diff options
| author | Zhen Lei <thunder.leizhen@huawei.com> | 2018-08-19 15:51:10 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-11-24 08:19:30 +0100 |
| commit | bae080e72e92a39dc77e1649be51632337f3a958 (patch) | |
| tree | aeb11d90eb0ebb235223960a16690ab1fea5153e /virt | |
| parent | 2bab3df8f506615b6903979573a35ad5740fed65 (diff) | |
iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
[ Upstream commit 0f02477d16980938a84aba8688a4e3a303306116 ]
The condition break condition of:
(int)(VAL - sync_idx) >= 0
in the __arm_smmu_sync_poll_msi() polling loop requires that sync_idx
must be increased monotonically according to the sequence of the CMDs in
the cmdq.
However, since the msidata is populated using atomic_inc_return_relaxed()
before taking the command-queue spinlock, then the following scenario
can occur:
CPU0 CPU1
msidata=0
msidata=1
insert cmd1
insert cmd0
smmu execute cmd1
smmu execute cmd0
poll timeout, because msidata=1 is overridden by
cmd0, that means VAL=0, sync_idx=1.
This is not a functional problem, since the caller will eventually either
timeout or exit due to another CMD_SYNC, however it's clearly not what
the code is supposed to be doing. Fix it, by incrementing the sequence
count with the command-queue lock held, allowing us to drop the atomic
operations altogether.
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
[will: dropped the specialised cmd building routine for now]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions