We found this issue on a 5G platform, during CMDQ error handling, if DMA status is active when it call msdc_reset_hw, it means mmc host hw reset and DMA transfer will be parallel, mmc host may access sram region unexpectedly.
According to the programming guide of mtk mmc host, it needs to wait for dma stop done after set dma stop.
This change should be applied to all SoCs.
Change-Id: I9b87523f19b24ca73958bbcb83bb418413c5a180
Signed-off-by: Derong Liu <[email protected]>
---
drivers/mmc/host/mtk-sd.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c
index 4dfc246c5f95..b99330bad6a5 100644
--- a/drivers/mmc/host/mtk-sd.c
+++ b/drivers/mmc/host/mtk-sd.c
@@ -8,6 +8,7 @@
#include <linux/clk.h>
#include <linux/delay.h>
#include <linux/dma-mapping.h>
+#include <linux/iopoll.h>
#include <linux/ioport.h>
#include <linux/irq.h>
#include <linux/of_address.h>
@@ -2330,6 +2331,7 @@ static void msdc_cqe_enable(struct mmc_host *mmc)
static void msdc_cqe_disable(struct mmc_host *mmc, bool recovery)
{
struct msdc_host *host = mmc_priv(mmc);
+ unsigned int val = 0;
/* disable cmdq irq */
sdr_clr_bits(host->base + MSDC_INTEN, MSDC_INT_CMDQ);
@@ -2339,6 +2341,9 @@ static void msdc_cqe_disable(struct mmc_host *mmc, bool recovery)
if (recovery) {
sdr_set_field(host->base + MSDC_DMA_CTRL,
MSDC_DMA_CTRL_STOP, 1);
+ if (WARN_ON(readl_poll_timeout(host->base + MSDC_DMA_CFG, val,
+ !(val & MSDC_DMA_CFG_STS), 1, 3000)))
+ return;
msdc_reset_hw(host);
}
}
--
2.18.0
On Fri, 27 Aug 2021 at 09:15, Derong Liu <[email protected]> wrote:
>
> We found this issue on a 5G platform, during CMDQ error handling, if DMA status is active when it call msdc_reset_hw, it means mmc host hw reset and DMA transfer will be parallel, mmc host may access sram region unexpectedly.
> According to the programming guide of mtk mmc host, it needs to wait for dma stop done after set dma stop.
> This change should be applied to all SoCs.
>
> Change-Id: I9b87523f19b24ca73958bbcb83bb418413c5a180
I am dropping this tag.
> Signed-off-by: Derong Liu <[email protected]>
Applied for next, thanks! I guess we should also tag this for stable
kernels, right?
Kind regards
Uffe
> ---
> drivers/mmc/host/mtk-sd.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c
> index 4dfc246c5f95..b99330bad6a5 100644
> --- a/drivers/mmc/host/mtk-sd.c
> +++ b/drivers/mmc/host/mtk-sd.c
> @@ -8,6 +8,7 @@
> #include <linux/clk.h>
> #include <linux/delay.h>
> #include <linux/dma-mapping.h>
> +#include <linux/iopoll.h>
> #include <linux/ioport.h>
> #include <linux/irq.h>
> #include <linux/of_address.h>
> @@ -2330,6 +2331,7 @@ static void msdc_cqe_enable(struct mmc_host *mmc)
> static void msdc_cqe_disable(struct mmc_host *mmc, bool recovery)
> {
> struct msdc_host *host = mmc_priv(mmc);
> + unsigned int val = 0;
>
> /* disable cmdq irq */
> sdr_clr_bits(host->base + MSDC_INTEN, MSDC_INT_CMDQ);
> @@ -2339,6 +2341,9 @@ static void msdc_cqe_disable(struct mmc_host *mmc, bool recovery)
> if (recovery) {
> sdr_set_field(host->base + MSDC_DMA_CTRL,
> MSDC_DMA_CTRL_STOP, 1);
> + if (WARN_ON(readl_poll_timeout(host->base + MSDC_DMA_CFG, val,
> + !(val & MSDC_DMA_CFG_STS), 1, 3000)))
> + return;
> msdc_reset_hw(host);
> }
> }
> --
> 2.18.0