Received: by 10.192.165.156 with SMTP id m28csp428616imm; Wed, 11 Apr 2018 01:12:15 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/ZO4Oo7070AdwvJoqX8kfg0V/biu/tiWIIkcESd6S+60wuqwdM3iFVyBTX9aBI4Z1gtVQW X-Received: by 2002:a17:902:209:: with SMTP id 9-v6mr3867434plc.403.1523434335743; Wed, 11 Apr 2018 01:12:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523434335; cv=none; d=google.com; s=arc-20160816; b=cqXfY6W6CK//QbQZabghOeMWYwLwLU4SYrLGyEMLLmX4mcGVCRI2NpV1qF2NnBgS/E 6FLoaNXPdQZqN1RIPgUjMSXCk5RM/SqYqLkc8Tuy+drntL2jh6YEbHkEpbS1EVUc7Wad vL3boWVae60nOqBdw3+/q2PhY6ELPJSxTqzG42jXNzWJ/7Z9+zSzIf8nt6UejjyBog5o OPKhmCzSnmBM9Am0vO8sgvznhJ0QKF5aHWhWhoWBBPE9yvWJDrcuglEuohLWYK5yvstj aIKiOL0+V/HBVE0ljluopDpfxFU+zz2k3EA/RzNOpQMiJa9o4TUjzgacxqpasDHkrhmz lilw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :arc-authentication-results; bh=oeVGqzl60gHOu2B6J2AF05JnuP2YKXD3KHmujBiwki4=; b=GkIEvY1HofrqB2YMJJ46gxj6a0BcuFrCLSr2feccduoKQlG0lGfcwQees4QZ6QLgj7 oA3ByfYiEEuAy/DCBlYCJoEiHM3zDPJhOXHkwFFPqXGyhp8WwoaIhMgdDjy+YA62XPqB uqJhc9qvQPY6c24+DY0zEsBIfsqJ2EmYr6AmkPkoEoJNwUQjyWfym2VAegiWJX3Yf4je ftInQRsp5/C8/XDx5JHIjuAfADNV2BCwZgJu/8zzHaPTS/u0+HjygerW0XcHaHIySEC9 yjBt+BI5wC75RqK9x+ngUI8lukofseEicEm4DPonj5E3/3R3Mr01owoEP/ys5FjgPx6L vYbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v1-v6si592197ply.711.2018.04.11.01.11.34; Wed, 11 Apr 2018 01:12:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752274AbeDKIIV (ORCPT + 99 others); Wed, 11 Apr 2018 04:08:21 -0400 Received: from mail.bootlin.com ([62.4.15.54]:42976 "EHLO mail.bootlin.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751589AbeDKIIS (ORCPT ); Wed, 11 Apr 2018 04:08:18 -0400 Received: by mail.bootlin.com (Postfix, from userid 110) id 87CA42083D; Wed, 11 Apr 2018 10:08:16 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.bootlin.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT shortcircuit=ham autolearn=disabled version=3.4.0 Received: from bbrezillon (LStLambert-657-1-97-87.w90-63.abo.wanadoo.fr [90.63.216.87]) by mail.bootlin.com (Postfix) with ESMTPSA id 3E8802079F; Wed, 11 Apr 2018 10:08:06 +0200 (CEST) Date: Wed, 11 Apr 2018 10:08:06 +0200 From: Boris Brezillon To: Ladislav Michl Cc: Andreas Kemnade , Discussions about the Letux Kernel , Boris Brezillon , Aaro Koskinen , Tony Lindgren , Linux Kernel Mailing List , Peter Ujfalusi , linux-omap , Roger Quadros Subject: Re: [Letux-kernel] [Bug]: mtd: onenand: omap2plus: kernel panic with OneNAND on OMAP3 (DM3730) device GTA04A5 Message-ID: <20180411100806.3c09bafc@bbrezillon> In-Reply-To: <20180411073655.GA18273@lenoch> References: <5D496D5C-4E3E-47B4-9981-E8F4C348DE00@goldelico.com> <20180410205643.GA2228@lenoch> <20180411065836.7e1bfc3f@aktux> <20180411062607.GA9179@lenoch> <20180411091528.4e954c32@bbrezillon> <20180411073655.GA18273@lenoch> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 11 Apr 2018 09:36:56 +0200 Ladislav Michl wrote: > Hi Boris, > > On Wed, Apr 11, 2018 at 09:15:28AM +0200, Boris Brezillon wrote: > > Hi Ladislav, > > > > On Wed, 11 Apr 2018 08:26:07 +0200 > > Ladislav Michl wrote: > > > > > Hi Andreas, > > > > > > On Wed, Apr 11, 2018 at 06:59:03AM +0200, Andreas Kemnade wrote: > > > > Hi Ladis, > > > > > > > > On Tue, 10 Apr 2018 22:56:43 +0200 > > > > Ladislav Michl wrote: > > > > > > > > > Hi Nikolaus, > > > > > > > > > > On Tue, Apr 10, 2018 at 06:25:17PM +0200, H. Nikolaus Schaller wrote: > > > > > > Hi, > > > > > > we just started testing the v4.16 kernel and found the > > > > > > device no longer bootable (works with v4.15). It turned > > > > > > out that there was a harmful modification somewhere between > > > > > > v4.15.0 and v4.16-rc1. > > > > > > > > > > > > A git bisect points to this patch: > > > > > > > > > > Well, that's a shame... However, this code is in production for several > > > > > months now, so could you, please put 'goto out_copy' if 'buf >= high_memory' > > > > > condition is met, ie: > > > > > --- a/drivers/mtd/nand/onenand/omap2.c > > > > > +++ b/drivers/mtd/nand/onenand/omap2.c > > > > > @@ -392,6 +392,7 @@ static int omap2_onenand_read_bufferram(struct mtd_info *mtd, int area, > > > > > if (buf >= high_memory) { > > > > > struct page *p1; > > > > > > > > > > + goto out_copy; > > > > > if (((size_t)buf & PAGE_MASK) != > > > > > ((size_t)(buf + count - 1) & PAGE_MASK)) > > > > > goto out_copy; > > > > > > > > I had the same problem here, and that snippet helps here. ubiattach > > > > -p /dev/mtdX does not cause kernel oopses here anymore > > > > > > It seems reviving old code always comes at a price :-) Could you try > > > following patch, so far compile tested only? > > > (we'll need to do the same for omap2_onenand_write_bufferram, but > > > it sould be enough for testing purposes now) > > > > > > diff --git a/drivers/mtd/nand/onenand/omap2.c b/drivers/mtd/nand/onenand/omap2.c > > > index 9c159f0dd9a6..04cefd7a6487 100644 > > > --- a/drivers/mtd/nand/onenand/omap2.c > > > +++ b/drivers/mtd/nand/onenand/omap2.c > > > @@ -375,11 +375,12 @@ static int omap2_onenand_read_bufferram(struct mtd_info *mtd, int area, > > > { > > > struct omap2_onenand *c = container_of(mtd, struct omap2_onenand, mtd); > > > struct onenand_chip *this = mtd->priv; > > > + struct device *dev = &c->pdev->dev; > > > dma_addr_t dma_src, dma_dst; > > > int bram_offset; > > > void *buf = (void *)buffer; > > > size_t xtra; > > > - int ret; > > > + int ret, page_dma = 0; > > > > > > bram_offset = omap2_onenand_bufferram_offset(mtd, area) + area + offset; > > > if (bram_offset & 3 || (size_t)buf & 3 || count < 384) > > > @@ -389,38 +390,43 @@ static int omap2_onenand_read_bufferram(struct mtd_info *mtd, int area, > > > if (in_interrupt() || oops_in_progress) > > > goto out_copy; > > > > > > + xtra = count & 3; > > > + if (xtra) { > > > + count -= xtra; > > > + memcpy(buf + count, this->base + bram_offset + count, xtra); > > > + } > > > + > > > + /* Handle vmalloc address */ > > > if (buf >= high_memory) { > > > - struct page *p1; > > > + struct page *page; > > > > > > if (((size_t)buf & PAGE_MASK) != > > > ((size_t)(buf + count - 1) & PAGE_MASK)) > > > goto out_copy; > > > - p1 = vmalloc_to_page(buf); > > > - if (!p1) > > > + page = vmalloc_to_page(buf); > > > > Not sure this approach is safe on all archs: if the cache is VIVT or > > VIPT, you may have several entries pointing to the same phys page, and > > then, when dma_map_page() does its cache maintenance operations, it's > > only taking one of these entries into account. > > Hmm, I used the same approach Samsung OneNAND driver does since commit > dcf08227e964a53a2cb39130b74842c7dcb6adde. > Both TI OMAP3630 and Samsung S5PC110 are using Cortex-A8 which > is VIPT. In that case samsung's driver code has the same problem. > > > In other parts of the MTD subsystem, we tend to not do DMA on buffers > > that have been vmalloc-ed. > > > > You can do something like > > > > if (virt_addr_valid(buf)) > > /* Use DMA */ > > else > > /* > > * Do not use DMA, or use a bounce buffer > > * allocated with kmalloc > > */ > > Okay, I'll use this approach then, but first I'd like to be sure above is > correct. Anyone? See this discussion [1]. The problem came up a few times already, so might find other threads describing why it's not safe. [1]https://lists.linuxfoundation.org/pipermail/iommu/2016-March/016240.html