| Message ID | 4b778dbcfd1fc40140292166834f13e8d5b8e4d2.1682575115.git.quic_nguyenb@quicinc.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v1,1/1] scsi: ufs: core: correct utp_transfer_cmd_desc size | expand |
> When allocating memory for the UTP Command Descriptor > hba->ucdl_base_addr in ufshcd_memory_alloc(), the macro > sizeof_utp_transfer_cmd_desc() is used to calculate the size of the memory > allocation. This macro includes the prd_table as part of the UTP Command > Descriptor memory. However, when freeing this memory in the > ufshcd_release_sdb_queue(), the sizeof(struct utp_transfer_cmd_desc) is > used, and it does not include the prd_table size for the memory to be freed. > This results in a mismatch of memory size allocated/freed. > > Similarly, the ufshcd_mcq_get_tag() incorrectly uses the sizeof(struct > utp_transfer_cmd_desc) to find the tag number. > This results in failing to probe. > > Signed-off-by: Bao D. Nguyen <quic_nguyenb@quicinc.com> Looks like this fix is suggested here as well - https://www.spinics.net/lists/linux-scsi/msg184092.html Thanks, Avri > --- > drivers/ufs/core/ufs-mcq.c | 2 +- > drivers/ufs/core/ufshcd.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index > 202ff71..b7c5f39 100644 > --- a/drivers/ufs/core/ufs-mcq.c > +++ b/drivers/ufs/core/ufs-mcq.c > @@ -265,7 +265,7 @@ static int ufshcd_mcq_get_tag(struct ufs_hba *hba, > addr = (le64_to_cpu(cqe->command_desc_base_addr) & CQE_UCD_BA) - > hba->ucdl_dma_addr; > > - return div_u64(addr, sizeof(struct utp_transfer_cmd_desc)); > + return div_u64(addr, sizeof_utp_transfer_cmd_desc(hba)); > } > > static void ufshcd_mcq_process_cqe(struct ufs_hba *hba, diff --git > a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index > 9434328..b009e55 100644 > --- a/drivers/ufs/core/ufshcd.c > +++ b/drivers/ufs/core/ufshcd.c > @@ -8444,7 +8444,7 @@ static void ufshcd_release_sdb_queue(struct > ufs_hba *hba, int nutrs) { > size_t ucdl_size, utrdl_size; > > - ucdl_size = sizeof(struct utp_transfer_cmd_desc) * nutrs; > + ucdl_size = sizeof_utp_transfer_cmd_desc(hba) * nutrs; > dmam_free_coherent(hba->dev, ucdl_size, hba->ucdl_base_addr, > hba->ucdl_dma_addr); > > -- > 2.7.4
On 4/27/2023 2:57 AM, Avri Altman wrote: >> When allocating memory for the UTP Command Descriptor >> hba->ucdl_base_addr in ufshcd_memory_alloc(), the macro >> sizeof_utp_transfer_cmd_desc() is used to calculate the size of the memory >> allocation. This macro includes the prd_table as part of the UTP Command >> Descriptor memory. However, when freeing this memory in the >> ufshcd_release_sdb_queue(), the sizeof(struct utp_transfer_cmd_desc) is >> used, and it does not include the prd_table size for the memory to be freed. >> This results in a mismatch of memory size allocated/freed. >> >> Similarly, the ufshcd_mcq_get_tag() incorrectly uses the sizeof(struct >> utp_transfer_cmd_desc) to find the tag number. >> This results in failing to probe. >> >> Signed-off-by: Bao D. Nguyen <quic_nguyenb@quicinc.com> > Looks like this fix is suggested here as well - > https://www.spinics.net/lists/linux-scsi/msg184092.html Hi Avri, Thanks. Yes, that patch should cover half of the issues raised by my patch. Let me request the owner to include the change in ufshcd_release_sdb_queue() as well. > Thanks, > Avri > >> --- >> drivers/ufs/core/ufs-mcq.c | 2 +- >> drivers/ufs/core/ufshcd.c | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index >> 202ff71..b7c5f39 100644 >> --- a/drivers/ufs/core/ufs-mcq.c >> +++ b/drivers/ufs/core/ufs-mcq.c >> @@ -265,7 +265,7 @@ static int ufshcd_mcq_get_tag(struct ufs_hba *hba, >> addr = (le64_to_cpu(cqe->command_desc_base_addr) & CQE_UCD_BA) - >> hba->ucdl_dma_addr; >> >> - return div_u64(addr, sizeof(struct utp_transfer_cmd_desc)); >> + return div_u64(addr, sizeof_utp_transfer_cmd_desc(hba)); >> } >> >> static void ufshcd_mcq_process_cqe(struct ufs_hba *hba, diff --git >> a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index >> 9434328..b009e55 100644 >> --- a/drivers/ufs/core/ufshcd.c >> +++ b/drivers/ufs/core/ufshcd.c >> @@ -8444,7 +8444,7 @@ static void ufshcd_release_sdb_queue(struct >> ufs_hba *hba, int nutrs) { >> size_t ucdl_size, utrdl_size; >> >> - ucdl_size = sizeof(struct utp_transfer_cmd_desc) * nutrs; >> + ucdl_size = sizeof_utp_transfer_cmd_desc(hba) * nutrs; >> dmam_free_coherent(hba->dev, ucdl_size, hba->ucdl_base_addr, >> hba->ucdl_dma_addr); >> >> -- >> 2.7.4
diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 202ff71..b7c5f39 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -265,7 +265,7 @@ static int ufshcd_mcq_get_tag(struct ufs_hba *hba, addr = (le64_to_cpu(cqe->command_desc_base_addr) & CQE_UCD_BA) - hba->ucdl_dma_addr; - return div_u64(addr, sizeof(struct utp_transfer_cmd_desc)); + return div_u64(addr, sizeof_utp_transfer_cmd_desc(hba)); } static void ufshcd_mcq_process_cqe(struct ufs_hba *hba, diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 9434328..b009e55 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -8444,7 +8444,7 @@ static void ufshcd_release_sdb_queue(struct ufs_hba *hba, int nutrs) { size_t ucdl_size, utrdl_size; - ucdl_size = sizeof(struct utp_transfer_cmd_desc) * nutrs; + ucdl_size = sizeof_utp_transfer_cmd_desc(hba) * nutrs; dmam_free_coherent(hba->dev, ucdl_size, hba->ucdl_base_addr, hba->ucdl_dma_addr);
When allocating memory for the UTP Command Descriptor hba->ucdl_base_addr in ufshcd_memory_alloc(), the macro sizeof_utp_transfer_cmd_desc() is used to calculate the size of the memory allocation. This macro includes the prd_table as part of the UTP Command Descriptor memory. However, when freeing this memory in the ufshcd_release_sdb_queue(), the sizeof(struct utp_transfer_cmd_desc) is used, and it does not include the prd_table size for the memory to be freed. This results in a mismatch of memory size allocated/freed. Similarly, the ufshcd_mcq_get_tag() incorrectly uses the sizeof(struct utp_transfer_cmd_desc) to find the tag number. This results in failing to probe. Signed-off-by: Bao D. Nguyen <quic_nguyenb@quicinc.com> --- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)