When allocating memory for the UTP Command Descriptor
hba->ucdl_base_addr in ufshcd_memory_alloc(), the macro
sizeof_utp_transfer_cmd_desc() is used to calculate the size
of the memory allocation. This macro includes the prd_table as
part of the UTP Command Descriptor memory. However, when freeing
this memory in the ufshcd_release_sdb_queue(), the
sizeof(struct utp_transfer_cmd_desc) is used, and it does not
include the prd_table size for the memory to be freed.
This results in a mismatch of memory size allocated/freed.
Similarly, the ufshcd_mcq_get_tag() incorrectly uses the
sizeof(struct utp_transfer_cmd_desc) to find the tag number.
This results in failing to probe.
Signed-off-by: Bao D. Nguyen <[email protected]>
---
drivers/ufs/core/ufs-mcq.c | 2 +-
drivers/ufs/core/ufshcd.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c
index 202ff71..b7c5f39 100644
--- a/drivers/ufs/core/ufs-mcq.c
+++ b/drivers/ufs/core/ufs-mcq.c
@@ -265,7 +265,7 @@ static int ufshcd_mcq_get_tag(struct ufs_hba *hba,
addr = (le64_to_cpu(cqe->command_desc_base_addr) & CQE_UCD_BA) -
hba->ucdl_dma_addr;
- return div_u64(addr, sizeof(struct utp_transfer_cmd_desc));
+ return div_u64(addr, sizeof_utp_transfer_cmd_desc(hba));
}
static void ufshcd_mcq_process_cqe(struct ufs_hba *hba,
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 9434328..b009e55 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -8444,7 +8444,7 @@ static void ufshcd_release_sdb_queue(struct ufs_hba *hba, int nutrs)
{
size_t ucdl_size, utrdl_size;
- ucdl_size = sizeof(struct utp_transfer_cmd_desc) * nutrs;
+ ucdl_size = sizeof_utp_transfer_cmd_desc(hba) * nutrs;
dmam_free_coherent(hba->dev, ucdl_size, hba->ucdl_base_addr,
hba->ucdl_dma_addr);
--
2.7.4
> When allocating memory for the UTP Command Descriptor
> hba->ucdl_base_addr in ufshcd_memory_alloc(), the macro
> sizeof_utp_transfer_cmd_desc() is used to calculate the size of the memory
> allocation. This macro includes the prd_table as part of the UTP Command
> Descriptor memory. However, when freeing this memory in the
> ufshcd_release_sdb_queue(), the sizeof(struct utp_transfer_cmd_desc) is
> used, and it does not include the prd_table size for the memory to be freed.
> This results in a mismatch of memory size allocated/freed.
>
> Similarly, the ufshcd_mcq_get_tag() incorrectly uses the sizeof(struct
> utp_transfer_cmd_desc) to find the tag number.
> This results in failing to probe.
>
> Signed-off-by: Bao D. Nguyen <[email protected]>
Looks like this fix is suggested here as well -
https://www.spinics.net/lists/linux-scsi/msg184092.html
Thanks,
Avri
> ---
> drivers/ufs/core/ufs-mcq.c | 2 +-
> drivers/ufs/core/ufshcd.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index
> 202ff71..b7c5f39 100644
> --- a/drivers/ufs/core/ufs-mcq.c
> +++ b/drivers/ufs/core/ufs-mcq.c
> @@ -265,7 +265,7 @@ static int ufshcd_mcq_get_tag(struct ufs_hba *hba,
> addr = (le64_to_cpu(cqe->command_desc_base_addr) & CQE_UCD_BA) -
> hba->ucdl_dma_addr;
>
> - return div_u64(addr, sizeof(struct utp_transfer_cmd_desc));
> + return div_u64(addr, sizeof_utp_transfer_cmd_desc(hba));
> }
>
> static void ufshcd_mcq_process_cqe(struct ufs_hba *hba, diff --git
> a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index
> 9434328..b009e55 100644
> --- a/drivers/ufs/core/ufshcd.c
> +++ b/drivers/ufs/core/ufshcd.c
> @@ -8444,7 +8444,7 @@ static void ufshcd_release_sdb_queue(struct
> ufs_hba *hba, int nutrs) {
> size_t ucdl_size, utrdl_size;
>
> - ucdl_size = sizeof(struct utp_transfer_cmd_desc) * nutrs;
> + ucdl_size = sizeof_utp_transfer_cmd_desc(hba) * nutrs;
> dmam_free_coherent(hba->dev, ucdl_size, hba->ucdl_base_addr,
> hba->ucdl_dma_addr);
>
> --
> 2.7.4
On 4/27/2023 2:57 AM, Avri Altman wrote:
>> When allocating memory for the UTP Command Descriptor
>> hba->ucdl_base_addr in ufshcd_memory_alloc(), the macro
>> sizeof_utp_transfer_cmd_desc() is used to calculate the size of the memory
>> allocation. This macro includes the prd_table as part of the UTP Command
>> Descriptor memory. However, when freeing this memory in the
>> ufshcd_release_sdb_queue(), the sizeof(struct utp_transfer_cmd_desc) is
>> used, and it does not include the prd_table size for the memory to be freed.
>> This results in a mismatch of memory size allocated/freed.
>>
>> Similarly, the ufshcd_mcq_get_tag() incorrectly uses the sizeof(struct
>> utp_transfer_cmd_desc) to find the tag number.
>> This results in failing to probe.
>>
>> Signed-off-by: Bao D. Nguyen <[email protected]>
> Looks like this fix is suggested here as well -
> https://www.spinics.net/lists/linux-scsi/msg184092.html
Hi Avri, Thanks. Yes, that patch should cover half of the issues raised
by my patch.
Let me request the owner to include the change in
ufshcd_release_sdb_queue() as well.
> Thanks,
> Avri
>
>> ---
>> drivers/ufs/core/ufs-mcq.c | 2 +-
>> drivers/ufs/core/ufshcd.c | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index
>> 202ff71..b7c5f39 100644
>> --- a/drivers/ufs/core/ufs-mcq.c
>> +++ b/drivers/ufs/core/ufs-mcq.c
>> @@ -265,7 +265,7 @@ static int ufshcd_mcq_get_tag(struct ufs_hba *hba,
>> addr = (le64_to_cpu(cqe->command_desc_base_addr) & CQE_UCD_BA) -
>> hba->ucdl_dma_addr;
>>
>> - return div_u64(addr, sizeof(struct utp_transfer_cmd_desc));
>> + return div_u64(addr, sizeof_utp_transfer_cmd_desc(hba));
>> }
>>
>> static void ufshcd_mcq_process_cqe(struct ufs_hba *hba, diff --git
>> a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index
>> 9434328..b009e55 100644
>> --- a/drivers/ufs/core/ufshcd.c
>> +++ b/drivers/ufs/core/ufshcd.c
>> @@ -8444,7 +8444,7 @@ static void ufshcd_release_sdb_queue(struct
>> ufs_hba *hba, int nutrs) {
>> size_t ucdl_size, utrdl_size;
>>
>> - ucdl_size = sizeof(struct utp_transfer_cmd_desc) * nutrs;
>> + ucdl_size = sizeof_utp_transfer_cmd_desc(hba) * nutrs;
>> dmam_free_coherent(hba->dev, ucdl_size, hba->ucdl_base_addr,
>> hba->ucdl_dma_addr);
>>
>> --
>> 2.7.4