 

  126.  				completion = &instance->completions[
    127. 

  127. -					instance->completion_remove &
    128. 

  128. -					(MAX_COMPLETIONS - 1)];
    129. 

  129. +					remove & (MAX_COMPLETIONS - 1)];
    130. 

  130. +
    131. 

  131. +
    132. 

  132. +				/* A read memory barrier is needed to prevent
    133. 

  133. +				** the prefetch of a stale completion record
    134. 

  134. +				*/
    135. 

  135. +				rmb();
    136. 

  136.  
    137. 

  137.  				service = completion->service_userdata;
    138. 

  138.  				user_service = service->base.userdata;
    139. 

  139. @@ -903,7 +900,11 @@ vchiq_ioctl(struct file *file, unsigned
    140. 

  140.  					break;
    141. 

  141.  				}
    142. 

  142.  
    143. 

  143. -				instance->completion_remove++;
    144. 

  144. +				/* Ensure that the above copy has completed
    145. 

  145. +				** before advancing the remove pointer. */
    146. 

  146. +				mb();
    147. 

  147. +
    148. 

  148. +				instance->completion_remove = ++remove;
    149. 

  149.  			}
    150. 

  150.  
    151. 

  151.  			if (msgbufcount != args.msgbufcount) {
    152. 

  152. --- a/drivers/misc/vc04_services/interface/vchiq_arm/vchiq_core.c
    153. 

  153. +++ b/drivers/misc/vc04_services/interface/vchiq_arm/vchiq_core.c
    154. 

  154. @@ -610,15 +610,15 @@ process_free_queue(VCHIQ_STATE_T *state)
    155. 

  155.  	BITSET_T service_found[BITSET_SIZE(VCHIQ_MAX_SERVICES)];
    156. 

  156.  	int slot_queue_available;
    157. 

  157.  
    158. 

  158. -	/* Use a read memory barrier to ensure that any state that may have
    159. 

  159. -	** been modified by another thread is not masked by stale prefetched
    160. 

  160. -	** values. */
    161. 

  161. -	rmb();
    162. 

  162. -
    163. 

  163.  	/* Find slots which have been freed by the other side, and return them
    164. 

  164.  	** to the available queue. */
    165. 

  165.  	slot_queue_available = state->slot_queue_available;
    166. 

  166.  
    167. 

  167. +	/* Use a memory barrier to ensure that any state that may have been
    168. 

  168. +	** modified by another thread is not masked by stale prefetched
    169. 

  169. +	** values. */
    170. 

  170. +	mb();
    171. 

  171. +
    172. 

  172.  	while (slot_queue_available != local->slot_queue_recycle) {
    173. 

  173.  		unsigned int pos;
    174. 

  174.  		int slot_index = local->slot_queue[slot_queue_available++ &
    175. 

  175. @@ -626,6 +626,8 @@ process_free_queue(VCHIQ_STATE_T *state)
    176. 

  176.  		char *data = (char *)SLOT_DATA_FROM_INDEX(state, slot_index);
    177. 

  177.  		int data_found = 0;
    178. 

  178.  
    179. 

  179. +		rmb();
    180. 

  180. +
    181. 

  181.  		vchiq_log_trace(vchiq_core_log_level, "%d: pfq %d=%x %x %x",
    182. 

  182.  			state->id, slot_index, (unsigned int)data,
    183. 

  183.  			local->slot_queue_recycle, slot_queue_available);
    184. 

  184. @@ -741,6 +743,8 @@ process_free_queue(VCHIQ_STATE_T *state)
    185. 

  185.  				up(&state->data_quota_event);
    186. 

  186.  		}
    187. 

  187.  
    188. 

  188. +		mb();
    189. 

  189. +
    190. 

  190.  		state->slot_queue_available = slot_queue_available;
    191. 

  191.  		up(&state->slot_available_event);
    192. 

  192.  	}
    193.