ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-26 22:29:33 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
openwrt/target/linux/bcm27xx/patches-6.6/950-1361-drivers-usb-xhci-prevent-a-theoretical-race-on-non-c.patch
John Audia 220860ef4c kernel: bump 6.6 to 6.6.70 
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.70

Removed upstreamed:
	generic/backport-6.6/902-net-llc-reset-skb-transport_header.patch[1]
	generic/pending-6.6/605-netfilter-nft_set_hash-unaligned-atomic-read-on-stru.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.70&id=0c896816aa193e6459fc947747e5753c06b395b9
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.70&id=4f49349c1963e507aa37c1ec05178faeb0103959

Build system: x86/64
Build-tested: bcm27xx/bcm2712, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3
Run-tested: bcm27xx/bcm2712, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17545
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit efafd7d47f8fa26a9f99283605c9324a833ef852)
2025-01-12 21:43:35 +01:00

51 lines
2.0 KiB
Diff
Raw Blame History

From e9e852af347ae3ccee4e7abb01f9ef91387980f9 Mon Sep 17 00:00:00 2001
From: Jonathan Bell <jonathan@raspberrypi.com>
Date: Wed, 6 Nov 2024 11:07:55 +0000
Subject: [PATCH] drivers: usb: xhci: prevent a theoretical race on
non-coherent platforms
For platforms that have xHCI controllers attached over PCIe, and
non-coherent routes to main memory, a theoretical race exists between
posting new TRBs to a ring, and writing to the doorbell register.
In a contended system, write traffic from the CPU may be stalled before
the memory controller, whereas the CPU to Endpoint route is separate
and not likely to be contended. Similarly, the DMA route from the
endpoint to main memory may be separate and uncontended.
Therefore the xHCI can receive a doorbell write and find a stale view
of a transfer ring. In cases where only a single TRB is ping-ponged at
a time, this can cause the endpoint to not get polled at all.
Adding a readl() before the write forces a round-trip transaction
across PCIe, definitively serialising the CPU along the PCI
producer-consumer ordering rules.
Signed-off-by: Jonathan Bell <jonathan@raspberrypi.com>
---
drivers/usb/host/xhci-ring.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -506,6 +506,19 @@ void xhci_ring_ep_doorbell(struct xhci_h
trace_xhci_ring_ep_doorbell(slot_id, DB_VALUE(ep_index, stream_id));
+ /*
+ * For non-coherent systems with PCIe DMA (such as Pi 4, Pi 5) there
+ * is a theoretical race between the TRB write and barrier, which
+ * is reported complete as soon as the write leaves the CPU domain,
+ * the doorbell write, which may be reported as complete by the RC
+ * at some arbitrary point, and the visibility of new TRBs in system
+ * RAM by the endpoint DMA engine.
+ *
+ * This read before the write positively serialises the CPU state
+ * by incurring a round-trip across the link.
+ */
+ readl(db_addr);
+
writel(DB_VALUE(ep_index, stream_id), db_addr);
/* flush the write */
readl(db_addr);
Reference in New Issue View Git Blame Copy Permalink