linux-arm-msm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 00/10] MHI patches for v5.14 - Take 2
@ 2021-06-25 12:33 Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 01/10] bus: mhi: Add inbound buffers allocation flag Manivannan Sadhasivam
                   ` (10 more replies)
  0 siblings, 11 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Manivannan Sadhasivam

Hi Greg,

Please find the remaining MHI patches for v5.14. This series has the left over
patches from the previous patchset and one new series that was reviewed a
while ago and put on hold for Ack from Kalle Valo for ath11k.

Summary:

1. Added validation for the channel ID read from event ring. If we get events
from an invalid channel, we throw an error message and skip the event.

2. Fixed the MHI wake routines used for the newer modems such as SDX55 and
SDX65 by using no-op routines only for the older modems and then relying on
the default routines provided by MHI stack for newer ones.

3. Added support for processing the events based on the priorities. Earlier
a fixed priority was used for all events.

4. Added a dedicated flag to the MHI client transfer APIs for inbound
buffer allocation by the MHI stack. Since this patch modifies the MHI
client drivers under "net/", Ack has been collected from the netdev
maintainer.

5. Added support for Cinterion MV31-W modem in pci_generic controller:
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/iot-connectivity/products/iot-products/mv31-w-ultra-high

6. Rearranged the setting of BHI/BHIe offsets for better validation of the
register values read from MMIO

7. Cleanup of the BHI/BHIe pointers by setting them to NULL to prevent access
after power down.

8. Added support for getting the MMIO register length from the controller
drivers. This helps in validation of the read offsets from MMIO registers.
Since this patch touches ath11k, Ack has been collected from Kalle Valo.

9. With the help of above register length, added check for BHI/BHIe offsets.

Thanks,
Mani

Bhaumik Bhatt (8):
  bus: mhi: pci_generic: Apply no-op for wake using sideband wake
    boolean
  bus: mhi: core: Validate channel ID when processing command
    completions
  bus: mhi: core: Set BHI/BHIe offsets on power up preparation
  bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up
  bus: mhi: Add MMIO region length to controller structure
  ath11k: set register access length for MHI driver
  bus: mhi: pci_generic: Set register access length for MHI driver
  bus: mhi: core: Add range checks for BHI and BHIe

Loic Poulain (1):
  bus: mhi: Add inbound buffers allocation flag

ULRICH Thomas (1):
  bus: mhi: pci_generic: Add Cinterion MV31-W PCIe to MHI

 drivers/bus/mhi/core/init.c           | 61 +++++++++++++++++--------
 drivers/bus/mhi/core/internal.h       |  2 +-
 drivers/bus/mhi/core/main.c           | 26 +++++++----
 drivers/bus/mhi/core/pm.c             | 28 ++----------
 drivers/bus/mhi/pci_generic.c         | 65 +++++++++++++++++++++++----
 drivers/net/mhi/net.c                 |  2 +-
 drivers/net/wireless/ath/ath11k/mhi.c |  1 +
 drivers/net/wwan/mhi_wwan_ctrl.c      |  2 +-
 include/linux/mhi.h                   |  9 +++-
 net/qrtr/mhi.c                        |  2 +-
 10 files changed, 134 insertions(+), 64 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 01/10] bus: mhi: Add inbound buffers allocation flag
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 02/10] bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean Manivannan Sadhasivam
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Manivannan Sadhasivam,
	Jakub Kicinski

From: Loic Poulain <loic.poulain@linaro.org>

Currently, the MHI controller driver defines which channels should
have their inbound buffers allocated and queued. But ideally, this is
something that should be decided by the MHI device driver instead,
which actually deals with that buffers.

Add a flag parameter to mhi_prepare_for_transfer allowing to specify
if buffers have to be allocated and queued by the MHI stack.

Keep auto_queue flag for now, but should be removed at some point.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Tested-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/1624566520-20406-1-git-send-email-loic.poulain@linaro.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/core/internal.h  | 2 +-
 drivers/bus/mhi/core/main.c      | 9 ++++++---
 drivers/net/mhi/net.c            | 2 +-
 drivers/net/wwan/mhi_wwan_ctrl.c | 2 +-
 include/linux/mhi.h              | 7 ++++++-
 net/qrtr/mhi.c                   | 2 +-
 6 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/drivers/bus/mhi/core/internal.h b/drivers/bus/mhi/core/internal.h
index 5b9ea66b92dc..bc239a11aa69 100644
--- a/drivers/bus/mhi/core/internal.h
+++ b/drivers/bus/mhi/core/internal.h
@@ -682,7 +682,7 @@ void mhi_rddm_prepare(struct mhi_controller *mhi_cntrl,
 		      struct image_info *img_info);
 void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl);
 int mhi_prepare_channel(struct mhi_controller *mhi_cntrl,
-			struct mhi_chan *mhi_chan);
+			struct mhi_chan *mhi_chan, unsigned int flags);
 int mhi_init_chan_ctxt(struct mhi_controller *mhi_cntrl,
 		       struct mhi_chan *mhi_chan);
 void mhi_deinit_chan_ctxt(struct mhi_controller *mhi_cntrl,
diff --git a/drivers/bus/mhi/core/main.c b/drivers/bus/mhi/core/main.c
index 22acde118bc3..69cd9dcde6d8 100644
--- a/drivers/bus/mhi/core/main.c
+++ b/drivers/bus/mhi/core/main.c
@@ -1423,7 +1423,7 @@ static void mhi_unprepare_channel(struct mhi_controller *mhi_cntrl,
 }
 
 int mhi_prepare_channel(struct mhi_controller *mhi_cntrl,
-			struct mhi_chan *mhi_chan)
+			struct mhi_chan *mhi_chan, unsigned int flags)
 {
 	int ret = 0;
 	struct device *dev = &mhi_chan->mhi_dev->dev;
@@ -1448,6 +1448,9 @@ int mhi_prepare_channel(struct mhi_controller *mhi_cntrl,
 	if (ret)
 		goto error_pm_state;
 
+	if (mhi_chan->dir == DMA_FROM_DEVICE)
+		mhi_chan->pre_alloc = !!(flags & MHI_CH_INBOUND_ALLOC_BUFS);
+
 	/* Pre-allocate buffer for xfer ring */
 	if (mhi_chan->pre_alloc) {
 		int nr_el = get_nr_avail_ring_elements(mhi_cntrl,
@@ -1603,7 +1606,7 @@ void mhi_reset_chan(struct mhi_controller *mhi_cntrl, struct mhi_chan *mhi_chan)
 }
 
 /* Move channel to start state */
-int mhi_prepare_for_transfer(struct mhi_device *mhi_dev)
+int mhi_prepare_for_transfer(struct mhi_device *mhi_dev, unsigned int flags)
 {
 	int ret, dir;
 	struct mhi_controller *mhi_cntrl = mhi_dev->mhi_cntrl;
@@ -1614,7 +1617,7 @@ int mhi_prepare_for_transfer(struct mhi_device *mhi_dev)
 		if (!mhi_chan)
 			continue;
 
-		ret = mhi_prepare_channel(mhi_cntrl, mhi_chan);
+		ret = mhi_prepare_channel(mhi_cntrl, mhi_chan, flags);
 		if (ret)
 			goto error_open_chan;
 	}
diff --git a/drivers/net/mhi/net.c b/drivers/net/mhi/net.c
index 0d8293a47a56..774e32960e09 100644
--- a/drivers/net/mhi/net.c
+++ b/drivers/net/mhi/net.c
@@ -327,7 +327,7 @@ static int mhi_net_probe(struct mhi_device *mhi_dev,
 	u64_stats_init(&mhi_netdev->stats.tx_syncp);
 
 	/* Start MHI channels */
-	err = mhi_prepare_for_transfer(mhi_dev);
+	err = mhi_prepare_for_transfer(mhi_dev, 0);
 	if (err)
 		goto out_err;
 
diff --git a/drivers/net/wwan/mhi_wwan_ctrl.c b/drivers/net/wwan/mhi_wwan_ctrl.c
index 1bc6b69aa530..1e18420ce404 100644
--- a/drivers/net/wwan/mhi_wwan_ctrl.c
+++ b/drivers/net/wwan/mhi_wwan_ctrl.c
@@ -110,7 +110,7 @@ static int mhi_wwan_ctrl_start(struct wwan_port *port)
 	int ret;
 
 	/* Start mhi device's channel(s) */
-	ret = mhi_prepare_for_transfer(mhiwwan->mhi_dev);
+	ret = mhi_prepare_for_transfer(mhiwwan->mhi_dev, 0);
 	if (ret)
 		return ret;
 
diff --git a/include/linux/mhi.h b/include/linux/mhi.h
index 944aa3aa3035..5e08468854db 100644
--- a/include/linux/mhi.h
+++ b/include/linux/mhi.h
@@ -719,8 +719,13 @@ void mhi_device_put(struct mhi_device *mhi_dev);
  *                            host and device execution environments match and
  *                            channels are in a DISABLED state.
  * @mhi_dev: Device associated with the channels
+ * @flags: MHI channel flags
  */
-int mhi_prepare_for_transfer(struct mhi_device *mhi_dev);
+int mhi_prepare_for_transfer(struct mhi_device *mhi_dev,
+			     unsigned int flags);
+
+/* Automatically allocate and queue inbound buffers */
+#define MHI_CH_INBOUND_ALLOC_BUFS BIT(0)
 
 /**
  * mhi_unprepare_from_transfer - Reset UL and DL channels for data transfer.
diff --git a/net/qrtr/mhi.c b/net/qrtr/mhi.c
index fa611678af05..29b4fa3b72ab 100644
--- a/net/qrtr/mhi.c
+++ b/net/qrtr/mhi.c
@@ -79,7 +79,7 @@ static int qcom_mhi_qrtr_probe(struct mhi_device *mhi_dev,
 	int rc;
 
 	/* start channels */
-	rc = mhi_prepare_for_transfer(mhi_dev);
+	rc = mhi_prepare_for_transfer(mhi_dev, MHI_CH_INBOUND_ALLOC_BUFS);
 	if (rc)
 		return rc;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 02/10] bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 01/10] bus: mhi: Add inbound buffers allocation flag Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 03/10] bus: mhi: pci_generic: Add Cinterion MV31-W PCIe to MHI Manivannan Sadhasivam
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, stable, Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

Devices such as SDX24 do not have the provision for inband wake
doorbell in the form of channel 127 and instead have a sideband
GPIO for it. Newer devices such as SDX55 or SDX65 support inband
wake method by default. Ensure the functionality is used based on
this such that device wake stays held when a client driver uses
mhi_device_get() API or the equivalent debugfs entry.

Cc: stable@vger.kernel.org
Fixes: e3e5e6508fc1 ("bus: mhi: pci_generic: No-Op for device_wake operations")
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/1624560809-30610-1-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/pci_generic.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/drivers/bus/mhi/pci_generic.c b/drivers/bus/mhi/pci_generic.c
index d84b74396c6a..eac4d10f99c9 100644
--- a/drivers/bus/mhi/pci_generic.c
+++ b/drivers/bus/mhi/pci_generic.c
@@ -32,6 +32,8 @@
  * @edl: emergency download mode firmware path (if any)
  * @bar_num: PCI base address register to use for MHI MMIO register space
  * @dma_data_width: DMA transfer word size (32 or 64 bits)
+ * @sideband_wake: Devices using dedicated sideband GPIO for wakeup instead
+ *		   of inband wake support (such as sdx24)
  */
 struct mhi_pci_dev_info {
 	const struct mhi_controller_config *config;
@@ -40,6 +42,7 @@ struct mhi_pci_dev_info {
 	const char *edl;
 	unsigned int bar_num;
 	unsigned int dma_data_width;
+	bool sideband_wake;
 };
 
 #define MHI_CHANNEL_CONFIG_UL(ch_num, ch_name, el_count, ev_ring) \
@@ -242,7 +245,8 @@ static const struct mhi_pci_dev_info mhi_qcom_sdx65_info = {
 	.edl = "qcom/sdx65m/edl.mbn",
 	.config = &modem_qcom_v1_mhiv_config,
 	.bar_num = MHI_PCI_DEFAULT_BAR_NUM,
-	.dma_data_width = 32
+	.dma_data_width = 32,
+	.sideband_wake = false,
 };
 
 static const struct mhi_pci_dev_info mhi_qcom_sdx55_info = {
@@ -251,7 +255,8 @@ static const struct mhi_pci_dev_info mhi_qcom_sdx55_info = {
 	.edl = "qcom/sdx55m/edl.mbn",
 	.config = &modem_qcom_v1_mhiv_config,
 	.bar_num = MHI_PCI_DEFAULT_BAR_NUM,
-	.dma_data_width = 32
+	.dma_data_width = 32,
+	.sideband_wake = false,
 };
 
 static const struct mhi_pci_dev_info mhi_qcom_sdx24_info = {
@@ -259,7 +264,8 @@ static const struct mhi_pci_dev_info mhi_qcom_sdx24_info = {
 	.edl = "qcom/prog_firehose_sdx24.mbn",
 	.config = &modem_qcom_v1_mhiv_config,
 	.bar_num = MHI_PCI_DEFAULT_BAR_NUM,
-	.dma_data_width = 32
+	.dma_data_width = 32,
+	.sideband_wake = true,
 };
 
 static const struct mhi_channel_config mhi_quectel_em1xx_channels[] = {
@@ -301,7 +307,8 @@ static const struct mhi_pci_dev_info mhi_quectel_em1xx_info = {
 	.edl = "qcom/prog_firehose_sdx24.mbn",
 	.config = &modem_quectel_em1xx_config,
 	.bar_num = MHI_PCI_DEFAULT_BAR_NUM,
-	.dma_data_width = 32
+	.dma_data_width = 32,
+	.sideband_wake = true,
 };
 
 static const struct mhi_channel_config mhi_foxconn_sdx55_channels[] = {
@@ -339,7 +346,8 @@ static const struct mhi_pci_dev_info mhi_foxconn_sdx55_info = {
 	.edl = "qcom/sdx55m/edl.mbn",
 	.config = &modem_foxconn_sdx55_config,
 	.bar_num = MHI_PCI_DEFAULT_BAR_NUM,
-	.dma_data_width = 32
+	.dma_data_width = 32,
+	.sideband_wake = false,
 };
 
 static const struct pci_device_id mhi_pci_id_table[] = {
@@ -640,9 +648,12 @@ static int mhi_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 	mhi_cntrl->status_cb = mhi_pci_status_cb;
 	mhi_cntrl->runtime_get = mhi_pci_runtime_get;
 	mhi_cntrl->runtime_put = mhi_pci_runtime_put;
-	mhi_cntrl->wake_get = mhi_pci_wake_get_nop;
-	mhi_cntrl->wake_put = mhi_pci_wake_put_nop;
-	mhi_cntrl->wake_toggle = mhi_pci_wake_toggle_nop;
+
+	if (info->sideband_wake) {
+		mhi_cntrl->wake_get = mhi_pci_wake_get_nop;
+		mhi_cntrl->wake_put = mhi_pci_wake_put_nop;
+		mhi_cntrl->wake_toggle = mhi_pci_wake_toggle_nop;
+	}
 
 	err = mhi_pci_claim(mhi_cntrl, info->bar_num, DMA_BIT_MASK(info->dma_data_width));
 	if (err)
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 03/10] bus: mhi: pci_generic: Add Cinterion MV31-W PCIe to MHI
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 01/10] bus: mhi: Add inbound buffers allocation flag Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 02/10] bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 04/10] bus: mhi: core: Validate channel ID when processing command completions Manivannan Sadhasivam
                   ` (7 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, ULRICH Thomas,
	Manivannan Sadhasivam

From: ULRICH Thomas <thomas.ulrich@thalesgroup.com>

This patch adds VendorID/ProductID and MBIM Channel Definitions for
M.2 Modem Card (PCIe Variant) to MHI PCI generic controller driver.

Cinterion MV31-W (by Thales)
Additional information on such Modem Card (USB or PCIe variant) is
available at:
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/iot-connectivity/products/iot-products/mv31-w-ultra-high

Signed-off-by: ULRICH Thomas <thomas.ulrich@thalesgroup.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/PAZP264MB284690134DA010698E6B3BDDE60A9@PAZP264MB2846.FRAP264.PROD.OUTLOOK.COM
[mani: fixed the subject, whitespace, and added sideband_wake field]
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/pci_generic.c | 37 +++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/drivers/bus/mhi/pci_generic.c b/drivers/bus/mhi/pci_generic.c
index eac4d10f99c9..89f71e6db23f 100644
--- a/drivers/bus/mhi/pci_generic.c
+++ b/drivers/bus/mhi/pci_generic.c
@@ -350,6 +350,40 @@ static const struct mhi_pci_dev_info mhi_foxconn_sdx55_info = {
 	.sideband_wake = false,
 };
 
+static const struct mhi_channel_config mhi_mv31_channels[] = {
+	MHI_CHANNEL_CONFIG_UL(0, "LOOPBACK", 64, 0),
+	MHI_CHANNEL_CONFIG_DL(1, "LOOPBACK", 64, 0),
+	/* MBIM Control Channel */
+	MHI_CHANNEL_CONFIG_UL(12, "MBIM", 64, 0),
+	MHI_CHANNEL_CONFIG_DL(13, "MBIM", 64, 0),
+	/* MBIM Data Channel */
+	MHI_CHANNEL_CONFIG_HW_UL(100, "IP_HW0_MBIM", 512, 2),
+	MHI_CHANNEL_CONFIG_HW_DL(101, "IP_HW0_MBIM", 512, 3),
+};
+
+static struct mhi_event_config mhi_mv31_events[] = {
+	MHI_EVENT_CONFIG_CTRL(0, 256),
+	MHI_EVENT_CONFIG_DATA(1, 256),
+	MHI_EVENT_CONFIG_HW_DATA(2, 1024, 100),
+	MHI_EVENT_CONFIG_HW_DATA(3, 1024, 101),
+};
+
+static const struct mhi_controller_config modem_mv31_config = {
+	.max_channels = 128,
+	.timeout_ms = 20000,
+	.num_channels = ARRAY_SIZE(mhi_mv31_channels),
+	.ch_cfg = mhi_mv31_channels,
+	.num_events = ARRAY_SIZE(mhi_mv31_events),
+	.event_cfg = mhi_mv31_events,
+};
+
+static const struct mhi_pci_dev_info mhi_mv31_info = {
+	.name = "cinterion-mv31",
+	.config = &modem_mv31_config,
+	.bar_num = MHI_PCI_DEFAULT_BAR_NUM,
+	.dma_data_width = 32,
+};
+
 static const struct pci_device_id mhi_pci_id_table[] = {
 	{ PCI_DEVICE(PCI_VENDOR_ID_QCOM, 0x0306),
 		.driver_data = (kernel_ulong_t) &mhi_qcom_sdx55_info },
@@ -370,6 +404,9 @@ static const struct pci_device_id mhi_pci_id_table[] = {
 	/* DW5930e (sdx55), Non-eSIM, It's also T99W175 */
 	{ PCI_DEVICE(PCI_VENDOR_ID_FOXCONN, 0xe0b1),
 		.driver_data = (kernel_ulong_t) &mhi_foxconn_sdx55_info },
+	/* MV31-W (Cinterion) */
+	{ PCI_DEVICE(0x1269, 0x00b3),
+		.driver_data = (kernel_ulong_t) &mhi_mv31_info },
 	{  }
 };
 MODULE_DEVICE_TABLE(pci, mhi_pci_id_table);
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 04/10] bus: mhi: core: Validate channel ID when processing command completions
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (2 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 03/10] bus: mhi: pci_generic: Add Cinterion MV31-W PCIe to MHI Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 05/10] bus: mhi: core: Set BHI/BHIe offsets on power up preparation Manivannan Sadhasivam
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, stable, Manivannan Sadhasivam,
	Jeffrey Hugo

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

MHI reads the channel ID from the event ring element sent by the
device which can be any value between 0 and 255. In order to
prevent any out of bound accesses, add a check against the maximum
number of channels supported by the controller and those channels
not configured yet so as to skip processing of that event ring
element.

Cc: stable@vger.kernel.org
Fixes: 1d3173a3bae7 ("bus: mhi: core: Add support for processing events from client device")
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Link: https://lore.kernel.org/r/1624558141-11045-1-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/core/main.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/drivers/bus/mhi/core/main.c b/drivers/bus/mhi/core/main.c
index 69cd9dcde6d8..26bbc812121d 100644
--- a/drivers/bus/mhi/core/main.c
+++ b/drivers/bus/mhi/core/main.c
@@ -773,11 +773,18 @@ static void mhi_process_cmd_completion(struct mhi_controller *mhi_cntrl,
 	cmd_pkt = mhi_to_virtual(mhi_ring, ptr);
 
 	chan = MHI_TRE_GET_CMD_CHID(cmd_pkt);
-	mhi_chan = &mhi_cntrl->mhi_chan[chan];
-	write_lock_bh(&mhi_chan->lock);
-	mhi_chan->ccs = MHI_TRE_GET_EV_CODE(tre);
-	complete(&mhi_chan->completion);
-	write_unlock_bh(&mhi_chan->lock);
+
+	if (chan < mhi_cntrl->max_chan &&
+	    mhi_cntrl->mhi_chan[chan].configured) {
+		mhi_chan = &mhi_cntrl->mhi_chan[chan];
+		write_lock_bh(&mhi_chan->lock);
+		mhi_chan->ccs = MHI_TRE_GET_EV_CODE(tre);
+		complete(&mhi_chan->completion);
+		write_unlock_bh(&mhi_chan->lock);
+	} else {
+		dev_err(&mhi_cntrl->mhi_dev->dev,
+			"Completion packet for invalid channel ID: %d\n", chan);
+	}
 
 	mhi_del_ring_element(mhi_cntrl, mhi_ring);
 }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 05/10] bus: mhi: core: Set BHI/BHIe offsets on power up preparation
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (3 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 04/10] bus: mhi: core: Validate channel ID when processing command completions Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up Manivannan Sadhasivam
                   ` (5 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Jeffrey Hugo, Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

Set the BHI and/or BHIe offsets in mhi_prepare_for_power_up(),
rearrange the function, and remove the equivalent from
mhi_async_power_up(). This helps consolidate multiple checks
in different parts of the driver and can help MHI fail early on
before power up begins if the offsets are not read correctly.

Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/1620330705-40192-2-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/core/init.c | 42 ++++++++++++++++++++-----------------
 drivers/bus/mhi/core/pm.c   | 28 ++++---------------------
 2 files changed, 27 insertions(+), 43 deletions(-)

diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
index c81b377fca8f..11c7a3d3c9bf 100644
--- a/drivers/bus/mhi/core/init.c
+++ b/drivers/bus/mhi/core/init.c
@@ -1063,7 +1063,7 @@ EXPORT_SYMBOL_GPL(mhi_free_controller);
 int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
 {
 	struct device *dev = &mhi_cntrl->mhi_dev->dev;
-	u32 bhie_off;
+	u32 bhi_off, bhie_off;
 	int ret;
 
 	mutex_lock(&mhi_cntrl->pm_mutex);
@@ -1072,29 +1072,36 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
 	if (ret)
 		goto error_dev_ctxt;
 
-	/*
-	 * Allocate RDDM table if specified, this table is for debugging purpose
-	 */
-	if (mhi_cntrl->rddm_size) {
-		mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->rddm_image,
-				     mhi_cntrl->rddm_size);
+	ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->regs, BHIOFF, &bhi_off);
+	if (ret) {
+		dev_err(dev, "Error getting BHI offset\n");
+		goto error_reg_offset;
+	}
+	mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off;
 
-		/*
-		 * This controller supports RDDM, so we need to manually clear
-		 * BHIE RX registers since POR values are undefined.
-		 */
+	if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) {
 		ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->regs, BHIEOFF,
 				   &bhie_off);
 		if (ret) {
 			dev_err(dev, "Error getting BHIE offset\n");
-			goto bhie_error;
+			goto error_reg_offset;
 		}
-
 		mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off;
+	}
+
+	if (mhi_cntrl->rddm_size) {
+		/*
+		 * This controller supports RDDM, so we need to manually clear
+		 * BHIE RX registers since POR values are undefined.
+		 */
 		memset_io(mhi_cntrl->bhie + BHIE_RXVECADDR_LOW_OFFS,
 			  0, BHIE_RXVECSTATUS_OFFS - BHIE_RXVECADDR_LOW_OFFS +
 			  4);
-
+		/*
+		 * Allocate RDDM table for debugging purpose if specified
+		 */
+		mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->rddm_image,
+				     mhi_cntrl->rddm_size);
 		if (mhi_cntrl->rddm_image)
 			mhi_rddm_prepare(mhi_cntrl, mhi_cntrl->rddm_image);
 	}
@@ -1103,11 +1110,8 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
 
 	return 0;
 
-bhie_error:
-	if (mhi_cntrl->rddm_image) {
-		mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->rddm_image);
-		mhi_cntrl->rddm_image = NULL;
-	}
+error_reg_offset:
+	mhi_deinit_dev_ctxt(mhi_cntrl);
 
 error_dev_ctxt:
 	mutex_unlock(&mhi_cntrl->pm_mutex);
diff --git a/drivers/bus/mhi/core/pm.c b/drivers/bus/mhi/core/pm.c
index bbf6cd04861e..ff7cdc8653ef 100644
--- a/drivers/bus/mhi/core/pm.c
+++ b/drivers/bus/mhi/core/pm.c
@@ -1059,28 +1059,8 @@ int mhi_async_power_up(struct mhi_controller *mhi_cntrl)
 	if (ret)
 		goto error_setup_irq;
 
-	/* Setup BHI offset & INTVEC */
+	/* Setup BHI INTVEC */
 	write_lock_irq(&mhi_cntrl->pm_lock);
-	ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->regs, BHIOFF, &val);
-	if (ret) {
-		write_unlock_irq(&mhi_cntrl->pm_lock);
-		goto error_bhi_offset;
-	}
-
-	mhi_cntrl->bhi = mhi_cntrl->regs + val;
-
-	/* Setup BHIE offset */
-	if (mhi_cntrl->fbc_download) {
-		ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->regs, BHIEOFF, &val);
-		if (ret) {
-			write_unlock_irq(&mhi_cntrl->pm_lock);
-			dev_err(dev, "Error reading BHIE offset\n");
-			goto error_bhi_offset;
-		}
-
-		mhi_cntrl->bhie = mhi_cntrl->regs + val;
-	}
-
 	mhi_write_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_INTVEC, 0);
 	mhi_cntrl->pm_state = MHI_PM_POR;
 	mhi_cntrl->ee = MHI_EE_MAX;
@@ -1091,7 +1071,7 @@ int mhi_async_power_up(struct mhi_controller *mhi_cntrl)
 	if (!MHI_IN_PBL(current_ee) && current_ee != MHI_EE_AMSS) {
 		dev_err(dev, "Not a valid EE for power on\n");
 		ret = -EIO;
-		goto error_bhi_offset;
+		goto error_async_power_up;
 	}
 
 	state = mhi_get_mhi_state(mhi_cntrl);
@@ -1110,7 +1090,7 @@ int mhi_async_power_up(struct mhi_controller *mhi_cntrl)
 		if (!ret) {
 			ret = -EIO;
 			dev_info(dev, "Failed to reset MHI due to syserr state\n");
-			goto error_bhi_offset;
+			goto error_async_power_up;
 		}
 
 		/*
@@ -1132,7 +1112,7 @@ int mhi_async_power_up(struct mhi_controller *mhi_cntrl)
 
 	return 0;
 
-error_bhi_offset:
+error_async_power_up:
 	mhi_deinit_free_irq(mhi_cntrl);
 
 error_setup_irq:
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (4 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 05/10] bus: mhi: core: Set BHI/BHIe offsets on power up preparation Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:38   ` Greg KH
  2021-06-25 12:33 ` [PATCH 07/10] bus: mhi: Add MMIO region length to controller structure Manivannan Sadhasivam
                   ` (4 subsequent siblings)
  10 siblings, 1 reply; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, stable, Jeffrey Hugo,
	Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

Set the BHI and BHIe pointers to NULL as part of clean-up. This
makes sure that stale pointers are not accessed after powering
MHI down.

Cc: stable@vger.kernel.org
Suggested-by: Hemant Kumar <hemantk@codeaurora.org>
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/1620330705-40192-3-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/core/init.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
index 11c7a3d3c9bf..1cc2f225d3d1 100644
--- a/drivers/bus/mhi/core/init.c
+++ b/drivers/bus/mhi/core/init.c
@@ -1132,6 +1132,9 @@ void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl)
 		mhi_cntrl->rddm_image = NULL;
 	}
 
+	mhi_cntrl->bhi = NULL;
+	mhi_cntrl->bhie = NULL;
+
 	mhi_deinit_dev_ctxt(mhi_cntrl);
 }
 EXPORT_SYMBOL_GPL(mhi_unprepare_after_power_down);
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 07/10] bus: mhi: Add MMIO region length to controller structure
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (5 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 08/10] ath11k: set register access length for MHI driver Manivannan Sadhasivam
                   ` (3 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Jeffrey Hugo, Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

Make controller driver specify the MMIO register region length
for range checking of BHI or BHIe space. This can help validate
that offsets are in acceptable memory region or not and avoid any
boot-up issues due to BHI or BHIe memory accesses.

Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/1620330705-40192-4-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 include/linux/mhi.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/linux/mhi.h b/include/linux/mhi.h
index 5e08468854db..b8ca6943f0b7 100644
--- a/include/linux/mhi.h
+++ b/include/linux/mhi.h
@@ -303,6 +303,7 @@ struct mhi_controller_config {
  * @rddm_size: RAM dump size that host should allocate for debugging purpose
  * @sbl_size: SBL image size downloaded through BHIe (optional)
  * @seg_len: BHIe vector size (optional)
+ * @reg_len: Length of the MHI MMIO region (required)
  * @fbc_image: Points to firmware image buffer
  * @rddm_image: Points to RAM dump buffer
  * @mhi_chan: Points to the channel configuration table
@@ -386,6 +387,7 @@ struct mhi_controller {
 	size_t rddm_size;
 	size_t sbl_size;
 	size_t seg_len;
+	size_t reg_len;
 	struct image_info *fbc_image;
 	struct image_info *rddm_image;
 	struct mhi_chan *mhi_chan;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 08/10] ath11k: set register access length for MHI driver
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (6 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 07/10] bus: mhi: Add MMIO region length to controller structure Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 09/10] bus: mhi: pci_generic: Set " Manivannan Sadhasivam
                   ` (2 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

MHI driver requires register space length to add range checks and
prevent memory region accesses outside of that for MMIO space.
Set it before registering the MHI controller.

Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1620330705-40192-5-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/net/wireless/ath/ath11k/mhi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/ath/ath11k/mhi.c b/drivers/net/wireless/ath/ath11k/mhi.c
index 27b394d115e2..e097ae52e257 100644
--- a/drivers/net/wireless/ath/ath11k/mhi.c
+++ b/drivers/net/wireless/ath/ath11k/mhi.c
@@ -330,6 +330,7 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci)
 	mhi_ctrl->cntrl_dev = ab->dev;
 	mhi_ctrl->fw_image = ab_pci->amss_path;
 	mhi_ctrl->regs = ab->mem;
+	mhi_ctrl->reg_len = ab->mem_len;
 
 	ret = ath11k_mhi_get_msi(ab_pci);
 	if (ret) {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 09/10] bus: mhi: pci_generic: Set register access length for MHI driver
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (7 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 08/10] ath11k: set register access length for MHI driver Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-25 12:33 ` [PATCH 10/10] bus: mhi: core: Add range checks for BHI and BHIe Manivannan Sadhasivam
  2021-06-30 13:16 ` [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

MHI driver requires register space length to add range checks and
prevent memory region accesses outside of that for MMIO space.
Set it from the PCI generic controller driver before registering
the MHI controller.

Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Loic Poulain <loic.poulain@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/1620330705-40192-6-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/pci_generic.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/bus/mhi/pci_generic.c b/drivers/bus/mhi/pci_generic.c
index 89f71e6db23f..8bc6149249e3 100644
--- a/drivers/bus/mhi/pci_generic.c
+++ b/drivers/bus/mhi/pci_generic.c
@@ -508,6 +508,7 @@ static int mhi_pci_claim(struct mhi_controller *mhi_cntrl,
 		return err;
 	}
 	mhi_cntrl->regs = pcim_iomap_table(pdev)[bar_num];
+	mhi_cntrl->reg_len = pci_resource_len(pdev, bar_num);
 
 	err = pci_set_dma_mask(pdev, dma_mask);
 	if (err) {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 10/10] bus: mhi: core: Add range checks for BHI and BHIe
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (8 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 09/10] bus: mhi: pci_generic: Set " Manivannan Sadhasivam
@ 2021-06-25 12:33 ` Manivannan Sadhasivam
  2021-06-30 13:16 ` [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
  10 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 12:33 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, Jeffrey Hugo, Manivannan Sadhasivam

From: Bhaumik Bhatt <bbhatt@codeaurora.org>

When obtaining the BHI or BHIe offsets during the power up
preparation phase, range checks are missing. These can help
controller drivers avoid accessing any address outside of the
MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI
registration as it is a required field and range checks will
fail without it.

Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/1620330705-40192-7-git-send-email-bbhatt@codeaurora.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/bus/mhi/core/init.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
index 1cc2f225d3d1..aeb1e3c2cdc4 100644
--- a/drivers/bus/mhi/core/init.c
+++ b/drivers/bus/mhi/core/init.c
@@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl,
 	if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs ||
 	    !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put ||
 	    !mhi_cntrl->status_cb || !mhi_cntrl->read_reg ||
-	    !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq)
+	    !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs ||
+	    !mhi_cntrl->irq || !mhi_cntrl->reg_len)
 		return -EINVAL;
 
 	ret = parse_config(mhi_cntrl, config);
@@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
 		dev_err(dev, "Error getting BHI offset\n");
 		goto error_reg_offset;
 	}
+
+	if (bhi_off >= mhi_cntrl->reg_len) {
+		dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n",
+			bhi_off, mhi_cntrl->reg_len);
+		ret = -EINVAL;
+		goto error_reg_offset;
+	}
 	mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off;
 
 	if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) {
@@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
 			dev_err(dev, "Error getting BHIE offset\n");
 			goto error_reg_offset;
 		}
+
+		if (bhie_off >= mhi_cntrl->reg_len) {
+			dev_err(dev,
+				"BHIe offset: 0x%x is out of range: 0x%zx\n",
+				bhie_off, mhi_cntrl->reg_len);
+			ret = -EINVAL;
+			goto error_reg_offset;
+		}
 		mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off;
 	}
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up
  2021-06-25 12:33 ` [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up Manivannan Sadhasivam
@ 2021-06-25 12:38   ` Greg KH
  2021-06-25 13:03     ` Manivannan Sadhasivam
  0 siblings, 1 reply; 15+ messages in thread
From: Greg KH @ 2021-06-25 12:38 UTC (permalink / raw)
  To: Manivannan Sadhasivam
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, stable, Jeffrey Hugo

On Fri, Jun 25, 2021 at 06:03:51PM +0530, Manivannan Sadhasivam wrote:
> From: Bhaumik Bhatt <bbhatt@codeaurora.org>
> 
> Set the BHI and BHIe pointers to NULL as part of clean-up. This
> makes sure that stale pointers are not accessed after powering
> MHI down.
> 
> Cc: stable@vger.kernel.org

Why is this needed for stable, but patch 5/10 is not?

And what commit does this fix?  How far back should it go?

And is this really fixing anything?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up
  2021-06-25 12:38   ` Greg KH
@ 2021-06-25 13:03     ` Manivannan Sadhasivam
  0 siblings, 0 replies; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-25 13:03 UTC (permalink / raw)
  To: Greg KH
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k, stable, Jeffrey Hugo

On Fri, Jun 25, 2021 at 02:38:58PM +0200, Greg KH wrote:
> On Fri, Jun 25, 2021 at 06:03:51PM +0530, Manivannan Sadhasivam wrote:
> > From: Bhaumik Bhatt <bbhatt@codeaurora.org>
> > 
> > Set the BHI and BHIe pointers to NULL as part of clean-up. This
> > makes sure that stale pointers are not accessed after powering
> > MHI down.
> > 
> > Cc: stable@vger.kernel.org
> 
> Why is this needed for stable, but patch 5/10 is not?
> 

Shoot! This one relies on 5/10 and fixes a corner case where the BHI/BHIe
pointers might be used after MHI powerdown. But this requires backporting
the patches 5-10 cleanly (a series).

So I guess the stable tag should be removed for this patch. We will test this
series on stable kernels (on how far) and make sure this doesn't break anything.
Then we can share the commit IDs to be backported with details?

Thanks,
Mani 

> And what commit does this fix?  How far back should it go?
> 
> And is this really fixing anything?
> 
> thanks,
> 
> greg k-h

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 00/10] MHI patches for v5.14 - Take 2
  2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
                   ` (9 preceding siblings ...)
  2021-06-25 12:33 ` [PATCH 10/10] bus: mhi: core: Add range checks for BHI and BHIe Manivannan Sadhasivam
@ 2021-06-30 13:16 ` Manivannan Sadhasivam
  2021-06-30 13:25   ` Greg KH
  10 siblings, 1 reply; 15+ messages in thread
From: Manivannan Sadhasivam @ 2021-06-30 13:16 UTC (permalink / raw)
  To: gregkh
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k

Hi Greg,

On Fri, Jun 25, 2021 at 06:03:45PM +0530, Manivannan Sadhasivam wrote:
> Hi Greg,
> 
> Please find the remaining MHI patches for v5.14. This series has the left over
> patches from the previous patchset and one new series that was reviewed a
> while ago and put on hold for Ack from Kalle Valo for ath11k.
> 
> Summary:
> 
> 1. Added validation for the channel ID read from event ring. If we get events
> from an invalid channel, we throw an error message and skip the event.
> 
> 2. Fixed the MHI wake routines used for the newer modems such as SDX55 and
> SDX65 by using no-op routines only for the older modems and then relying on
> the default routines provided by MHI stack for newer ones.
> 
> 3. Added support for processing the events based on the priorities. Earlier
> a fixed priority was used for all events.
> 
> 4. Added a dedicated flag to the MHI client transfer APIs for inbound
> buffer allocation by the MHI stack. Since this patch modifies the MHI
> client drivers under "net/", Ack has been collected from the netdev
> maintainer.
> 
> 5. Added support for Cinterion MV31-W modem in pci_generic controller:
> https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/iot-connectivity/products/iot-products/mv31-w-ultra-high
> 
> 6. Rearranged the setting of BHI/BHIe offsets for better validation of the
> register values read from MMIO
> 
> 7. Cleanup of the BHI/BHIe pointers by setting them to NULL to prevent access
> after power down.
> 
> 8. Added support for getting the MMIO register length from the controller
> drivers. This helps in validation of the read offsets from MMIO registers.
> Since this patch touches ath11k, Ack has been collected from Kalle Valo.
> 
> 9. With the help of above register length, added check for BHI/BHIe offsets.
> 

Is this series on your queue for 5.14?

Thanks,
Mani

> Thanks,
> Mani
> 
> Bhaumik Bhatt (8):
>   bus: mhi: pci_generic: Apply no-op for wake using sideband wake
>     boolean
>   bus: mhi: core: Validate channel ID when processing command
>     completions
>   bus: mhi: core: Set BHI/BHIe offsets on power up preparation
>   bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up
>   bus: mhi: Add MMIO region length to controller structure
>   ath11k: set register access length for MHI driver
>   bus: mhi: pci_generic: Set register access length for MHI driver
>   bus: mhi: core: Add range checks for BHI and BHIe
> 
> Loic Poulain (1):
>   bus: mhi: Add inbound buffers allocation flag
> 
> ULRICH Thomas (1):
>   bus: mhi: pci_generic: Add Cinterion MV31-W PCIe to MHI
> 
>  drivers/bus/mhi/core/init.c           | 61 +++++++++++++++++--------
>  drivers/bus/mhi/core/internal.h       |  2 +-
>  drivers/bus/mhi/core/main.c           | 26 +++++++----
>  drivers/bus/mhi/core/pm.c             | 28 ++----------
>  drivers/bus/mhi/pci_generic.c         | 65 +++++++++++++++++++++++----
>  drivers/net/mhi/net.c                 |  2 +-
>  drivers/net/wireless/ath/ath11k/mhi.c |  1 +
>  drivers/net/wwan/mhi_wwan_ctrl.c      |  2 +-
>  include/linux/mhi.h                   |  9 +++-
>  net/qrtr/mhi.c                        |  2 +-
>  10 files changed, 134 insertions(+), 64 deletions(-)
> 
> -- 
> 2.25.1
> 

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 00/10] MHI patches for v5.14 - Take 2
  2021-06-30 13:16 ` [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
@ 2021-06-30 13:25   ` Greg KH
  0 siblings, 0 replies; 15+ messages in thread
From: Greg KH @ 2021-06-30 13:25 UTC (permalink / raw)
  To: Manivannan Sadhasivam
  Cc: hemantk, bbhatt, linux-arm-msm, jhugo, linux-kernel,
	loic.poulain, kvalo, ath11k

On Wed, Jun 30, 2021 at 06:46:56PM +0530, Manivannan Sadhasivam wrote:
> Hi Greg,
> 
> On Fri, Jun 25, 2021 at 06:03:45PM +0530, Manivannan Sadhasivam wrote:
> > Hi Greg,
> > 
> > Please find the remaining MHI patches for v5.14. This series has the left over
> > patches from the previous patchset and one new series that was reviewed a
> > while ago and put on hold for Ack from Kalle Valo for ath11k.
> > 
> > Summary:
> > 
> > 1. Added validation for the channel ID read from event ring. If we get events
> > from an invalid channel, we throw an error message and skip the event.
> > 
> > 2. Fixed the MHI wake routines used for the newer modems such as SDX55 and
> > SDX65 by using no-op routines only for the older modems and then relying on
> > the default routines provided by MHI stack for newer ones.
> > 
> > 3. Added support for processing the events based on the priorities. Earlier
> > a fixed priority was used for all events.
> > 
> > 4. Added a dedicated flag to the MHI client transfer APIs for inbound
> > buffer allocation by the MHI stack. Since this patch modifies the MHI
> > client drivers under "net/", Ack has been collected from the netdev
> > maintainer.
> > 
> > 5. Added support for Cinterion MV31-W modem in pci_generic controller:
> > https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/iot-connectivity/products/iot-products/mv31-w-ultra-high
> > 
> > 6. Rearranged the setting of BHI/BHIe offsets for better validation of the
> > register values read from MMIO
> > 
> > 7. Cleanup of the BHI/BHIe pointers by setting them to NULL to prevent access
> > after power down.
> > 
> > 8. Added support for getting the MMIO register length from the controller
> > drivers. This helps in validation of the read offsets from MMIO registers.
> > Since this patch touches ath11k, Ack has been collected from Kalle Valo.
> > 
> > 9. With the help of above register length, added check for BHI/BHIe offsets.
> > 
> 
> Is this series on your queue for 5.14?

It's too late for 5.14-rc1, patches had to be in linux-next way before
5.13-final was out.

I can take these after 5.14-rc1 is out for 5.15-rc1, or you can split
them up into bugfixes and features and resend two series, one for
5.14-final and one for 5.15-rc1, which ever you want.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2021-06-30 13:25 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-25 12:33 [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 01/10] bus: mhi: Add inbound buffers allocation flag Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 02/10] bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 03/10] bus: mhi: pci_generic: Add Cinterion MV31-W PCIe to MHI Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 04/10] bus: mhi: core: Validate channel ID when processing command completions Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 05/10] bus: mhi: core: Set BHI/BHIe offsets on power up preparation Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 06/10] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up Manivannan Sadhasivam
2021-06-25 12:38   ` Greg KH
2021-06-25 13:03     ` Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 07/10] bus: mhi: Add MMIO region length to controller structure Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 08/10] ath11k: set register access length for MHI driver Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 09/10] bus: mhi: pci_generic: Set " Manivannan Sadhasivam
2021-06-25 12:33 ` [PATCH 10/10] bus: mhi: core: Add range checks for BHI and BHIe Manivannan Sadhasivam
2021-06-30 13:16 ` [PATCH 00/10] MHI patches for v5.14 - Take 2 Manivannan Sadhasivam
2021-06-30 13:25   ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).