Search Linux Wireless

Re: [RFC v4 06/21] ath10k: sdio support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Erik Stromdahl <erik.stromdahl@xxxxxxxxx> writes:

> On 2017-03-10 13:43, Valo, Kalle wrote:
>> "Valo, Kalle" <kvalo@xxxxxxxxxxxxxxxx> writes:
>>
>>> Erik Stromdahl <erik.stromdahl@xxxxxxxxx> writes:
>>>
>>>> sdio/mailbox HIF implementation.
>>>>
>>>> Signed-off-by: Erik Stromdahl <erik.stromdahl@xxxxxxxxx>
>>>
>>> I'm looking at this more carefully now and noticed this:
>>>
>>>> +static int ath10k_sdio_bmi_credits(struct ath10k *ar)
>>>> +{
>>>> +	int ret;
>>>> +	u32 addr, *cmd_credits;
>>>> +	unsigned long timeout;
>>>> +
>>>> +	cmd_credits = kzalloc(sizeof(*cmd_credits), GFP_KERNEL);
>>>> +	if (!cmd_credits) {
>>>> +		ret = -ENOMEM;
>>>> +		goto err;
>>>> +	}
>>>> +
>>>> +	/* Read the counter register to get the command credits */
>>>> +	addr = MBOX_COUNT_DEC_ADDRESS + ATH10K_HIF_MBOX_NUM_MAX * 4;
>>>> +
>>>> +	timeout = jiffies + BMI_COMMUNICATION_TIMEOUT_HZ;
>>>> +	while (time_before(jiffies, timeout) && !*cmd_credits) {
>>>> +		/* Hit the credit counter with a 4-byte access, the first byte
>>>> +		 * read will hit the counter and cause a decrement, while the
>>>> +		 * remaining 3 bytes has no effect. The rationale behind this
>>>> +		 * is to make all HIF accesses 4-byte aligned.
>>>> +		 */
>>>> +		ret = ath10k_sdio_read_write_sync(ar, addr,
>>>> +						  (u8 *)cmd_credits,
>>>> +						  sizeof(*cmd_credits),
>>>> +						  HIF_RD_SYNC_BYTE_INC);
>>>> +		if (ret) {
>>>> +			ath10k_warn(ar,
>>>> + "Unable to decrement the command credit count register: %d\n",
>>>> +				    ret);
>>>> +			goto err_free;
>>>> +		}
>>>> +
>>>> +		/* The counter is only 8 bits.
>>>> +		 * Ignore anything in the upper 3 bytes
>>>> +		 */
>>>> +		*cmd_credits &= 0xFF;
>>>> +	}
>>>> +
>>>> +	if (!*cmd_credits) {
>>>> +		ath10k_warn(ar, "bmi communication timeout\n");
>>>> +		ret = -ETIMEDOUT;
>>>> +		goto err_free;
>>>> +	}
>>>> +
>>>> +	return 0;
>>>> +err_free:
>>>> +	kfree(cmd_credits);
>>>> +err:
>>>> +	return ret;
>>>> +}
>>>
>>> AFAICS we are leaking cmd_credits if there's no error. Or is the buffer
>>> freed somewhere within the mmc stack or something? The reason why I ask
>>> is that I saw the same pattern in multiple functions so I'm curious.
>>
>> Also I'm worried about endianness. We are reading from the device
>> directly to an u32 variable and not converting the bytes. Is the MMC
>> subsystem doing the conversion, I guess not?
>>
> You are right, there is definitely a memory leak (and there are similar problems
> in a couple of other functions as well as you have pointed out).
>
> This was introduced in version 3 of the
> RFC when I removed the bounce buffer from ath6kl. Instead I introduced a bunch of
> local "bounce" buffers in order to make sure that the buffers passed to the sdio
> subsystem is dma-able (malloc'ed buffer instead of stack allocated).
>
> Regarding endianess: That particular code construct is an artifact from ath6kl.
> I am not sure it makes any sense to use a u32 in that particular case.
> A u8 array is most likely more convenient.

There seems to be same pattern for reading four bytes, what if we should
add a helper for that? Something like ath10k_sdio_read32()? It could
handle the kmalloc and switch endianess also.

But please don't make any chances to sdio.c for the moment, let me
submit v5 first.

-- 
Kalle Valo



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux