On Fri, May 24, 2024 at 12:03:35PM +0000, Pankaj Gupta wrote: > > > > -----Original Message----- > > From: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> > > Sent: Friday, May 24, 2024 1:53 PM > > To: Pankaj Gupta <pankaj.gupta@xxxxxxx> > > Cc: Jonathan Corbet <corbet@xxxxxxx>; Rob Herring <robh+dt@xxxxxxxxxx>; > > Krzysztof Kozlowski <krzysztof.kozlowski+dt@xxxxxxxxxx>; Conor Dooley > > <conor+dt@xxxxxxxxxx>; Shawn Guo <shawnguo@xxxxxxxxxx>; Pengutronix > > Kernel Team <kernel@xxxxxxxxxxxxxx>; Fabio Estevam > > <festevam@xxxxxxxxx>; Rob Herring <robh@xxxxxxxxxx>; Krzysztof Kozlowski > > <krzk+dt@xxxxxxxxxx>; linux-doc@xxxxxxxxxxxxxxx; linux- > > kernel@xxxxxxxxxxxxxxx; devicetree@xxxxxxxxxxxxxxx; imx@xxxxxxxxxxxxxxx; > > linux-arm-kernel@xxxxxxxxxxxxxxxxxxx > > Subject: [EXT] Re: [PATCH v2 5/5] firmware: imx: adds miscdev > > > > Caution: This is an external email. Please take care when clicking links or > > opening attachments. When in doubt, report the message using the 'Report > > this email' button > > > > > > On Thu, May 23, 2024 at 04:19:36PM +0530, Pankaj Gupta wrote: > > > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx, > > > + void *tx_msg, int tx_msg_sz) { > > > + struct se_if_priv *priv = dev_ctx->priv; > > > + struct se_msg_hdr *header; > > > + int err; > > > + > > > + header = (struct se_msg_hdr *) tx_msg; > > > + > > > + /* > > > + * Check that the size passed as argument matches the size > > > + * carried in the message. > > > + */ > > > + err = header->size << 2; > > > + > > > + if (err != tx_msg_sz) { > > > + err = -EINVAL; > > > + dev_err(priv->dev, > > > + "%s: User buffer too small\n", > > > + dev_ctx->miscdev.name); > > > + goto exit; > > > + } > > > + /* Check the message is valid according to tags */ > > > + if (header->tag == priv->cmd_tag) { > > > + mutex_lock(&priv->se_if_cmd_lock); > > > > Grabbing a mutex in a character devices write fop and releasing it in the read > > fop is really calling for undesired race conditions. > > Condition is: > - Only one command is allowed to be in flight, at a time per interface. > -- Second command is not allowed, when one command is in flight. > - Duration of the flight is till the time the response is not received from the FW. > > Command lock is grabbed and then released in process context only. > > > > > If sending a command and receiving the response shall be an atomic operation > > then you should really consider turning this into an ioctl and just not > > implement read/write on the character device. With this you'll be able to get > > rid of several oddities in this drivers locking. > > > > It is not an atomic operation. It can be pre-empted. I didn't mean atomic in the sense of being non preemptable. > But it cannot be pre-empted to send another command on the same interface. > > As only one command is allowed to be executed at one point in time, through an interface. I meant atomic in the sense that only one command may be in flight: Send a message and do not allow to send another message until the answer to the first one is received. Using an ioctl you can just use imx_ele_msg_send_rcv() which takes a mutex during the whole send/receive process and have no need for such a strange locking construct. > > > + /* > > > + * We may need to copy the output data to user before > > > + * delivering the completion message. > > > + */ > > > + while (!list_empty(&dev_ctx->pending_out)) { > > > + b_desc = list_first_entry_or_null(&dev_ctx->pending_out, > > > + struct se_buf_desc, > > > + link); > > > + if (!b_desc) > > > + continue; > > > > b_desc will never be NULL because otherwise you wouldn't be in the loop > > anymore. The usual way to iterate over a list is to use list_for_each_entry() or > > list_for_each_entry_safe() in case you delete entries in the loop body. > > > > Will remove the NULL check. > if (!b_desc) > continue; Please don't. Use list_for_each_entry_safe() which is the normal way to iterate over a list. > > > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx, > > > + u64 arg) { > > > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev); > > > + struct imx_se_node_info *if_node_info; > > > + struct se_ioctl_get_if_info info; > > > + int err = 0; > > > + > > > + if_node_info = (struct imx_se_node_info *)priv->info; > > > > priv->info is of type const void *. You are casting away the the 'const' > > here. Either it is const, then it should stay const, or not, in which case it > > shouldn't be declared const. Also why isn't priv->info of type struct > > imx_se_node_info * in the first place? > > This struct definition is local to the file se_ctrl.c. > Declaration of imx_se_node_info, is fixed by adding const in the whole file. Add a struct imx_se_node_info; to se_ctrl.h and you're done. > > > > + err = -EFAULT; > > > + goto exit; > > > + } else { > > > + /* No specific requirement for this buffer. */ > > > + shared_mem = &dev_ctx->non_secure_mem; > > > + } > > > + > > > + /* Check there is enough space in the shared memory. */ > > > + if (shared_mem->size < shared_mem->pos > > > + || io.length >= shared_mem->size - shared_mem->pos) { > > > + dev_err(dev_ctx->priv->dev, > > > + "%s: Not enough space in shared memory\n", > > > + dev_ctx->miscdev.name); > > > + err = -ENOMEM; > > > + goto exit; > > > + } > > > + > > > + /* Allocate space in shared memory. 8 bytes aligned. */ > > > + pos = shared_mem->pos; > > > + shared_mem->pos += round_up(io.length, 8u); > > > > You are checking if there's enough space in the shared memory without taking > > this round_up into account. > > Yes. It is initializing the local variable 'pos', with last store value of shared_mem->pos. Your check is: if (shared_mem->size < shared_mem->pos || io.length >= shared_mem->size - shared_mem->pos) Afterwards you do a: shared_mem->pos += round_up(io.length, 8u); This invalidates the check. You have to honor the potential padding in your check as well. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |