Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

5 participants
2539 discussions

[PATCH] dma-buf: fix an error pointer vs NULL bug

by Dan Carpenter

The __dma_fence_unwrap_merge() function is supposed to return NULL on error. But the dma_fence_allocate_private_stub() returns error pointers so check for that and covert the error pointers to NULL returns. Otherwise, the callers do not expect error pointers and it leads to an Oops. Fixes: f781f661e8c9 ("dma-buf: keep the signaling time of merged fences v3") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- drivers/dma-buf/dma-fence-unwrap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/dma-buf/dma-fence-unwrap.c b/drivers/dma-buf/dma-fence-unwrap.c index c625bb2b5d56..d183eda0db89 100644 --- a/drivers/dma-buf/dma-fence-unwrap.c +++ b/drivers/dma-buf/dma-fence-unwrap.c @@ -94,8 +94,12 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, * If we couldn't find a pending fence just return a private signaled * fence with the timestamp of the last signaled one. */ - if (count == 0) - return dma_fence_allocate_private_stub(timestamp); + if (count == 0) { + tmp = dma_fence_allocate_private_stub(timestamp); + if (IS_ERR(tmp)) + return NULL; + return tmp; + } array = kmalloc_array(count, sizeof(*array), GFP_KERNEL); if (!array) @@ -176,6 +180,8 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, return_tmp: kfree(array); + if (IS_ERR(tmp)) + return NULL; return tmp; } EXPORT_SYMBOL_GPL(__dma_fence_unwrap_merge); -- 2.39.2

1 year, 6 months

[v5, PATCH] drm/mediatek: add dma buffer control for drm plane disable

by Yongqiang Niu

dma buffer release before overlay disable, that will cause m4u translation fault warning. add dma buffer control flow in mediatek driver: get dma buffer when drm plane disable put dma buffer when overlay really disable Fixes: 41016fe1028e ("drm: Rename plane->state variables in atomic update and disable") Signed-off-by: Yongqiang Niu <yongqiang.niu(a)mediatek.com> --- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 25 ++++++++++++++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_drv.c | 1 + drivers/gpu/drm/mediatek/mtk_drm_plane.c | 12 ++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_plane.h | 1 + 4 files changed, 39 insertions(+) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c index d40142842f85..49d671100785 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c @@ -4,6 +4,7 @@ */ #include <linux/clk.h> +#include <linux/dma-buf.h> #include <linux/dma-mapping.h> #include <linux/mailbox_controller.h> #include <linux/pm_runtime.h> @@ -283,6 +284,23 @@ struct mtk_ddp_comp *mtk_drm_ddp_comp_for_plane(struct drm_crtc *crtc, return NULL; } +static void mtk_drm_dma_buf_put(struct mtk_drm_crtc *mtk_crtc) +{ + unsigned int i; + + for (i = 0; i < mtk_crtc->layer_nr; i++) { + struct drm_plane *plane = &mtk_crtc->planes[i]; + struct mtk_plane_state *plane_state; + + plane_state = to_mtk_plane_state(plane->state); + + if (plane_state && plane_state->pending.dma_buf) { + dma_buf_put(plane_state->pending.dma_buf); + plane_state->pending.dma_buf = NULL; + } + } +} + #if IS_REACHABLE(CONFIG_MTK_CMDQ) static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) { @@ -323,6 +341,8 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) mtk_crtc->pending_async_planes = false; } + mtk_drm_dma_buf_put(mtk_crtc); + mtk_crtc->cmdq_vblank_cnt = 0; wake_up(&mtk_crtc->cb_blocking_queue); } @@ -624,9 +644,14 @@ static void mtk_crtc_ddp_irq(void *data) else if (mtk_crtc->cmdq_vblank_cnt > 0 && --mtk_crtc->cmdq_vblank_cnt == 0) DRM_ERROR("mtk_crtc %d CMDQ execute command timeout!\n", drm_crtc_index(&mtk_crtc->base)); + + if (!mtk_crtc->cmdq_client.chan) + mtk_drm_dma_buf_put(mtk_crtc); #else if (!priv->data->shadow_register) mtk_crtc_ddp_config(crtc, NULL); + + mtk_drm_dma_buf_put(mtk_crtc); #endif mtk_drm_finish_page_flip(mtk_crtc); } diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index 6dcb4ba2466c..812f1667e070 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -993,4 +993,5 @@ module_exit(mtk_drm_exit); MODULE_AUTHOR("YT SHEN <yt.shen(a)mediatek.com>"); MODULE_DESCRIPTION("Mediatek SoC DRM driver"); +MODULE_IMPORT_NS(DMA_BUF); MODULE_LICENSE("GPL v2"); diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c index 31f9420aff6f..66e6393e45ee 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c @@ -12,6 +12,7 @@ #include <drm/drm_framebuffer.h> #include <drm/drm_gem_atomic_helper.h> #include <linux/align.h> +#include <linux/dma-buf.h> #include "mtk_drm_crtc.h" #include "mtk_drm_ddp_comp.h" @@ -266,6 +267,17 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane, struct drm_plane_state *new_state = drm_atomic_get_new_plane_state(state, plane); struct mtk_plane_state *mtk_plane_state = to_mtk_plane_state(new_state); + struct drm_plane_state *old_state = drm_atomic_get_old_plane_state(state, + plane); + + if (old_state && old_state->fb) { + struct drm_gem_object *gem = old_state->fb->obj[0]; + + if (gem && gem->dma_buf) { + get_dma_buf(gem->dma_buf); + mtk_plane_state->pending.dma_buf = gem->dma_buf; + } + } mtk_plane_state->pending.enable = false; wmb(); /* Make sure the above parameter is set before update */ mtk_plane_state->pending.dirty = true; diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h b/drivers/gpu/drm/mediatek/mtk_drm_plane.h index 99aff7da0831..3aba0b58ef3c 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h @@ -33,6 +33,7 @@ struct mtk_plane_pending_state { bool async_dirty; bool async_config; enum drm_color_encoding color_encoding; + struct dma_buf *dma_buf; }; struct mtk_plane_state { -- 2.25.1

1 year, 6 months

[v4, PATCH] drm/mediatek: add dma buffer control for drm plane disable

by Yongqiang Niu

dma buffer release before overlay disable, that will cause m4u translation fault warning. add dma buffer control flow in mediatek driver: get dma buffer when drm plane disable put dma buffer when overlay really disable Fixes: 41016fe1028e4 ("drm: Rename plane->state variables in atomic update and disable") Signed-off-by: Yongqiang Niu <yongqiang.niu(a)mediatek.com> --- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 25 ++++++++++++++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_plane.c | 12 ++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_plane.h | 1 + 3 files changed, 38 insertions(+) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c index d40142842f85..49d671100785 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c @@ -4,6 +4,7 @@ */ #include <linux/clk.h> +#include <linux/dma-buf.h> #include <linux/dma-mapping.h> #include <linux/mailbox_controller.h> #include <linux/pm_runtime.h> @@ -283,6 +284,23 @@ struct mtk_ddp_comp *mtk_drm_ddp_comp_for_plane(struct drm_crtc *crtc, return NULL; } +static void mtk_drm_dma_buf_put(struct mtk_drm_crtc *mtk_crtc) +{ + unsigned int i; + + for (i = 0; i < mtk_crtc->layer_nr; i++) { + struct drm_plane *plane = &mtk_crtc->planes[i]; + struct mtk_plane_state *plane_state; + + plane_state = to_mtk_plane_state(plane->state); + + if (plane_state && plane_state->pending.dma_buf) { + dma_buf_put(plane_state->pending.dma_buf); + plane_state->pending.dma_buf = NULL; + } + } +} + #if IS_REACHABLE(CONFIG_MTK_CMDQ) static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) { @@ -323,6 +341,8 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) mtk_crtc->pending_async_planes = false; } + mtk_drm_dma_buf_put(mtk_crtc); + mtk_crtc->cmdq_vblank_cnt = 0; wake_up(&mtk_crtc->cb_blocking_queue); } @@ -624,9 +644,14 @@ static void mtk_crtc_ddp_irq(void *data) else if (mtk_crtc->cmdq_vblank_cnt > 0 && --mtk_crtc->cmdq_vblank_cnt == 0) DRM_ERROR("mtk_crtc %d CMDQ execute command timeout!\n", drm_crtc_index(&mtk_crtc->base)); + + if (!mtk_crtc->cmdq_client.chan) + mtk_drm_dma_buf_put(mtk_crtc); #else if (!priv->data->shadow_register) mtk_crtc_ddp_config(crtc, NULL); + + mtk_drm_dma_buf_put(mtk_crtc); #endif mtk_drm_finish_page_flip(mtk_crtc); } diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c index 31f9420aff6f..66e6393e45ee 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c @@ -12,6 +12,7 @@ #include <drm/drm_framebuffer.h> #include <drm/drm_gem_atomic_helper.h> #include <linux/align.h> +#include <linux/dma-buf.h> #include "mtk_drm_crtc.h" #include "mtk_drm_ddp_comp.h" @@ -266,6 +267,17 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane, struct drm_plane_state *new_state = drm_atomic_get_new_plane_state(state, plane); struct mtk_plane_state *mtk_plane_state = to_mtk_plane_state(new_state); + struct drm_plane_state *old_state = drm_atomic_get_old_plane_state(state, + plane); + + if (old_state && old_state->fb) { + struct drm_gem_object *gem = old_state->fb->obj[0]; + + if (gem && gem->dma_buf) { + get_dma_buf(gem->dma_buf); + mtk_plane_state->pending.dma_buf = gem->dma_buf; + } + } mtk_plane_state->pending.enable = false; wmb(); /* Make sure the above parameter is set before update */ mtk_plane_state->pending.dirty = true; diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h b/drivers/gpu/drm/mediatek/mtk_drm_plane.h index 99aff7da0831..3aba0b58ef3c 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h @@ -33,6 +33,7 @@ struct mtk_plane_pending_state { bool async_dirty; bool async_config; enum drm_color_encoding color_encoding; + struct dma_buf *dma_buf; }; struct mtk_plane_state { -- 2.25.1

1 year, 6 months

[PATCH] MAINTAINERS: Remove Laura Abbott from DMA-BUF HEAPS FRAMEWORK

by John Stultz

Laura's email address has not been valid for quite awhile now, so wanted to clean up the reviewer list here. I reached out to Laura who said it made sense to drop her from the list, so this patch does that. I do want to recognize Laura's long time contribution to this area and her previous ION maintainership, as this couldn't have gone upstream without her prior efforts. Many thanks! Cc: Laura Abbott <labbott(a)kernel.org> Cc: T.J. Mercier <tjmercier(a)google.com> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Cc: Brian Starkey <Brian.Starkey(a)arm.com> Cc: John Stultz <jstultz(a)google.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: kernel-team(a)android.com Acked-by: Laura Abbott <labbott(a)kernel.org> Signed-off-by: John Stultz <jstultz(a)google.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index f4e92b968ed7..6b28b59cbdb9 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6181,7 +6181,6 @@ F: kernel/dma/ DMA-BUF HEAPS FRAMEWORK M: Sumit Semwal <sumit.semwal(a)linaro.org> R: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> -R: Laura Abbott <labbott(a)redhat.com> R: Brian Starkey <Brian.Starkey(a)arm.com> R: John Stultz <jstultz(a)google.com> R: T.J. Mercier <tjmercier(a)google.com> -- 2.41.0.255.g8b1d071c50-goog

1 year, 6 months

[PATCH] MAINTAINERS: Remove Liam Mark from DMA-BUF HEAPS FRAMEWORK

by Jeffrey Hugo

@codeaurora.org email addresses are no longer valid and will bounce. I reached out to Liam about updating his entry under DMA-BUF HEAPS FRAMEWORK with an @codeaurora.org address. His response: "I am not a maintainer anymore, that should be removed." Liam currently does not have an email address that can be used to remove this entry, so I offered to submit a cleanup on his behalf with Liam's consent. Signed-off-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 76b53bafc03c..1781eb0a8dda 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6168,7 +6168,6 @@ F: kernel/dma/ DMA-BUF HEAPS FRAMEWORK M: Sumit Semwal <sumit.semwal(a)linaro.org> R: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> -R: Liam Mark <lmark(a)codeaurora.org> R: Laura Abbott <labbott(a)redhat.com> R: Brian Starkey <Brian.Starkey(a)arm.com> R: John Stultz <jstultz(a)google.com> -- 2.40.1

1 year, 6 months

[PATCH 00/26] use array_size

by Julia Lawall

Use array_size to protect against multiplication overflows. This follows up on the following patches by Kees Cook from 2018. 42bc47b35320 ("treewide: Use array_size() in vmalloc()") fad953ce0b22 ("treewide: Use array_size() in vzalloc()") The changes were done using the following Coccinelle semantic patch, adapted from the one posted by Kees. // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (sizeof(t)) * (COUNT) + COUNT , ...) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression COUNT; size_t e1, e2, e3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) * (e3) + array3_size(e1, e2, e3) ,...) | alloc( - (e1) * (e2) * (COUNT) + array3_size(COUNT, e1, e2) ,...) ) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression STRIDE, COUNT; size_t e; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (e) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, e) ,...) // Any remaining multi-factor products, first at least 3-factor products // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2 * C3,...) | alloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) ,...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // And then all remaining 2 factors products when they're not all constants. @@ expression E1, E2; constant C1, C2; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2,...) | alloc( - (E1) * (E2) + array_size(E1, E2) ,...) ) --- arch/x86/kernel/cpu/sgx/main.c | 3 ++- drivers/accel/habanalabs/common/device.c | 3 ++- drivers/accel/habanalabs/common/state_dump.c | 6 +++--- drivers/bus/mhi/host/init.c | 4 ++-- drivers/comedi/comedi_buf.c | 4 ++-- drivers/dma-buf/heaps/system_heap.c | 2 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++-- drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++-- drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++-- drivers/infiniband/sw/siw/siw_qp.c | 4 ++-- drivers/infiniband/sw/siw/siw_verbs.c | 6 +++--- drivers/iommu/tegra-gart.c | 4 ++-- drivers/net/ethernet/amd/pds_core/core.c | 4 ++-- drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++-- drivers/net/ethernet/google/gve/gve_tx.c | 2 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++-- drivers/scsi/fnic/fnic_trace.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- drivers/staging/media/ipu3/ipu3-mmu.c | 2 +- drivers/vdpa/vdpa_user/iova_domain.c | 3 +-- drivers/virtio/virtio_mem.c | 6 +++--- fs/btrfs/zoned.c | 5 +++-- kernel/kcov.c | 2 +- lib/test_vmalloc.c | 12 ++++++------ 28 files changed, 56 insertions(+), 52 deletions(-)

1 year, 6 months

[PATCH] accel/qaic: Call DRM helper function to destroy prime GEM

by Jeffrey Hugo

From: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> smatch warning: drivers/accel/qaic/qaic_data.c:620 qaic_free_object() error: dereferencing freed memory 'obj->import_attach' obj->import_attach is detached and freed using dma_buf_detach(). But used after free to decrease the dmabuf ref count using dma_buf_put(). drm_prime_gem_destroy() handles this issue and performs the proper clean up instead of open coding it in the driver. Fixes: ff13be830333 ("accel/qaic: Add datapath") Reported-by: Sukrut Bellary <sukrut.bellary(a)linux.com> Closes: https://lore.kernel.org/all/20230610021200.377452-1-sukrut.bellary@linux.co… Suggested-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> Reviewed-by: Carl Vanderlip <quic_carlv(a)quicinc.com> Reviewed-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> Signed-off-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> --- drivers/accel/qaic/qaic_data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/accel/qaic/qaic_data.c b/drivers/accel/qaic/qaic_data.c index e42c1f9ffff8..e9a1cb779b30 100644 --- a/drivers/accel/qaic/qaic_data.c +++ b/drivers/accel/qaic/qaic_data.c @@ -23,6 +23,7 @@ #include <linux/wait.h> #include <drm/drm_file.h> #include <drm/drm_gem.h> +#include <drm/drm_prime.h> #include <drm/drm_print.h> #include <uapi/drm/qaic_accel.h> @@ -616,8 +617,7 @@ static void qaic_free_object(struct drm_gem_object *obj) if (obj->import_attach) { /* DMABUF/PRIME Path */ - dma_buf_detach(obj->import_attach->dmabuf, obj->import_attach); - dma_buf_put(obj->import_attach->dmabuf); + drm_prime_gem_destroy(obj, NULL); } else { /* Private buffer allocation path */ qaic_free_sgt(bo->sgt); -- 2.40.1

1 year, 6 months

[PATCH] drm/msm: Fix typo in comment

by zhumao001＠208suo.com

Fix typo in comment of msm_gem.c. Signed-off-by: Zhu Mao <zhumao001(a)208suo.com> --- drivers/gpu/drm/msm/msm_gem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index 20cfd86d2b32..ef81074416af 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -503,8 +503,8 @@ void msm_gem_unpin_locked(struct drm_gem_object *obj) /* Special unpin path for use in fence-signaling path, avoiding the need * to hold the obj lock by only depending on things that a protected by - * the LRU lock. In particular we know that that we already have backing - * and and that the object's dma_resv has the fence for the current + * the LRU lock. In particular we know that we already have backing + * and that the object's dma_resv has the fence for the current * submit/job which will prevent us racing against page eviction. */ void msm_gem_unpin_active(struct drm_gem_object *obj)

1 year, 6 months

[[[-Domain-]]] WARNING: Your email account “ linaro-mm-sig@lists.linaro.org ” is almost full

by Mail Administrator

1 year, 6 months

[PATCH v4] mtd: rawnand: macronix: OTP access for MX30LFxG18AC

by Arseniy Krasnov

This adds support for OTP area access on MX30LFxG18AC chip series. Signed-off-by: Arseniy Krasnov <AVKrasnov(a)sberdevices.ru> --- v1 -> v2: * Add slab.h include due to kernel test robot error. v2 -> v3: * Use 'uint64_t' as input argument for 'do_div()' instead of 'unsigned long' due to kernel test robot error. v3 -> v4: * Use 'dev_err()' instead of 'WARN()'. * Call 'match_string()' before checking 'supports_set_get_features' in 'macronix_nand_setup_otp(). * Use 'u8' instead of 'uint8_t' as ./checkpatch.pl wants. drivers/mtd/nand/raw/nand_macronix.c | 216 +++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_macronix.c b/drivers/mtd/nand/raw/nand_macronix.c index 1472f925f386..be1ffa93bebb 100644 --- a/drivers/mtd/nand/raw/nand_macronix.c +++ b/drivers/mtd/nand/raw/nand_macronix.c @@ -6,6 +6,7 @@ * Author: Boris Brezillon <boris.brezillon(a)free-electrons.com> */ +#include <linux/slab.h> #include "linux/delay.h" #include "internals.h" @@ -31,6 +32,20 @@ #define MXIC_CMD_POWER_DOWN 0xB9 +#define ONFI_FEATURE_ADDR_30LFXG18AC_OTP 0x90 +#define MACRONIX_30LFXG18AC_OTP_START_PAGE 0 +#define MACRONIX_30LFXG18AC_OTP_PAGES 30 +#define MACRONIX_30LFXG18AC_OTP_PAGE_SIZE 2112 +#define MACRONIX_30LFXG18AC_OTP_START_BYTE \ + (MACRONIX_30LFXG18AC_OTP_START_PAGE * \ + MACRONIX_30LFXG18AC_OTP_PAGE_SIZE) +#define MACRONIX_30LFXG18AC_OTP_SIZE_BYTES \ + (MACRONIX_30LFXG18AC_OTP_PAGES * \ + MACRONIX_30LFXG18AC_OTP_PAGE_SIZE) + +#define MACRONIX_30LFXG18AC_OTP_EN BIT(0) +#define MACRONIX_30LFXG18AC_OTP_LOCKED BIT(1) + struct nand_onfi_vendor_macronix { u8 reserved; u8 reliability_func; @@ -316,6 +331,206 @@ static void macronix_nand_deep_power_down_support(struct nand_chip *chip) chip->ops.resume = mxic_nand_resume; } +static int macronix_30lfxg18ac_get_otp_info(struct mtd_info *mtd, size_t len, + size_t *retlen, + struct otp_info *buf) +{ + if (len < sizeof(*buf)) + return -EINVAL; + + /* Don't know how to check that OTP is locked. */ + buf->locked = 0; + buf->start = MACRONIX_30LFXG18AC_OTP_START_BYTE; + buf->length = MACRONIX_30LFXG18AC_OTP_SIZE_BYTES; + + *retlen = sizeof(*buf); + + return 0; +} + +static int macronix_30lfxg18ac_otp_enable(struct nand_chip *nand) +{ + u8 feature_buf[ONFI_SUBFEATURE_PARAM_LEN] = { 0 }; + + feature_buf[0] = MACRONIX_30LFXG18AC_OTP_EN; + return nand_set_features(nand, ONFI_FEATURE_ADDR_30LFXG18AC_OTP, + feature_buf); +} + +static int macronix_30lfxg18ac_otp_disable(struct nand_chip *nand) +{ + u8 feature_buf[ONFI_SUBFEATURE_PARAM_LEN] = { 0 }; + + return nand_set_features(nand, ONFI_FEATURE_ADDR_30LFXG18AC_OTP, + feature_buf); +} + +static int __macronix_30lfxg18ac_rw_otp(struct mtd_info *mtd, + loff_t offs_in_flash, + size_t len, size_t *retlen, + u_char *buf, bool write) +{ + struct nand_chip *nand; + size_t bytes_handled; + off_t offs_in_page; + void *dma_buf; + u64 page; + int ret; + + /* 'nand_prog/read_page_op()' may use 'buf' as DMA buffer, + * so allocate properly aligned memory for it. This is + * needed because cross page accesses may lead to unaligned + * buffer address for DMA. + */ + dma_buf = kmalloc(MACRONIX_30LFXG18AC_OTP_PAGE_SIZE, GFP_KERNEL); + if (!dma_buf) + return -ENOMEM; + + nand = mtd_to_nand(mtd); + nand_select_target(nand, 0); + + ret = macronix_30lfxg18ac_otp_enable(nand); + if (ret) + goto out_otp; + + page = offs_in_flash; + /* 'page' will be result of division. */ + offs_in_page = do_div(page, MACRONIX_30LFXG18AC_OTP_PAGE_SIZE); + bytes_handled = 0; + + while (bytes_handled < len && + page < MACRONIX_30LFXG18AC_OTP_PAGES) { + size_t bytes_to_handle; + + bytes_to_handle = min_t(size_t, len - bytes_handled, + MACRONIX_30LFXG18AC_OTP_PAGE_SIZE - + offs_in_page); + + if (write) { + memcpy(dma_buf, &buf[bytes_handled], bytes_to_handle); + ret = nand_prog_page_op(nand, page, offs_in_page, + dma_buf, bytes_to_handle); + } else { + ret = nand_read_page_op(nand, page, offs_in_page, + dma_buf, bytes_to_handle); + if (!ret) + memcpy(&buf[bytes_handled], dma_buf, + bytes_to_handle); + } + if (ret) + goto out_otp; + + bytes_handled += bytes_to_handle; + offs_in_page = 0; + page++; + } + + *retlen = bytes_handled; + +out_otp: + if (ret) + dev_err(&mtd->dev, "failed to perform OTP IO: %i\n", ret); + + ret = macronix_30lfxg18ac_otp_disable(nand); + if (ret) + dev_err(&mtd->dev, "failed to leave OTP mode after %s\n", + write ? "write" : "read"); + + nand_deselect_target(nand); + kfree(dma_buf); + + return ret; +} + +static int macronix_30lfxg18ac_write_otp(struct mtd_info *mtd, loff_t to, + size_t len, size_t *rlen, + const u_char *buf) +{ + return __macronix_30lfxg18ac_rw_otp(mtd, to, len, rlen, (u_char *)buf, + true); +} + +static int macronix_30lfxg18ac_read_otp(struct mtd_info *mtd, loff_t from, + size_t len, size_t *rlen, + u_char *buf) +{ + return __macronix_30lfxg18ac_rw_otp(mtd, from, len, rlen, buf, false); +} + +static int macronix_30lfxg18ac_lock_otp(struct mtd_info *mtd, loff_t from, + size_t len) +{ + u8 feature_buf[ONFI_SUBFEATURE_PARAM_LEN] = { 0 }; + struct nand_chip *nand; + int ret; + + if (from != MACRONIX_30LFXG18AC_OTP_START_BYTE || + len != MACRONIX_30LFXG18AC_OTP_SIZE_BYTES) + return -EINVAL; + + dev_dbg(&mtd->dev, "locking OTP\n"); + + nand = mtd_to_nand(mtd); + nand_select_target(nand, 0); + + feature_buf[0] = MACRONIX_30LFXG18AC_OTP_EN | + MACRONIX_30LFXG18AC_OTP_LOCKED; + ret = nand_set_features(nand, ONFI_FEATURE_ADDR_30LFXG18AC_OTP, + feature_buf); + if (ret) { + dev_err(&mtd->dev, + "failed to lock OTP (set features): %i\n", ret); + nand_deselect_target(nand); + return ret; + } + + /* Do dummy page prog with zero address. */ + feature_buf[0] = 0; + ret = nand_prog_page_op(nand, 0, 0, feature_buf, 1); + if (ret) + dev_err(&mtd->dev, + "failed to lock OTP (page prog): %i\n", ret); + + ret = macronix_30lfxg18ac_otp_disable(nand); + if (ret) + dev_err(&mtd->dev, "failed to leave OTP mode after lock\n"); + + nand_deselect_target(nand); + + return ret; +} + +static void macronix_nand_setup_otp(struct nand_chip *chip) +{ + static const char * const supported_otp_models[] = { + "MX30LF1G18AC", + "MX30LF2G18AC", + "MX30LF4G18AC", + }; + struct mtd_info *mtd; + + if (match_string(supported_otp_models, + ARRAY_SIZE(supported_otp_models), + chip->parameters.model) < 0) + return; + + if (!chip->parameters.supports_set_get_features) + return; + + bitmap_set(chip->parameters.get_feature_list, + ONFI_FEATURE_ADDR_30LFXG18AC_OTP, 1); + bitmap_set(chip->parameters.set_feature_list, + ONFI_FEATURE_ADDR_30LFXG18AC_OTP, 1); + + mtd = nand_to_mtd(chip); + mtd->_get_fact_prot_info = macronix_30lfxg18ac_get_otp_info; + mtd->_read_fact_prot_reg = macronix_30lfxg18ac_read_otp; + mtd->_get_user_prot_info = macronix_30lfxg18ac_get_otp_info; + mtd->_read_user_prot_reg = macronix_30lfxg18ac_read_otp; + mtd->_write_user_prot_reg = macronix_30lfxg18ac_write_otp; + mtd->_lock_user_prot_reg = macronix_30lfxg18ac_lock_otp; +} + static int macronix_nand_init(struct nand_chip *chip) { if (nand_is_slc(chip)) @@ -325,6 +540,7 @@ static int macronix_nand_init(struct nand_chip *chip) macronix_nand_onfi_init(chip); macronix_nand_block_protection_support(chip); macronix_nand_deep_power_down_support(chip); + macronix_nand_setup_otp(chip); return 0; } -- 2.35.0

1 year, 7 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig